From: Frans Klaver <fransklaver@gmail.com>
To: Darren Hart <dvhart@infradead.org>
Cc: Frans Klaver <fransklaver@gmail.com>,
Corentin Chary <corentin.chary@gmail.com>,
Rafael Wysocki <rafael.j.wysocki@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
acpi4asus-user@lists.sourceforge.net,
platform-driver-x86@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 09/13] eeepc-laptop: make fan1_input really read-only
Date: Sat, 13 Sep 2014 01:06:48 +0200 [thread overview]
Message-ID: <1410563212-31565-10-git-send-email-fransklaver@gmail.com> (raw)
In-Reply-To: <1410563212-31565-1-git-send-email-fransklaver@gmail.com>
In the instantiation of the fan1_input device attribute, NULL is passed
as set function to store_sys_hwmon. The function pointer is never
checked before dereferencing it. This is fine if we can guarantee that
it will never be called with an invalid pointer, but we can't. If
someone from user space decides to change the permissions on this
attribute and write to it, kernel will crash.
Introduce EEEPC_CREATE_SENSOR_ATTR_RO() to instantiate a read-only
attribute, and declare fan1_input with it. This ensures store_sys_hwmon
is never called with NULL parameters. If someone tries to write the
attribute, the system will at least keep its sanity.
Signed-off-by: Frans Klaver <fransklaver@gmail.com>
---
drivers/platform/x86/eeepc-laptop.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/eeepc-laptop.c b/drivers/platform/x86/eeepc-laptop.c
index fbaa4d5..47488d3 100644
--- a/drivers/platform/x86/eeepc-laptop.c
+++ b/drivers/platform/x86/eeepc-laptop.c
@@ -1060,7 +1060,11 @@ static ssize_t show_sys_hwmon(int (*get)(void), char *buf)
EEEPC_SENSOR_STORE_FUNC(_name, _set) \
static DEVICE_ATTR(_name, _mode, show_##_name, store_##_name)
-EEEPC_CREATE_SENSOR_ATTR(fan1_input, S_IRUGO, eeepc_get_fan_rpm, NULL);
+#define EEEPC_CREATE_SENSOR_ATTR_RO(_name, _mode, _get) \
+ EEEPC_SENSOR_SHOW_FUNC(_name, _get) \
+ static DEVICE_ATTR(_name, _mode, show_##_name, NULL)
+
+EEEPC_CREATE_SENSOR_ATTR_RO(fan1_input, S_IRUGO, eeepc_get_fan_rpm);
EEEPC_CREATE_SENSOR_ATTR(pwm1, S_IRUGO | S_IWUSR,
eeepc_get_fan_pwm, eeepc_set_fan_pwm);
EEEPC_CREATE_SENSOR_ATTR(pwm1_enable, S_IRUGO | S_IWUSR,
--
2.1.0
next prev parent reply other threads:[~2014-09-12 23:07 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-12 23:06 [PATCH 00/13] eeepc-laptop cleanups Frans Klaver
2014-09-12 23:06 ` [PATCH 01/13] eeepc-laptop: coding style: fix indentation Frans Klaver
2014-09-12 23:06 ` [PATCH 02/13] eeepc-laptop: coding style: add curly braces around else compound Frans Klaver
2014-09-12 23:06 ` [PATCH 03/13] " Frans Klaver
2014-09-15 19:41 ` Darren Hart
2014-09-15 19:58 ` Frans Klaver
2014-09-12 23:06 ` [PATCH 04/13] eeepc-laptop: use symbolic permissions in device attributes Frans Klaver
2014-09-12 23:06 ` [PATCH 05/13] eeepc-laptop: use DEVICE_ATTR to instantiate device_attributes Frans Klaver
2014-09-12 23:28 ` Greg Kroah-Hartman
2014-09-14 22:05 ` Frans Klaver
2014-09-12 23:06 ` [PATCH 06/13] eeepc-laptop: pull out ACPI_STORE_FUNC and ACPI_SHOW_FUNC macros Frans Klaver
2014-09-12 23:06 ` [PATCH 07/13] eeepc-laptop: make disp attribute really write-only Frans Klaver
2014-09-15 20:00 ` Darren Hart
2014-09-15 20:01 ` Frans Klaver
2014-09-12 23:06 ` [PATCH 08/13] eeepc-laptop: pull out SENSOR_STORE_FUNC and SENSOR_SHOW_FUNC macros Frans Klaver
2014-09-12 23:06 ` Frans Klaver [this message]
2014-09-12 23:06 ` [PATCH 10/13] eeepc-laptop: compare proper return values in get_cpufv Frans Klaver
2014-09-15 21:49 ` Darren Hart
2014-09-15 21:51 ` Greg Kroah-Hartman
2014-09-15 21:55 ` Frans Klaver
2014-09-16 11:54 ` Frans Klaver
2014-09-16 20:52 ` Darren Hart
2014-09-16 21:10 ` Frans Klaver
2014-09-16 23:39 ` Darren Hart
2014-09-16 21:27 ` Darren Hart
2014-09-16 21:33 ` Greg Kroah-Hartman
2014-09-16 21:40 ` Frans Klaver
2014-09-16 21:43 ` Darren Hart
2014-09-17 10:34 ` Henrique de Moraes Holschuh
2014-09-17 11:57 ` Frans Klaver
2014-09-17 16:12 ` Darren Hart
2014-09-12 23:06 ` [PATCH 11/13] eeepc-laptop: propagate errors from get_cpufv Frans Klaver
2014-09-15 21:50 ` Darren Hart
2014-09-12 23:06 ` [PATCH 12/13] eeepc-laptop: store_cpufv: return error if set_acpi fails Frans Klaver
2014-09-12 23:06 ` [PATCH 13/13] eeepc-laptop: return -ENXIO if acpi getter or setter fails Frans Klaver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1410563212-31565-10-git-send-email-fransklaver@gmail.com \
--to=fransklaver@gmail.com \
--cc=acpi4asus-user@lists.sourceforge.net \
--cc=corentin.chary@gmail.com \
--cc=dvhart@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rafael.j.wysocki@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).