Re: [PATCH] pinctrl: core: make sure strcmp() doesn't get a null parameter

From: Linus Walleij
Date: Mon Oct 01 2018 - 07:47:04 EST


On Sat, Sep 29, 2018 at 11:07 AM Yanjiang Jin
<yanjiang.jin@xxxxxxxxxxxxxxxx> wrote:

> Some drivers, for example, QCOM's qdf2xxx, set groups[gpio].name only
> when gpio is valid, and leave invalid gpio names as null.
> If we want to access the sys node "pinconf-groups",
> pinctrl_get_group_selector() -> get_group_name() may return a null
> pointer if group_selector is invalid, then the below Kernel panic
> would happen since strcmp() uses this null pointer to do comparison.
>
> Unable to handle kernel NULL pointer dereference at ss 00000000
> el:Internal error: Oops: 9600000[ 143.080279]
> SMP
> CPU: 19 PID: 2493 Comm: read_all Tainted: G O
> .aarch64 #1
> Hardware name: HXT Semiconductor HXT REP-2 System
> PC is at strcmp+0x18/0x154
> LR is at pinctrl_get_group_selector+0x6c/0xe8
> Process read_all (pid: 2493, stack limit =
> Call trace:
> Exception stack
> strcmp+0x18/0x154
> pin_config_group_get+0x64/0xd8
> pinconf_generic_dump_one+0xd8/0x1c0
> pinconf_generic_dump_pins+0x94/0xc8
> pinconf_groups_show+0xb4/0x104
> seq_read+0x178/0x464
> full_proxy_read+0x6c/0xac
> __vfs_read+0x58/0x178
> vfs_read+0x94/0x164
> SyS_read+0x60/0xc0
> __sys_trace_return+0x0/0x4
> --[ end trace]--
> Kernel panic - not syncing: Fatal exception
>
> Signed-off-by: Yanjiang Jin <yanjiang.jin@xxxxxxxxxxxxxxxx>

Good catch!

Patch applied.

Yours,
Linus Walleij