From patchwork Tue May 17 06:02:06 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Krzysztof Kozlowski X-Patchwork-Id: 9109401 Return-Path: X-Original-To: patchwork-linux-samsung-soc@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 750BDBF29F for ; Tue, 17 May 2016 06:02:24 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 95A2D202D1 for ; Tue, 17 May 2016 06:02:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id AB77C20279 for ; Tue, 17 May 2016 06:02:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754338AbcEQGCV (ORCPT ); Tue, 17 May 2016 02:02:21 -0400 Received: from mailout1.w1.samsung.com ([210.118.77.11]:36158 "EHLO mailout1.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754317AbcEQGCU (ORCPT ); Tue, 17 May 2016 02:02:20 -0400 Received: from eucpsbgm1.samsung.com (unknown [203.254.199.244]) by mailout1.w1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTP id <0O7B00HW64RSM530@mailout1.w1.samsung.com>; Tue, 17 May 2016 07:02:16 +0100 (BST) X-AuditID: cbfec7f4-f796c6d000001486-73-573ab3e751b3 Received: from eusync1.samsung.com ( [203.254.199.211]) by eucpsbgm1.samsung.com (EUCPMTA) with SMTP id 83.9D.05254.7E3BA375; Tue, 17 May 2016 07:02:15 +0100 (BST) Received: from AMDC2174.DIGITAL.local ([106.120.53.17]) by eusync1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTPA id <0O7B00A5D4RMERC0@eusync1.samsung.com>; Tue, 17 May 2016 07:02:15 +0100 (BST) From: Krzysztof Kozlowski To: Tomasz Figa , Krzysztof Kozlowski , Sylwester Nawrocki , Linus Walleij , Kukjin Kim , linux-arm-kernel@lists.infradead.org, linux-samsung-soc@vger.kernel.org, linux-gpio@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Marek Szyprowski , Bartlomiej Zolnierkiewicz Subject: [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks Date: Tue, 17 May 2016 08:02:06 +0200 Message-id: <1463464926-17482-1-git-send-email-k.kozlowski@samsung.com> X-Mailer: git-send-email 1.9.1 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprMLMWRmVeSWpSXmKPExsVy+t/xy7rPN1uFG1xvsrTYOGM9q8XrF4YW /Y9fM1tM+bOcyWLT42usFpvn/2G0uLxrDpvFjPP7mCzWHrnLbnH4TTurxapdfxgduD12zrrL 7rFpVSebx51re9g8Ni+p9+jbsorR4/MmuQC2KC6blNSczLLUIn27BK6M2+vOsRbMEa542H+H tYFxjUAXIyeHhICJxO/Ln5khbDGJC/fWs3UxcnEICSxllFhyvpENJCEk0Mgkcb+zDsRmEzCW 2Lx8CViRiMBNJok3befBipgF0iV+nG9jArGFBcIk/n6aCWazCKhK/Hj9lBHE5hVwl3iz7CwL xDY5iZPHJrNOYORewMiwilE0tTS5oDgpPddQrzgxt7g0L10vOT93EyMkqL7sYFx8zOoQowAH oxIP7wUTq3Ah1sSy4srcQ4wSHMxKIrzbNwGFeFMSK6tSi/Lji0pzUosPMUpzsCiJ887d9T5E SCA9sSQ1OzW1ILUIJsvEwSnVwBiRcdru6xbHZxULv81Kj0u49H7iv8MOEz2mH1upG27P/Puu T8LVlseG2il1917q3otyddk5mzUvafG8J4FuT480Pdjlv+p87/FlT3523njG/nqZ5fuaRZrh h1g41/q0r/7CzWudpeZ1+wnjo2cmD59JXxb3rz/r8MI065MqNxez9MzoP9Upr0yVWIozEg21 mIuKEwFuWkmIJgIAAA== Sender: linux-samsung-soc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-samsung-soc@vger.kernel.org X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Although unbinding a pinctrl driver requires root privileges but it still might be used theoretically in certain attacks (by triggering NULL pointer exception or memory corruption). Samsung pincontrol drivers are essential for system operation so their removal is not expected. They do not implement remove() driver callback and they are not buildable as modules. Suppression of the unbinding will prevent triggering NULL pointer exception like this (Odroid XU3): $ echo 13400000.pinctrl > /sys/bus/platform/drivers/samsung-pinctrl/unbind $ cat /sys/kernel/debug/gpio Unable to handle kernel NULL pointer dereference at virtual address 00000c44 pgd = ec41c000 [00000c44] *pgd=6d448835, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] PREEMPT SMP ARM (samsung_gpio_get) from [] (gpiolib_seq_show+0x1b0/0x26c) (gpiolib_seq_show) from [] (seq_read+0x304/0x4b8) (seq_read) from [] (full_proxy_read+0x4c/0x64) (full_proxy_read) from [] (__vfs_read+0x2c/0x110) (__vfs_read) from [] (vfs_read+0x8c/0x110) (vfs_read) from [] (SyS_read+0x40/0x8c) (SyS_read) from [] (ret_fast_syscall+0x0/0x3c) Suggested-by: Marek Szyprowski Signed-off-by: Krzysztof Kozlowski Reviewed-by: Javier Martinez Canillas --- drivers/pinctrl/samsung/pinctrl-exynos5440.c | 1 + drivers/pinctrl/samsung/pinctrl-samsung.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/pinctrl/samsung/pinctrl-exynos5440.c b/drivers/pinctrl/samsung/pinctrl-exynos5440.c index fb71fc3e5aa0..3000df80709f 100644 --- a/drivers/pinctrl/samsung/pinctrl-exynos5440.c +++ b/drivers/pinctrl/samsung/pinctrl-exynos5440.c @@ -998,6 +998,7 @@ static struct platform_driver exynos5440_pinctrl_driver = { .driver = { .name = "exynos5440-pinctrl", .of_match_table = exynos5440_pinctrl_dt_match, + .suppress_bind_attrs = true, }, }; diff --git a/drivers/pinctrl/samsung/pinctrl-samsung.c b/drivers/pinctrl/samsung/pinctrl-samsung.c index ed0b70881e19..513fe6b23248 100644 --- a/drivers/pinctrl/samsung/pinctrl-samsung.c +++ b/drivers/pinctrl/samsung/pinctrl-samsung.c @@ -1274,6 +1274,7 @@ static struct platform_driver samsung_pinctrl_driver = { .driver = { .name = "samsung-pinctrl", .of_match_table = samsung_pinctrl_dt_match, + .suppress_bind_attrs = true, }, };