* [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks
@ 2016-05-17 6:02 Krzysztof Kozlowski
2016-05-21 2:29 ` Javier Martinez Canillas
2016-05-26 9:08 ` Linus Walleij
0 siblings, 2 replies; 4+ messages in thread
From: Krzysztof Kozlowski @ 2016-05-17 6:02 UTC (permalink / raw)
To: Tomasz Figa, Krzysztof Kozlowski, Sylwester Nawrocki,
Linus Walleij, Kukjin Kim, linux-arm-kernel, linux-samsung-soc,
linux-gpio, linux-kernel
Cc: Marek Szyprowski, Bartlomiej Zolnierkiewicz
Although unbinding a pinctrl driver requires root privileges but it
still might be used theoretically in certain attacks (by triggering NULL
pointer exception or memory corruption).
Samsung pincontrol drivers are essential for system operation so their
removal is not expected. They do not implement remove() driver callback
and they are not buildable as modules.
Suppression of the unbinding will prevent triggering NULL pointer
exception like this (Odroid XU3):
$ echo 13400000.pinctrl > /sys/bus/platform/drivers/samsung-pinctrl/unbind
$ cat /sys/kernel/debug/gpio
Unable to handle kernel NULL pointer dereference at virtual address 00000c44
pgd = ec41c000
[00000c44] *pgd=6d448835, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
(samsung_gpio_get) from [<c034f9a0>] (gpiolib_seq_show+0x1b0/0x26c)
(gpiolib_seq_show) from [<c01fb8c0>] (seq_read+0x304/0x4b8)
(seq_read) from [<c02dbc78>] (full_proxy_read+0x4c/0x64)
(full_proxy_read) from [<c01d9fb0>] (__vfs_read+0x2c/0x110)
(__vfs_read) from [<c01db400>] (vfs_read+0x8c/0x110)
(vfs_read) from [<c01db4c4>] (SyS_read+0x40/0x8c)
(SyS_read) from [<c01078c0>] (ret_fast_syscall+0x0/0x3c)
Suggested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
---
drivers/pinctrl/samsung/pinctrl-exynos5440.c | 1 +
drivers/pinctrl/samsung/pinctrl-samsung.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/pinctrl/samsung/pinctrl-exynos5440.c b/drivers/pinctrl/samsung/pinctrl-exynos5440.c
index fb71fc3e5aa0..3000df80709f 100644
--- a/drivers/pinctrl/samsung/pinctrl-exynos5440.c
+++ b/drivers/pinctrl/samsung/pinctrl-exynos5440.c
@@ -998,6 +998,7 @@ static struct platform_driver exynos5440_pinctrl_driver = {
.driver = {
.name = "exynos5440-pinctrl",
.of_match_table = exynos5440_pinctrl_dt_match,
+ .suppress_bind_attrs = true,
},
};
diff --git a/drivers/pinctrl/samsung/pinctrl-samsung.c b/drivers/pinctrl/samsung/pinctrl-samsung.c
index ed0b70881e19..513fe6b23248 100644
--- a/drivers/pinctrl/samsung/pinctrl-samsung.c
+++ b/drivers/pinctrl/samsung/pinctrl-samsung.c
@@ -1274,6 +1274,7 @@ static struct platform_driver samsung_pinctrl_driver = {
.driver = {
.name = "samsung-pinctrl",
.of_match_table = samsung_pinctrl_dt_match,
+ .suppress_bind_attrs = true,
},
};
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks
2016-05-17 6:02 [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks Krzysztof Kozlowski
@ 2016-05-21 2:29 ` Javier Martinez Canillas
2016-05-26 9:08 ` Linus Walleij
1 sibling, 0 replies; 4+ messages in thread
From: Javier Martinez Canillas @ 2016-05-21 2:29 UTC (permalink / raw)
To: Krzysztof Kozlowski, Tomasz Figa, Sylwester Nawrocki,
Linus Walleij, Kukjin Kim, linux-arm-kernel, linux-samsung-soc,
linux-gpio, linux-kernel
Cc: Marek Szyprowski, Bartlomiej Zolnierkiewicz
Hello Krzysztof,
On 05/17/2016 02:02 AM, Krzysztof Kozlowski wrote:
> Although unbinding a pinctrl driver requires root privileges but it
> still might be used theoretically in certain attacks (by triggering NULL
> pointer exception or memory corruption).
>
> Samsung pincontrol drivers are essential for system operation so their
> removal is not expected. They do not implement remove() driver callback
> and they are not buildable as modules.
>
> Suppression of the unbinding will prevent triggering NULL pointer
> exception like this (Odroid XU3):
>
> $ echo 13400000.pinctrl > /sys/bus/platform/drivers/samsung-pinctrl/unbind
> $ cat /sys/kernel/debug/gpio
>
> Unable to handle kernel NULL pointer dereference at virtual address 00000c44
> pgd = ec41c000
> [00000c44] *pgd=6d448835, *pte=00000000, *ppte=00000000
> Internal error: Oops: 17 [#1] PREEMPT SMP ARM
> (samsung_gpio_get) from [<c034f9a0>] (gpiolib_seq_show+0x1b0/0x26c)
> (gpiolib_seq_show) from [<c01fb8c0>] (seq_read+0x304/0x4b8)
> (seq_read) from [<c02dbc78>] (full_proxy_read+0x4c/0x64)
> (full_proxy_read) from [<c01d9fb0>] (__vfs_read+0x2c/0x110)
> (__vfs_read) from [<c01db400>] (vfs_read+0x8c/0x110)
> (vfs_read) from [<c01db4c4>] (SyS_read+0x40/0x8c)
> (SyS_read) from [<c01078c0>] (ret_fast_syscall+0x0/0x3c)
>
> Suggested-by: Marek Szyprowski <m.szyprowski@samsung.com>
> Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
> ---
Reviewed-by: Javier Martinez Canillas <javier@osg.samsung.com>
Best regards,
--
Javier Martinez Canillas
Open Source Group
Samsung Research America
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks
2016-05-17 6:02 [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks Krzysztof Kozlowski
2016-05-21 2:29 ` Javier Martinez Canillas
@ 2016-05-26 9:08 ` Linus Walleij
2016-05-27 8:42 ` Krzysztof Kozlowski
1 sibling, 1 reply; 4+ messages in thread
From: Linus Walleij @ 2016-05-26 9:08 UTC (permalink / raw)
To: Krzysztof Kozlowski
Cc: Tomasz Figa, Sylwester Nawrocki, Kukjin Kim, linux-arm-kernel,
linux-samsung-soc, linux-gpio, linux-kernel, Marek Szyprowski,
Bartlomiej Zolnierkiewicz
On Tue, May 17, 2016 at 8:02 AM, Krzysztof Kozlowski
<k.kozlowski@samsung.com> wrote:
> Although unbinding a pinctrl driver requires root privileges but it
> still might be used theoretically in certain attacks (by triggering NULL
> pointer exception or memory corruption).
Patch applied with Javier's review tag.
I suspect this kind of patch should be done to a few
GPIO controller :/
Yours,
Linus Walleij
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks
2016-05-26 9:08 ` Linus Walleij
@ 2016-05-27 8:42 ` Krzysztof Kozlowski
0 siblings, 0 replies; 4+ messages in thread
From: Krzysztof Kozlowski @ 2016-05-27 8:42 UTC (permalink / raw)
To: Linus Walleij
Cc: Tomasz Figa, Sylwester Nawrocki, Kukjin Kim, linux-arm-kernel,
linux-samsung-soc, linux-gpio, linux-kernel, Marek Szyprowski,
Bartlomiej Zolnierkiewicz
On 05/26/2016 11:08 AM, Linus Walleij wrote:
> On Tue, May 17, 2016 at 8:02 AM, Krzysztof Kozlowski
> <k.kozlowski@samsung.com> wrote:
>
>> Although unbinding a pinctrl driver requires root privileges but it
>> still might be used theoretically in certain attacks (by triggering NULL
>> pointer exception or memory corruption).
>
> Patch applied with Javier's review tag.
>
> I suspect this kind of patch should be done to a few
> GPIO controller :/
Probably yes... Either the driver properly and safely handles unbind
(remove() callback) or it should be forbidden. In the same time, even if
remove() is implemented, unbinding some of the core SoC drivers is like
shooting self in the foot.
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-05-27 8:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-17 6:02 [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks Krzysztof Kozlowski
2016-05-21 2:29 ` Javier Martinez Canillas
2016-05-26 9:08 ` Linus Walleij
2016-05-27 8:42 ` Krzysztof Kozlowski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).