Received: by 10.223.176.46 with SMTP id f43csp2699931wra; Thu, 25 Jan 2018 13:52:20 -0800 (PST) X-Google-Smtp-Source: AH8x225p88TfqOW23rhd2BWUewcDPMSW1oI7u3wDcjWOBCb6xVP0eY4YZvbCN+yjN8X3d0ZEBjkl X-Received: by 2002:a17:902:a503:: with SMTP id s3-v6mr12824691plq.161.1516917140833; Thu, 25 Jan 2018 13:52:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516917140; cv=none; d=google.com; s=arc-20160816; b=XcAloD81X+Y6KE1K7XdlrfvnS9xZWbotataWyd8QFuBZlB5HOD88yItJqA5QccyovF +JBCREooszHMKighmMAa6KuES61Go+gIDHr5beJGtgFdOeiE7b2eVsedtnStlGTmOFH2 Gms/xklDzeEB9pZcg/DcAV1WCSf0lTvoqMHwusZxg/bdnQj+Wh//y0PdJ+qqc21EQiXt Eky2q4EUSWG/jiZwlQWzw0VtjCEMITh0afBFFBzhznYmC6KDlPl4AUVLfQQ7VrLHchtG NYEfbqn249VMP7m3PWGOCMXfWSg+7kQCwRfj1XQl9PCxY1f7A+b8km8vK++mA7Y0NrVJ g+7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dmarc-filter:dkim-signature:dkim-signature :arc-authentication-results; bh=98b9w3TSISXPVP/QayqyIpBHHKy+hvemcWPFCqukZkU=; b=oardb0cg7LhayMsvGMvAYS8QH12hDfl0/5TUeMOgzsty9wAo0C208K+L7QIYNY4OgA sHivc2urcdxGLIt7k9Op6mox0/BnS5u44mgoQBklKtbT9YFs/HMyaEISdg+z7iBPE/Bu lP3Besl2LrK0Wkvw8ltH1zHtJFFP0ZT65YjZchTcVMjfQowkdjjRo8C4u4cenU5BFrjo joPf9FH/8MTBSDoIlXJvZQUilyNhJaB+HupyZmsQCOnk4eiumKjN+7XGxI0QM/h8R1pa miOcZYDJcasdTnXeY8FpsQFkzaZ3TKBKystrArASHV4xtznv5Gi4wNmcvExpYTdUqwma F0Hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=pDViFVQl; dkim=pass header.i=@codeaurora.org header.s=default header.b=gBZuJNwV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q12-v6si2588471plr.119.2018.01.25.13.52.05; Thu, 25 Jan 2018 13:52:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=pDViFVQl; dkim=pass header.i=@codeaurora.org header.s=default header.b=gBZuJNwV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751434AbeAYVvj (ORCPT + 99 others); Thu, 25 Jan 2018 16:51:39 -0500 Received: from smtp.codeaurora.org ([198.145.29.96]:53142 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751174AbeAYVvh (ORCPT ); Thu, 25 Jan 2018 16:51:37 -0500 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id F09546024A; Thu, 25 Jan 2018 21:51:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1516917097; bh=laBLgwqz8MYt+XgwQZwGPNmEk9RnXzLyWErbtni2DI4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=pDViFVQlM71UVxScj20ZeXXVrsbvebCg1TsqZfBM2JgZLhv+2Oqaml0yNAnywYp6P CcUaEzJux4zgdem7I4BcC1gLETclTlYKD1S9ia+YGIrpVzgRQ87NI3IXBTwenF9YL8 I0BHoWAQlwIkMZkyPQGZDOn8dEm4VpLXpO2ZliiA= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0 Received: from localhost (i-global254.qualcomm.com [199.106.103.254]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: sboyd@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 4CF096032C; Thu, 25 Jan 2018 21:51:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1516917096; bh=laBLgwqz8MYt+XgwQZwGPNmEk9RnXzLyWErbtni2DI4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=gBZuJNwVOFanmqNrUfNgyEM06oQGWSW2Kcp4txAkzPWmBZ3fV9eeGEtS3Q0mPRjTu eSHal4wibB//wKggU1rCMgsOxv/DV2i6uxJALWnqp0ObUifhrFteXSTZocWGcBwMD5 ilFDCPdfEIr5inrHpKtjbxfGwIUg1V63G3N3CZDg= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 4CF096032C Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=sboyd@codeaurora.org Date: Thu, 25 Jan 2018 13:51:35 -0800 From: Stephen Boyd To: Timur Tabi Cc: Linus Walleij , linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Andy Shevchenko , Bjorn Andersson , linux-gpio@vger.kernel.org, devicetree@vger.kernel.org Subject: Re: [PATCH 3/3] pinctrl: qcom: Don't allow protected pins to be requested Message-ID: <20180125215135.GY28313@codeaurora.org> References: <20180110015848.11480-1-sboyd@codeaurora.org> <20180110015848.11480-4-sboyd@codeaurora.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/22, Timur Tabi wrote: > On 1/9/18 7:58 PM, Stephen Boyd wrote: > >+ ret = device_property_read_u16_array(pctrl->dev, "gpios", tmp, > >+ len); > >+ if (ret < 0) { > >+ dev_err(pctrl->dev, "could not read list of GPIOs\n"); > >+ kfree(tmp); > >+ return ret; > >+ } > > Just FYI, I'm still going to have to parse "gpios" in my > pinctrl-qdf2xxx.c driver, even though you're also parsing it here. > That's because I need to make sure that the msm_pingroup array only > contains "approve" addresses in its ctl_reg fields. > > + for (i = 0; i < avail_gpios; i++) { > + unsigned int gpio = gpios[i]; > + > + groups[gpio].npins = 1; > + snprintf(names[i], NAME_SIZE, "gpio%u", gpio); > + pins[gpio].name = names[i]; > + groups[gpio].name = names[i]; > + > + groups[gpio].ctl_reg = 0x10000 * gpio; > ^^^^ > > I do this because I need to make sure that "unapproved" physical > addresses are never store anywhere in groups[]. That way, it's > impossible for the driver to cause an XPU violation -- the worst > that can happen is a null pointer dereference. > Sorry I don't get it. Is that some sort of hardening requirement? If the framework doesn't cause those pins to be touched I fail to see how it could hurt to have the other addresses listed. I'm sure with some effort protected addresses could be crafted in other ways to cause an XPU violation to the same place. -- Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project