Re: pinctrl: samsung: Out-of-bounds access through DT aliases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 20, 2018 at 11:06 AM, Geert Uytterhoeven
<geert@xxxxxxxxxxxxxx> wrote:
> Hi,
>
> The Samsung pinctrl driver uses the "pinctrlN" alias from DT without performing
> any validation on the returned index, which may lead to out-of-bounds accesses
> in the SoC-specific samsung_pin_ctrl[] arrays:
>
> drivers/pinctrl/samsung/pinctrl-samsung.c:samsung_pinctrl_get_soc_data():
>
>         id = of_alias_get_id(node, "pinctrl");
>         if (id < 0) {
>                 dev_err(&pdev->dev, "failed to get alias id\n");
>                 return ERR_PTR(-ENOENT);
>         }
>         ctrl = of_device_get_match_data(&pdev->dev);
>         // FIXME out-of-bounds access, limit not known
>         ctrl += id;

Hi Geert,

Indeed, lack of validation with wrong DT will cause out-of-bounds
accesses. This might be also an issue when using out-of-tree DTBs.

I'll take a look at possible fix.

Thanks for report, much appreciated!

Best regards,
Krzysztof
--
To unsubscribe from this list: send the line "unsubscribe linux-gpio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux SPI]     [Linux Kernel]     [Linux ARM (vger)]     [Linux ARM MSM]     [Linux Omap]     [Linux Arm]     [Linux Tegra]     [Fedora ARM]     [Linux for Samsung SOC]     [eCos]     [Linux Fastboot]     [Gcc Help]     [Git]     [DCCP]     [IETF Announce]     [Security]     [Linux MIPS]     [Yosemite Campsites]

  Powered by Linux