From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
To: Tomasz Figa <tomasz.figa@gmail.com>,
Krzysztof Kozlowski <k.kozlowski@samsung.com>,
Sylwester Nawrocki <s.nawrocki@samsung.com>,
Linus Walleij <linus.walleij@linaro.org>,
Kukjin Kim <kgene@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-samsung-soc@vger.kernel.org, linux-gpio@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: Marek Szyprowski <m.szyprowski@samsung.com>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Subject: [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks
Date: Tue, 17 May 2016 08:02:06 +0200 [thread overview]
Message-ID: <1463464926-17482-1-git-send-email-k.kozlowski@samsung.com> (raw)
Although unbinding a pinctrl driver requires root privileges but it
still might be used theoretically in certain attacks (by triggering NULL
pointer exception or memory corruption).
Samsung pincontrol drivers are essential for system operation so their
removal is not expected. They do not implement remove() driver callback
and they are not buildable as modules.
Suppression of the unbinding will prevent triggering NULL pointer
exception like this (Odroid XU3):
$ echo 13400000.pinctrl > /sys/bus/platform/drivers/samsung-pinctrl/unbind
$ cat /sys/kernel/debug/gpio
Unable to handle kernel NULL pointer dereference at virtual address 00000c44
pgd = ec41c000
[00000c44] *pgd=6d448835, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
(samsung_gpio_get) from [<c034f9a0>] (gpiolib_seq_show+0x1b0/0x26c)
(gpiolib_seq_show) from [<c01fb8c0>] (seq_read+0x304/0x4b8)
(seq_read) from [<c02dbc78>] (full_proxy_read+0x4c/0x64)
(full_proxy_read) from [<c01d9fb0>] (__vfs_read+0x2c/0x110)
(__vfs_read) from [<c01db400>] (vfs_read+0x8c/0x110)
(vfs_read) from [<c01db4c4>] (SyS_read+0x40/0x8c)
(SyS_read) from [<c01078c0>] (ret_fast_syscall+0x0/0x3c)
Suggested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
---
drivers/pinctrl/samsung/pinctrl-exynos5440.c | 1 +
drivers/pinctrl/samsung/pinctrl-samsung.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/pinctrl/samsung/pinctrl-exynos5440.c b/drivers/pinctrl/samsung/pinctrl-exynos5440.c
index fb71fc3e5aa0..3000df80709f 100644
--- a/drivers/pinctrl/samsung/pinctrl-exynos5440.c
+++ b/drivers/pinctrl/samsung/pinctrl-exynos5440.c
@@ -998,6 +998,7 @@ static struct platform_driver exynos5440_pinctrl_driver = {
.driver = {
.name = "exynos5440-pinctrl",
.of_match_table = exynos5440_pinctrl_dt_match,
+ .suppress_bind_attrs = true,
},
};
diff --git a/drivers/pinctrl/samsung/pinctrl-samsung.c b/drivers/pinctrl/samsung/pinctrl-samsung.c
index ed0b70881e19..513fe6b23248 100644
--- a/drivers/pinctrl/samsung/pinctrl-samsung.c
+++ b/drivers/pinctrl/samsung/pinctrl-samsung.c
@@ -1274,6 +1274,7 @@ static struct platform_driver samsung_pinctrl_driver = {
.driver = {
.name = "samsung-pinctrl",
.of_match_table = samsung_pinctrl_dt_match,
+ .suppress_bind_attrs = true,
},
};
--
1.9.1
WARNING: multiple messages have this Message-ID (diff)
From: k.kozlowski@samsung.com (Krzysztof Kozlowski)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks
Date: Tue, 17 May 2016 08:02:06 +0200 [thread overview]
Message-ID: <1463464926-17482-1-git-send-email-k.kozlowski@samsung.com> (raw)
Although unbinding a pinctrl driver requires root privileges but it
still might be used theoretically in certain attacks (by triggering NULL
pointer exception or memory corruption).
Samsung pincontrol drivers are essential for system operation so their
removal is not expected. They do not implement remove() driver callback
and they are not buildable as modules.
Suppression of the unbinding will prevent triggering NULL pointer
exception like this (Odroid XU3):
$ echo 13400000.pinctrl > /sys/bus/platform/drivers/samsung-pinctrl/unbind
$ cat /sys/kernel/debug/gpio
Unable to handle kernel NULL pointer dereference at virtual address 00000c44
pgd = ec41c000
[00000c44] *pgd=6d448835, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
(samsung_gpio_get) from [<c034f9a0>] (gpiolib_seq_show+0x1b0/0x26c)
(gpiolib_seq_show) from [<c01fb8c0>] (seq_read+0x304/0x4b8)
(seq_read) from [<c02dbc78>] (full_proxy_read+0x4c/0x64)
(full_proxy_read) from [<c01d9fb0>] (__vfs_read+0x2c/0x110)
(__vfs_read) from [<c01db400>] (vfs_read+0x8c/0x110)
(vfs_read) from [<c01db4c4>] (SyS_read+0x40/0x8c)
(SyS_read) from [<c01078c0>] (ret_fast_syscall+0x0/0x3c)
Suggested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
---
drivers/pinctrl/samsung/pinctrl-exynos5440.c | 1 +
drivers/pinctrl/samsung/pinctrl-samsung.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/pinctrl/samsung/pinctrl-exynos5440.c b/drivers/pinctrl/samsung/pinctrl-exynos5440.c
index fb71fc3e5aa0..3000df80709f 100644
--- a/drivers/pinctrl/samsung/pinctrl-exynos5440.c
+++ b/drivers/pinctrl/samsung/pinctrl-exynos5440.c
@@ -998,6 +998,7 @@ static struct platform_driver exynos5440_pinctrl_driver = {
.driver = {
.name = "exynos5440-pinctrl",
.of_match_table = exynos5440_pinctrl_dt_match,
+ .suppress_bind_attrs = true,
},
};
diff --git a/drivers/pinctrl/samsung/pinctrl-samsung.c b/drivers/pinctrl/samsung/pinctrl-samsung.c
index ed0b70881e19..513fe6b23248 100644
--- a/drivers/pinctrl/samsung/pinctrl-samsung.c
+++ b/drivers/pinctrl/samsung/pinctrl-samsung.c
@@ -1274,6 +1274,7 @@ static struct platform_driver samsung_pinctrl_driver = {
.driver = {
.name = "samsung-pinctrl",
.of_match_table = samsung_pinctrl_dt_match,
+ .suppress_bind_attrs = true,
},
};
--
1.9.1
next reply other threads:[~2016-05-17 6:02 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-17 6:02 Krzysztof Kozlowski [this message]
2016-05-17 6:02 ` [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks Krzysztof Kozlowski
2016-05-21 2:29 ` Javier Martinez Canillas
2016-05-21 2:29 ` Javier Martinez Canillas
2016-05-26 9:08 ` Linus Walleij
2016-05-26 9:08 ` Linus Walleij
2016-05-26 9:08 ` Linus Walleij
2016-05-27 8:42 ` Krzysztof Kozlowski
2016-05-27 8:42 ` Krzysztof Kozlowski
2016-05-27 8:42 ` Krzysztof Kozlowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1463464926-17482-1-git-send-email-k.kozlowski@samsung.com \
--to=k.kozlowski@samsung.com \
--cc=b.zolnierkie@samsung.com \
--cc=kgene@kernel.org \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-samsung-soc@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=s.nawrocki@samsung.com \
--cc=tomasz.figa@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.