Received: by 10.223.176.46 with SMTP id f43csp2699931wra;
        Thu, 25 Jan 2018 13:52:20 -0800 (PST)
X-Google-Smtp-Source: AH8x225p88TfqOW23rhd2BWUewcDPMSW1oI7u3wDcjWOBCb6xVP0eY4YZvbCN+yjN8X3d0ZEBjkl
X-Received: by 2002:a17:902:a503:: with SMTP id s3-v6mr12824691plq.161.1516917140833;
        Thu, 25 Jan 2018 13:52:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516917140; cv=none;
        d=google.com; s=arc-20160816;
        b=XcAloD81X+Y6KE1K7XdlrfvnS9xZWbotataWyd8QFuBZlB5HOD88yItJqA5QccyovF
         +JBCREooszHMKighmMAa6KuES61Go+gIDHr5beJGtgFdOeiE7b2eVsedtnStlGTmOFH2
         Gms/xklDzeEB9pZcg/DcAV1WCSf0lTvoqMHwusZxg/bdnQj+Wh//y0PdJ+qqc21EQiXt
         Eky2q4EUSWG/jiZwlQWzw0VtjCEMITh0afBFFBzhznYmC6KDlPl4AUVLfQQ7VrLHchtG
         NYEfbqn249VMP7m3PWGOCMXfWSg+7kQCwRfj1XQl9PCxY1f7A+b8km8vK++mA7Y0NrVJ
         g+7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dmarc-filter:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=98b9w3TSISXPVP/QayqyIpBHHKy+hvemcWPFCqukZkU=;
        b=oardb0cg7LhayMsvGMvAYS8QH12hDfl0/5TUeMOgzsty9wAo0C208K+L7QIYNY4OgA
         sHivc2urcdxGLIt7k9Op6mox0/BnS5u44mgoQBklKtbT9YFs/HMyaEISdg+z7iBPE/Bu
         lP3Besl2LrK0Wkvw8ltH1zHtJFFP0ZT65YjZchTcVMjfQowkdjjRo8C4u4cenU5BFrjo
         joPf9FH/8MTBSDoIlXJvZQUilyNhJaB+HupyZmsQCOnk4eiumKjN+7XGxI0QM/h8R1pa
         miOcZYDJcasdTnXeY8FpsQFkzaZ3TKBKystrArASHV4xtznv5Gi4wNmcvExpYTdUqwma
         F0Hw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@codeaurora.org header.s=default header.b=pDViFVQl;
       dkim=pass header.i=@codeaurora.org header.s=default header.b=gBZuJNwV;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q12-v6si2588471plr.119.2018.01.25.13.52.05;
        Thu, 25 Jan 2018 13:52:20 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@codeaurora.org header.s=default header.b=pDViFVQl;
       dkim=pass header.i=@codeaurora.org header.s=default header.b=gBZuJNwV;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751434AbeAYVvj (ORCPT <rfc822;daisukeokaopensource@gmail.com>
        + 99 others); Thu, 25 Jan 2018 16:51:39 -0500
Received: from smtp.codeaurora.org ([198.145.29.96]:53142 "EHLO
        smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751174AbeAYVvh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 25 Jan 2018 16:51:37 -0500
Received: by smtp.codeaurora.org (Postfix, from userid 1000)
        id F09546024A; Thu, 25 Jan 2018 21:51:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org;
        s=default; t=1516917097;
        bh=laBLgwqz8MYt+XgwQZwGPNmEk9RnXzLyWErbtni2DI4=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=pDViFVQlM71UVxScj20ZeXXVrsbvebCg1TsqZfBM2JgZLhv+2Oqaml0yNAnywYp6P
         CcUaEzJux4zgdem7I4BcC1gLETclTlYKD1S9ia+YGIrpVzgRQ87NI3IXBTwenF9YL8
         I0BHoWAQlwIkMZkyPQGZDOn8dEm4VpLXpO2ZliiA=
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
        pdx-caf-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=2.0 tests=ALL_TRUSTED,BAYES_00,
        DKIM_SIGNED,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0
Received: from localhost (i-global254.qualcomm.com [199.106.103.254])
        (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
        (No client certificate requested)
        (Authenticated sender: sboyd@smtp.codeaurora.org)
        by smtp.codeaurora.org (Postfix) with ESMTPSA id 4CF096032C;
        Thu, 25 Jan 2018 21:51:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org;
        s=default; t=1516917096;
        bh=laBLgwqz8MYt+XgwQZwGPNmEk9RnXzLyWErbtni2DI4=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=gBZuJNwVOFanmqNrUfNgyEM06oQGWSW2Kcp4txAkzPWmBZ3fV9eeGEtS3Q0mPRjTu
         eSHal4wibB//wKggU1rCMgsOxv/DV2i6uxJALWnqp0ObUifhrFteXSTZocWGcBwMD5
         ilFDCPdfEIr5inrHpKtjbxfGwIUg1V63G3N3CZDg=
DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 4CF096032C
Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org
Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=sboyd@codeaurora.org
Date:   Thu, 25 Jan 2018 13:51:35 -0800
From:   Stephen Boyd <sboyd@codeaurora.org>
To:     Timur Tabi <timur@codeaurora.org>
Cc:     Linus Walleij <linus.walleij@linaro.org>,
        linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        Bjorn Andersson <bjorn.andersson@linaro.org>,
        linux-gpio@vger.kernel.org, devicetree@vger.kernel.org
Subject: Re: [PATCH 3/3] pinctrl: qcom: Don't allow protected pins to be
 requested
Message-ID: <20180125215135.GY28313@codeaurora.org>
References: <20180110015848.11480-1-sboyd@codeaurora.org>
 <20180110015848.11480-4-sboyd@codeaurora.org>
 <f384a6c4-57a5-df18-862c-bf7dad9ea3f4@codeaurora.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <f384a6c4-57a5-df18-862c-bf7dad9ea3f4@codeaurora.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 01/22, Timur Tabi wrote:
> On 1/9/18 7:58 PM, Stephen Boyd wrote:
> >+		ret = device_property_read_u16_array(pctrl->dev, "gpios", tmp,
> >+						     len);
> >+		if (ret < 0) {
> >+			dev_err(pctrl->dev, "could not read list of GPIOs\n");
> >+			kfree(tmp);
> >+			return ret;
> >+		}
> 
> Just FYI, I'm still going to have to parse "gpios" in my
> pinctrl-qdf2xxx.c driver, even though you're also parsing it here.
> That's because I need to make sure that the msm_pingroup array only
> contains "approve" addresses in its ctl_reg fields.
> 
> +	for (i = 0; i < avail_gpios; i++) {
> +		unsigned int gpio = gpios[i];
> +
> +		groups[gpio].npins = 1;
> +		snprintf(names[i], NAME_SIZE, "gpio%u", gpio);
> +		pins[gpio].name = names[i];
> +		groups[gpio].name = names[i];
> +
> +		groups[gpio].ctl_reg = 0x10000 * gpio;
>  		       ^^^^
> 
> I do this because I need to make sure that "unapproved" physical
> addresses are never store anywhere in groups[].  That way, it's
> impossible for the driver to cause an XPU violation -- the worst
> that can happen is a null pointer dereference.
> 

Sorry I don't get it. Is that some sort of hardening requirement?
If the framework doesn't cause those pins to be touched I fail to
see how it could hurt to have the other addresses listed. I'm
sure with some effort protected addresses could be crafted in
other ways to cause an XPU violation to the same place.

-- 
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project