* [PATCH] clk_register_clkdev: handle callers needing format string
@ 2015-07-24 23:20 Kees Cook
2015-07-31 9:13 ` Tomeu Vizoso
0 siblings, 1 reply; 7+ messages in thread
From: Kees Cook @ 2015-07-24 23:20 UTC (permalink / raw)
To: akpm; +Cc: linux-kernel, linux-clk
Many callers either use NULL or const strings for the third argument of
clk_register_clkdev. For those that do not, this is a risk for format
strings being accidentally processed (for example in device names). This
adds the missing "%s" arguments to make sure format strings will not leak
into the clkdev.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/mach-vexpress/spc.c | 2 +-
arch/powerpc/platforms/512x/clock-commonclk.c | 4 ++--
drivers/acpi/acpi_apd.c | 3 ++-
drivers/acpi/acpi_lpss.c | 2 +-
drivers/clk/clk-mb86s7x.c | 2 +-
drivers/clk/clk-moxart.c | 4 ++--
drivers/clk/samsung/clk-pll.c | 2 +-
drivers/clk/samsung/clk.c | 9 +++++----
drivers/clk/tegra/clk-tegra-pmc.c | 2 +-
drivers/clk/tegra/clk.c | 2 +-
10 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/arch/arm/mach-vexpress/spc.c b/arch/arm/mach-vexpress/spc.c
index 5766ce2be32b..b9e953824775 100644
--- a/arch/arm/mach-vexpress/spc.c
+++ b/arch/arm/mach-vexpress/spc.c
@@ -577,7 +577,7 @@ static int __init ve_spc_clk_init(void)
pr_warn("failed to register cpu%d clock\n", cpu);
continue;
}
- if (clk_register_clkdev(clk, NULL, dev_name(cpu_dev))) {
+ if (clk_register_clkdev(clk, NULL, "%s", dev_name(cpu_dev))) {
pr_warn("failed to register cpu%d clock lookup\n", cpu);
continue;
}
diff --git a/arch/powerpc/platforms/512x/clock-commonclk.c b/arch/powerpc/platforms/512x/clock-commonclk.c
index f691bcabd710..8f35949e3365 100644
--- a/arch/powerpc/platforms/512x/clock-commonclk.c
+++ b/arch/powerpc/platforms/512x/clock-commonclk.c
@@ -992,9 +992,9 @@ static void mpc5121_clk_provide_migration_support(void)
clk = of_clk_get_by_name(np, clkname); \
if (IS_ERR(clk)) { \
clk = clkitem; \
- clk_register_clkdev(clk, clkname, devname); \
+ clk_register_clkdev(clk, clkname, "%s", devname); \
if (regnode) \
- clk_register_clkdev(clk, clkname, np->name); \
+ clk_register_clkdev(clk, clkname, "%s", np->name); \
did_register |= DID_REG_ ## regflag; \
pr_debug("clock alias name '%s' for dev '%s' pointer %p\n", \
clkname, devname, clk); \
diff --git a/drivers/acpi/acpi_apd.c b/drivers/acpi/acpi_apd.c
index 3984ea96e5f7..c6af5d0da99f 100644
--- a/drivers/acpi/acpi_apd.c
+++ b/drivers/acpi/acpi_apd.c
@@ -65,7 +65,8 @@ static int acpi_apd_setup(struct apd_private_data *pdata)
dev_name(&pdata->adev->dev),
NULL, CLK_IS_ROOT,
dev_desc->fixed_clk_rate);
- clk_register_clkdev(clk, NULL, dev_name(&pdata->adev->dev));
+ clk_register_clkdev(clk, NULL, "%s",
+ dev_name(&pdata->adev->dev));
pdata->clk = clk;
}
diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c
index 46b58abb08c5..abea2b14cf90 100644
--- a/drivers/acpi/acpi_lpss.c
+++ b/drivers/acpi/acpi_lpss.c
@@ -316,7 +316,7 @@ out:
return PTR_ERR(clk);
pdata->clk = clk;
- clk_register_clkdev(clk, dev_desc->clk_con_id, devname);
+ clk_register_clkdev(clk, dev_desc->clk_con_id, "%s", devname);
return 0;
}
diff --git a/drivers/clk/clk-mb86s7x.c b/drivers/clk/clk-mb86s7x.c
index f39c25a22f43..1e2d8fca3daf 100644
--- a/drivers/clk/clk-mb86s7x.c
+++ b/drivers/clk/clk-mb86s7x.c
@@ -370,7 +370,7 @@ static int mb86s7x_clclk_of_init(void)
pr_err("failed to register cpu%d clock\n", cpu);
continue;
}
- if (clk_register_clkdev(clk, NULL, dev_name(cpu_dev))) {
+ if (clk_register_clkdev(clk, NULL, "%s", dev_name(cpu_dev))) {
pr_err("failed to register cpu%d clock lookup\n", cpu);
continue;
}
diff --git a/drivers/clk/clk-moxart.c b/drivers/clk/clk-moxart.c
index 5181b89c3cb2..1928c9e2f005 100644
--- a/drivers/clk/clk-moxart.c
+++ b/drivers/clk/clk-moxart.c
@@ -47,7 +47,7 @@ static void __init moxart_of_pll_clk_init(struct device_node *node)
return;
}
- clk_register_clkdev(clk, NULL, name);
+ clk_register_clkdev(clk, NULL, "%s", name);
of_clk_add_provider(node, of_clk_src_simple_get, clk);
}
CLK_OF_DECLARE(moxart_pll_clock, "moxa,moxart-pll-clock",
@@ -90,7 +90,7 @@ static void __init moxart_of_apb_clk_init(struct device_node *node)
return;
}
- clk_register_clkdev(clk, NULL, name);
+ clk_register_clkdev(clk, NULL, "%s", name);
of_clk_add_provider(node, of_clk_src_simple_get, clk);
}
CLK_OF_DECLARE(moxart_apb_clock, "moxa,moxart-apb-clock",
diff --git a/drivers/clk/samsung/clk-pll.c b/drivers/clk/samsung/clk-pll.c
index bebc61b5fce1..765153ea7a9d 100644
--- a/drivers/clk/samsung/clk-pll.c
+++ b/drivers/clk/samsung/clk-pll.c
@@ -1296,7 +1296,7 @@ static void __init _samsung_clk_register_pll(struct samsung_clk_provider *ctx,
if (!pll_clk->alias)
return;
- ret = clk_register_clkdev(clk, pll_clk->alias, pll_clk->dev_name);
+ ret = clk_register_clkdev(clk, pll_clk->alias, "%s", pll_clk->dev_name);
if (ret)
pr_err("%s: failed to register lookup for %s : %d",
__func__, pll_clk->name, ret);
diff --git a/drivers/clk/samsung/clk.c b/drivers/clk/samsung/clk.c
index 0117238391d6..6997f988c850 100644
--- a/drivers/clk/samsung/clk.c
+++ b/drivers/clk/samsung/clk.c
@@ -123,7 +123,8 @@ void __init samsung_clk_register_alias(struct samsung_clk_provider *ctx,
continue;
}
- ret = clk_register_clkdev(clk, list->alias, list->dev_name);
+ ret = clk_register_clkdev(clk, list->alias, "%s",
+ list->dev_name);
if (ret)
pr_err("%s: failed to register lookup %s\n",
__func__, list->alias);
@@ -203,7 +204,7 @@ void __init samsung_clk_register_mux(struct samsung_clk_provider *ctx,
/* register a clock lookup only if a clock alias is specified */
if (list->alias) {
- ret = clk_register_clkdev(clk, list->alias,
+ ret = clk_register_clkdev(clk, list->alias, "%s",
list->dev_name);
if (ret)
pr_err("%s: failed to register lookup %s\n",
@@ -242,7 +243,7 @@ void __init samsung_clk_register_div(struct samsung_clk_provider *ctx,
/* register a clock lookup only if a clock alias is specified */
if (list->alias) {
- ret = clk_register_clkdev(clk, list->alias,
+ ret = clk_register_clkdev(clk, list->alias, "%s",
list->dev_name);
if (ret)
pr_err("%s: failed to register lookup %s\n",
@@ -271,7 +272,7 @@ void __init samsung_clk_register_gate(struct samsung_clk_provider *ctx,
/* register a clock lookup only if a clock alias is specified */
if (list->alias) {
- ret = clk_register_clkdev(clk, list->alias,
+ ret = clk_register_clkdev(clk, list->alias, "%s",
list->dev_name);
if (ret)
pr_err("%s: failed to register lookup %s\n",
diff --git a/drivers/clk/tegra/clk-tegra-pmc.c b/drivers/clk/tegra/clk-tegra-pmc.c
index 08b21c1ee867..d36effd97935 100644
--- a/drivers/clk/tegra/clk-tegra-pmc.c
+++ b/drivers/clk/tegra/clk-tegra-pmc.c
@@ -110,7 +110,7 @@ void __init tegra_pmc_clk_init(void __iomem *pmc_base,
0, pmc_base + PMC_CLK_OUT_CNTRL,
data->gate_shift, 0, &clk_out_lock);
*dt_clk = clk;
- clk_register_clkdev(clk, data->dev_name, data->gate_name);
+ clk_register_clkdev(clk, data->dev_name, "%s", data->gate_name);
}
/* blink */
diff --git a/drivers/clk/tegra/clk.c b/drivers/clk/tegra/clk.c
index 41cd87c67be6..97d9fb7e89ad 100644
--- a/drivers/clk/tegra/clk.c
+++ b/drivers/clk/tegra/clk.c
@@ -296,7 +296,7 @@ void __init tegra_register_devclks(struct tegra_devclk *dev_clks, int num)
for (i = 0; i < num; i++, dev_clks++)
clk_register_clkdev(clks[dev_clks->dt_id], dev_clks->con_id,
- dev_clks->dev_id);
+ "%s", dev_clks->dev_id);
for (i = 0; i < clk_num; i++) {
if (!IS_ERR_OR_NULL(clks[i]))
--
1.9.1
--
Kees Cook
Chrome OS Security
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] clk_register_clkdev: handle callers needing format string
2015-07-24 23:20 [PATCH] clk_register_clkdev: handle callers needing format string Kees Cook
@ 2015-07-31 9:13 ` Tomeu Vizoso
2015-07-31 19:03 ` Kees Cook
0 siblings, 1 reply; 7+ messages in thread
From: Tomeu Vizoso @ 2015-07-31 9:13 UTC (permalink / raw)
To: Kees Cook; +Cc: akpm, linux-kernel, linux-clk
On 25 July 2015 at 01:20, Kees Cook <keescook@chromium.org> wrote:
> Many callers either use NULL or const strings for the third argument of
> clk_register_clkdev. For those that do not, this is a risk for format
> strings being accidentally processed (for example in device names). This
> adds the missing "%s" arguments to make sure format strings will not leak
> into the clkdev.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
[...]
> diff --git a/drivers/clk/tegra/clk.c b/drivers/clk/tegra/clk.c
> index 41cd87c67be6..97d9fb7e89ad 100644
> --- a/drivers/clk/tegra/clk.c
> +++ b/drivers/clk/tegra/clk.c
> @@ -296,7 +296,7 @@ void __init tegra_register_devclks(struct tegra_devclk *dev_clks, int num)
>
> for (i = 0; i < num; i++, dev_clks++)
> clk_register_clkdev(clks[dev_clks->dt_id], dev_clks->con_id,
> - dev_clks->dev_id);
> + "%s", dev_clks->dev_id);
This causes clocks to be registered with a dev_id string of "(null)",
which is causing lookups that used to succeed before to fail.
Regards,
Tomeu
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] clk_register_clkdev: handle callers needing format string
2015-07-31 9:13 ` Tomeu Vizoso
@ 2015-07-31 19:03 ` Kees Cook
2015-08-05 13:09 ` Tomeu Vizoso
0 siblings, 1 reply; 7+ messages in thread
From: Kees Cook @ 2015-07-31 19:03 UTC (permalink / raw)
To: Tomeu Vizoso; +Cc: Andrew Morton, linux-kernel, linux-clk
On Fri, Jul 31, 2015 at 2:13 AM, Tomeu Vizoso <tomeu@tomeuvizoso.net> wrote:
> On 25 July 2015 at 01:20, Kees Cook <keescook@chromium.org> wrote:
>> Many callers either use NULL or const strings for the third argument of
>> clk_register_clkdev. For those that do not, this is a risk for format
>> strings being accidentally processed (for example in device names). This
>> adds the missing "%s" arguments to make sure format strings will not leak
>> into the clkdev.
>>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>
> [...]
>
>> diff --git a/drivers/clk/tegra/clk.c b/drivers/clk/tegra/clk.c
>> index 41cd87c67be6..97d9fb7e89ad 100644
>> --- a/drivers/clk/tegra/clk.c
>> +++ b/drivers/clk/tegra/clk.c
>> @@ -296,7 +296,7 @@ void __init tegra_register_devclks(struct tegra_devclk *dev_clks, int num)
>>
>> for (i = 0; i < num; i++, dev_clks++)
>> clk_register_clkdev(clks[dev_clks->dt_id], dev_clks->con_id,
>> - dev_clks->dev_id);
>> + "%s", dev_clks->dev_id);
>
> This causes clocks to be registered with a dev_id string of "(null)",
> which is causing lookups that used to succeed before to fail.
Oh yuck. Yeah, clk_register_clkdev handles a NULL argument differently
than other format-string style functions. Using
clk_register_clkdev(..., dev_clks->dev_id ? "%s" : NULL,
dev_clks->dev_id) seems really ugly to work around this, though.
Perhaps the format string capability should be removed?
-Kees
--
Kees Cook
Chrome OS Security
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] clk_register_clkdev: handle callers needing format string
2015-07-31 19:03 ` Kees Cook
@ 2015-08-05 13:09 ` Tomeu Vizoso
2015-09-03 7:57 ` Tomeu Vizoso
0 siblings, 1 reply; 7+ messages in thread
From: Tomeu Vizoso @ 2015-08-05 13:09 UTC (permalink / raw)
To: Kees Cook; +Cc: Andrew Morton, linux-kernel, linux-clk
On 31 July 2015 at 21:03, Kees Cook <keescook@chromium.org> wrote:
> On Fri, Jul 31, 2015 at 2:13 AM, Tomeu Vizoso <tomeu@tomeuvizoso.net> wrote:
>> On 25 July 2015 at 01:20, Kees Cook <keescook@chromium.org> wrote:
>>> Many callers either use NULL or const strings for the third argument of
>>> clk_register_clkdev. For those that do not, this is a risk for format
>>> strings being accidentally processed (for example in device names). This
>>> adds the missing "%s" arguments to make sure format strings will not leak
>>> into the clkdev.
>>>
>>> Signed-off-by: Kees Cook <keescook@chromium.org>
>>> ---
>>
>> [...]
>>
>>> diff --git a/drivers/clk/tegra/clk.c b/drivers/clk/tegra/clk.c
>>> index 41cd87c67be6..97d9fb7e89ad 100644
>>> --- a/drivers/clk/tegra/clk.c
>>> +++ b/drivers/clk/tegra/clk.c
>>> @@ -296,7 +296,7 @@ void __init tegra_register_devclks(struct tegra_devclk *dev_clks, int num)
>>>
>>> for (i = 0; i < num; i++, dev_clks++)
>>> clk_register_clkdev(clks[dev_clks->dt_id], dev_clks->con_id,
>>> - dev_clks->dev_id);
>>> + "%s", dev_clks->dev_id);
>>
>> This causes clocks to be registered with a dev_id string of "(null)",
>> which is causing lookups that used to succeed before to fail.
>
> Oh yuck. Yeah, clk_register_clkdev handles a NULL argument differently
> than other format-string style functions. Using
> clk_register_clkdev(..., dev_clks->dev_id ? "%s" : NULL,
> dev_clks->dev_id) seems really ugly to work around this, though.
> Perhaps the format string capability should be removed?
Yeah, that sounds good to me. At least, I don't see as that good of an
idea to save a few lines of code by making the API so prone to
mistakes.
Could this patch be removed from linux-next in the meantime?
Thanks,
Tomeu
> -Kees
>
> --
> Kees Cook
> Chrome OS Security
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] clk_register_clkdev: handle callers needing format string
2015-08-05 13:09 ` Tomeu Vizoso
@ 2015-09-03 7:57 ` Tomeu Vizoso
2015-09-03 17:34 ` Stephen Boyd
0 siblings, 1 reply; 7+ messages in thread
From: Tomeu Vizoso @ 2015-09-03 7:57 UTC (permalink / raw)
To: Kees Cook
Cc: Andrew Morton, linux-kernel, linux-clk, Stephen Boyd, Michael Turquette
On 5 August 2015 at 15:09, Tomeu Vizoso <tomeu@tomeuvizoso.net> wrote:
> On 31 July 2015 at 21:03, Kees Cook <keescook@chromium.org> wrote:
>> On Fri, Jul 31, 2015 at 2:13 AM, Tomeu Vizoso <tomeu@tomeuvizoso.net> wrote:
>>> On 25 July 2015 at 01:20, Kees Cook <keescook@chromium.org> wrote:
>>>> Many callers either use NULL or const strings for the third argument of
>>>> clk_register_clkdev. For those that do not, this is a risk for format
>>>> strings being accidentally processed (for example in device names). This
>>>> adds the missing "%s" arguments to make sure format strings will not leak
>>>> into the clkdev.
>>>>
>>>> Signed-off-by: Kees Cook <keescook@chromium.org>
>>>> ---
>>>
>>> [...]
>>>
>>>> diff --git a/drivers/clk/tegra/clk.c b/drivers/clk/tegra/clk.c
>>>> index 41cd87c67be6..97d9fb7e89ad 100644
>>>> --- a/drivers/clk/tegra/clk.c
>>>> +++ b/drivers/clk/tegra/clk.c
>>>> @@ -296,7 +296,7 @@ void __init tegra_register_devclks(struct tegra_devclk *dev_clks, int num)
>>>>
>>>> for (i = 0; i < num; i++, dev_clks++)
>>>> clk_register_clkdev(clks[dev_clks->dt_id], dev_clks->con_id,
>>>> - dev_clks->dev_id);
>>>> + "%s", dev_clks->dev_id);
>>>
>>> This causes clocks to be registered with a dev_id string of "(null)",
>>> which is causing lookups that used to succeed before to fail.
>>
>> Oh yuck. Yeah, clk_register_clkdev handles a NULL argument differently
>> than other format-string style functions. Using
>> clk_register_clkdev(..., dev_clks->dev_id ? "%s" : NULL,
>> dev_clks->dev_id) seems really ugly to work around this, though.
>> Perhaps the format string capability should be removed?
>
> Yeah, that sounds good to me. At least, I don't see as that good of an
> idea to save a few lines of code by making the API so prone to
> mistakes.
>
> Could this patch be removed from linux-next in the meantime?
Stephen, Mike,
the Tegra portion of this patch is wrong because it registers some
clocks with a dev_id of "(null)", which is really inconvenient when
debugging because one cannot tell from the logs if it's NULL or that
actual string.
Could this be reverted?
Thanks,
Tomeu
> Thanks,
>
> Tomeu
>
>> -Kees
>>
>> --
>> Kees Cook
>> Chrome OS Security
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] clk_register_clkdev: handle callers needing format string
2015-09-03 7:57 ` Tomeu Vizoso
@ 2015-09-03 17:34 ` Stephen Boyd
2015-09-04 5:17 ` Tomeu Vizoso
0 siblings, 1 reply; 7+ messages in thread
From: Stephen Boyd @ 2015-09-03 17:34 UTC (permalink / raw)
To: Tomeu Vizoso
Cc: Kees Cook, Andrew Morton, linux-kernel, linux-clk, Michael Turquette
On 09/03, Tomeu Vizoso wrote:
> On 5 August 2015 at 15:09, Tomeu Vizoso <tomeu@tomeuvizoso.net> wrote:
> >
> > Could this patch be removed from linux-next in the meantime?
>
> Stephen, Mike,
>
> the Tegra portion of this patch is wrong because it registers some
> clocks with a dev_id of "(null)", which is really inconvenient when
> debugging because one cannot tell from the logs if it's NULL or that
> actual string.
>
> Could this be reverted?
Was this patch applied somewhere? clkdev is maintained by
Russell, so Mike and I didn't apply this patch to begin with.
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] clk_register_clkdev: handle callers needing format string
2015-09-03 17:34 ` Stephen Boyd
@ 2015-09-04 5:17 ` Tomeu Vizoso
0 siblings, 0 replies; 7+ messages in thread
From: Tomeu Vizoso @ 2015-09-04 5:17 UTC (permalink / raw)
To: Stephen Boyd
Cc: Kees Cook, Andrew Morton, linux-kernel, linux-clk, Michael Turquette
On 3 September 2015 at 19:34, Stephen Boyd <sboyd@codeaurora.org> wrote:
> On 09/03, Tomeu Vizoso wrote:
>> On 5 August 2015 at 15:09, Tomeu Vizoso <tomeu@tomeuvizoso.net> wrote:
>> >
>> > Could this patch be removed from linux-next in the meantime?
>>
>> Stephen, Mike,
>>
>> the Tegra portion of this patch is wrong because it registers some
>> clocks with a dev_id of "(null)", which is really inconvenient when
>> debugging because one cannot tell from the logs if it's NULL or that
>> actual string.
>>
>> Could this be reverted?
>
> Was this patch applied somewhere? clkdev is maintained by
> Russell, so Mike and I didn't apply this patch to begin with.
Sorry about that, it came into -next via mmotm.
Regards,
Tomeu
> --
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
> a Linux Foundation Collaborative Project
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-09-04 5:17 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-24 23:20 [PATCH] clk_register_clkdev: handle callers needing format string Kees Cook
2015-07-31 9:13 ` Tomeu Vizoso
2015-07-31 19:03 ` Kees Cook
2015-08-05 13:09 ` Tomeu Vizoso
2015-09-03 7:57 ` Tomeu Vizoso
2015-09-03 17:34 ` Stephen Boyd
2015-09-04 5:17 ` Tomeu Vizoso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.