Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp525065pxb; Thu, 5 Nov 2020 06:28:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJwz0xFjNScHyj7XxBSSphuHjuPUoiSLtt2p4Y5hnZ93C41l47CL+/cbf4hFMDVHoPXr3BZk X-Received: by 2002:aa7:da13:: with SMTP id r19mr2881185eds.386.1604586505868; Thu, 05 Nov 2020 06:28:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604586505; cv=none; d=google.com; s=arc-20160816; b=I/HO/SYzsKQyoPqMifwpqjI1uEcv2fw86QM2mL6n/YD52RvrePUJaNam/h01qY3YA2 yv0aCdZDslJgmu3WeNZOtBRqSgt9GcdABm2bqqWIojit7rMJl4XSOwOoH7P5n9MxrnK5 7/n/qaXvkDMTcTx4Vfc1Vcm4+Wr85WKhnK8xBYtL+ioAJfruxg7HuzzQjBMczxjSwbII g5w/XCZCUyPPQM+AkXHltOHHTiNNYHIQFdYmlFLsA8gHJWhxGuV0NAyqlEzvx2DaIxSK yCbOu/wl3OtOlW/cqeW437ACbAOHRFidlh9Yf9OcbSFO3z45VRp2XkLTTKcNf6YC/hxm Oq+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :dkim-signature; bh=fnUc98TZMoYnFy4oELrU7aOcqJiQ3OcwocODgGvI4RI=; b=bGVZL40vpIm2XFQos3lbdqepzBGI1fCsV5Xu2wR32Uoq5epgzaoDfk4IX3jc453RfU Cu7+HyAyEMAnUB23SGZ60AJYx9trk00ztm9P16Hl/l7b+RJBOZ0Xi8b0eUjufc2E9nNQ bUBuF7aN6EbCfEkPHO4dtSveCNhs5Rs29v3CTDuvDPUoyt2IDc807NO+pWGjoiWF8eYm dxjugMIqlRNkgZRczp5o+5ME3d8bomdfRGCDt7DkyKxZ21etEDpHcZO2EikR5YwKhRFI tcbs5B4/KpccFGkozBn+106EMDRxmQXRHhP0jTHxYh4Dx3VXbClJ+X07LSBqwIoGPg4Z 6CqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kbBJSaYO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a5si1201502ejk.741.2020.11.05.06.28.00; Thu, 05 Nov 2020 06:28:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kbBJSaYO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731046AbgKEO0Z (ORCPT + 99 others); Thu, 5 Nov 2020 09:26:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729113AbgKEO0Z (ORCPT ); Thu, 5 Nov 2020 09:26:25 -0500 Received: from mail-oo1-xc44.google.com (mail-oo1-xc44.google.com [IPv6:2607:f8b0:4864:20::c44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 16900C0613CF; Thu, 5 Nov 2020 06:26:25 -0800 (PST) Received: by mail-oo1-xc44.google.com with SMTP id l26so461738oop.9; Thu, 05 Nov 2020 06:26:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=fnUc98TZMoYnFy4oELrU7aOcqJiQ3OcwocODgGvI4RI=; b=kbBJSaYORASAn7QfCPa0U1B4KmyJPGfa1aOhqZ0fU4iJAadH1b0KoCtg+NH02B9pCs aXqqNv8vONMBiV/lh2yay/lGgDivCDN9ivVeSaBmWXVMWVTf1ncq9sai61XpjQbDUPdZ AbCROf5aLi5mdu3BOy5nGvEQ1Ii7YnVZr3A0WXcWhaHNtuIs1q1PZbNzCxHVFloUeB+S OOOOycxBMLI4S3Whcq5o0fTIp9GnTW/PTqP2ZogCPHtCdBo2bWZewoNHmS+GoZ8k/2PA 68iwWDhELxUvunALEGjqkI3kXh0a1jo2FEXzIeZJ3RMhQnRtiz4z746zaqjXGuodUKHs QVpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=fnUc98TZMoYnFy4oELrU7aOcqJiQ3OcwocODgGvI4RI=; b=mFQ9oHL9Rf4h2Q6mI3rCksnWHkqJy89GI3daB1NjrZM5YCWUa1Xx+Yfjx8NhQxXGmB WIdXZmTRRmyeskmUbz2QtekDvpu05DAJuBQmnGVPnXhHs9i4m7ge4cJ1TXybuz6fpwe/ ACQZUnmCxCwcNr5arZKxdPh+3+WNANBAziaEhe+j/KvJyvi/Ko6c7o4XzEzzI5Mg8AJk pe0MT7M3D3qBJL7HNehn5kKNbSmKns6oL9OtCwFj1P8c/hf7bmQnUOzdgeIBCb1V9SMO YsuUEcncHTeExRxZfsXAGZxbQwrJ9eGk+z0rr9608Pfva+xt+0krihL06l+VuA5so9Qw Y7sg== X-Gm-Message-State: AOAM53316gRLH8RmTPBIZQAwGxst+4b0EeZ/w5WC6+GhSCOnI9EdvjzY +vAzD3xKXDJX2Q9uWecL8BE= X-Received: by 2002:a4a:b209:: with SMTP id d9mr1952292ooo.70.1604586383027; Thu, 05 Nov 2020 06:26:23 -0800 (PST) Received: from localhost ([2600:1700:e321:62f0:329c:23ff:fee3:9d7c]) by smtp.gmail.com with ESMTPSA id t25sm351860otj.13.2020.11.05.06.26.22 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 05 Nov 2020 06:26:22 -0800 (PST) Sender: Guenter Roeck Date: Thu, 5 Nov 2020 06:26:21 -0800 From: Guenter Roeck To: Wang Wensheng Cc: wim@linux-watchdog.org, linux-watchdog@vger.kernel.org, linux-kernel@vger.kernel.org, rui.xiang@huawei.com, guohanjun@huawei.com Subject: Re: [PATCH -next v3 1/2] watchdog: Fix potential dereferencing of null pointer Message-ID: <20201105142621.GB1389@roeck-us.net> References: <20201105123848.93735-1-wangwensheng4@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201105123848.93735-1-wangwensheng4@huawei.com> User-Agent: Mutt/1.9.4 (2018-02-28) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 05, 2020 at 12:38:47PM +0000, Wang Wensheng wrote: > A reboot notifier, which stops the WDT by calling the stop hook without > any check, would be registered when we set WDOG_STOP_ON_REBOOT flag. > > Howerer we allow the WDT driver to omit the stop hook since commit > "d0684c8a93549" ("watchdog: Make stop function optional") and provide > a module parameter for user that controls the WDOG_STOP_ON_REBOOT flag > in commit 9232c80659e94 ("watchdog: Add stop_on_reboot parameter to > control reboot policy"). Together that commits make user potential to > insert a watchdog driver that don't provide a stop hook but with the > stop_on_reboot parameter set, then dereferencing of null pointer occurs > on system reboot. > > Check the stop hook before registering the reboot notifier to fix the > issue. > > Fixes: d0684c8a9354 ("watchdog: Make stop function optional") > Signed-off-by: Wang Wensheng > --- > drivers/watchdog/watchdog_core.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/drivers/watchdog/watchdog_core.c b/drivers/watchdog/watchdog_core.c > index 423844757812..945ab38b14b8 100644 > --- a/drivers/watchdog/watchdog_core.c > +++ b/drivers/watchdog/watchdog_core.c > @@ -267,8 +267,15 @@ static int __watchdog_register_device(struct watchdog_device *wdd) > } > > if (test_bit(WDOG_STOP_ON_REBOOT, &wdd->status)) { > - wdd->reboot_nb.notifier_call = watchdog_reboot_notifier; > + if (!wdd->ops->stop) { > + pr_err("watchdog%d: Cannot support stop_on_reboot\n", > + wdd->id); > + watchdog_dev_unregister(wdd); > + ida_simple_remove(&watchdog_ida, id); > + return -EINVAL; > + } The problem with this is that setting the "stop_on_reboot" module parameter would now prevent the watchdog from being loaded, which isn't really desirable and might go unnoticed. I think the initial check should be above, with the "Mandatory operations" check, and if (stop_on_reboot != -1) { should be extended to if (stop_on_reboot != -1 && wdd->ops->stop) { or possibly more fancy: if (stop_on_reboot != -1) { if (stop_on_reboot) { if (!wdd->ops->stop) pr_warn("watchdog%d: stop_on_reboot not supported\n", wdd->id); else set_bit(WDOG_STOP_ON_REBOOT, &wdd->status); } else { clear_bit(WDOG_STOP_ON_REBOOT, &wdd->status); } } Thanks, Guenter > > + wdd->reboot_nb.notifier_call = watchdog_reboot_notifier; > ret = register_reboot_notifier(&wdd->reboot_nb); > if (ret) { > pr_err("watchdog%d: Cannot register reboot notifier (%d)\n", > -- > 2.25.0 >