Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp4105473pxb; Tue, 10 Nov 2020 08:05:01 -0800 (PST) X-Google-Smtp-Source: ABdhPJyCipxBXAtkPuDerRGO0/5f0LszV+lWu9Nul9c/8ZuC9RYFTsuXXe8m2YrUznnUAZYaT0Zp X-Received: by 2002:a1c:2d47:: with SMTP id t68mr413647wmt.148.1605024300819; Tue, 10 Nov 2020 08:05:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605024300; cv=none; d=google.com; s=arc-20160816; b=XTlFb+SnAtPKjTtpq8FaUKKdDmxVpLMfd87AVyIF+zfS98kpVbIrStlbs+R6HzUtiE 5lTkc3RMN/J6JSG0lsnDQ076R/tEKUEn517+pypWn2xGOsrfGiU07y7BdccNDahLjBPi LSEpyyaZ2nZL3XVE+jUMGbWPESPi+r9eDP8uJ6kFt7j1JMnzbqbYpYbhKdtSh5qvoxiY qhg4rwh9FzLer3me/2+i9EMybLCAl+aoiQMXEcK/Rwus6sEsZJUtV+8ktvxRlqOe/MPv 1j1XXqVWAoEmNkZ+/WiWKkOWow6W3NuF5kNBp1V4Q1m6Ln/u4GxubREjFf4SSzyn8Tvc IAig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :dkim-signature; bh=kDzPapGdXIwmXcJmTQZGIuILt4q/vwSqlKWbIudkGQY=; b=kUVqz5YEnQcHbNiSpEW1Sss8ULWThMR4jfwY3nDxw/u9i9AMmHzNzeupF7EZxr+LcC +3B9eV1dI7HV/FFUXwf9zGsKPXPOBfn+yY3q+OpnZYvK0VSPsz3pXOOfUIB0iwXVh4Sv 5sb/Jwk9WfBhZMEPkyw1H0qYDJDxYxs+OUNW+BhlU0aFEx0PbJNsAIJ/7P9eFxP/6Ylm gZkmHswP9jWCra5l6qYYGxHyonT6e/F2xwtD7dHVyLtUzL5Ms9zJaydrXok3+kDALxVl mWK7muGPKo0tDE87VP3cU/Ea5H8FE6qxAnmMaPkPCZMyicohLYZlyOb1hd0cHh9fqAZk H9Gg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Fg5+setH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qx23si9549946ejb.362.2020.11.10.08.04.33; Tue, 10 Nov 2020 08:05:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Fg5+setH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731225AbgKJQBX (ORCPT + 99 others); Tue, 10 Nov 2020 11:01:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729909AbgKJQBV (ORCPT ); Tue, 10 Nov 2020 11:01:21 -0500 Received: from mail-oi1-x241.google.com (mail-oi1-x241.google.com [IPv6:2607:f8b0:4864:20::241]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6959C0613CF; Tue, 10 Nov 2020 08:01:21 -0800 (PST) Received: by mail-oi1-x241.google.com with SMTP id j7so14865826oie.12; Tue, 10 Nov 2020 08:01:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=kDzPapGdXIwmXcJmTQZGIuILt4q/vwSqlKWbIudkGQY=; b=Fg5+setHdx6WcyATDh9i9QQsjuOKojB/1HwsGCqR109+KSbAOS3mznvx0Zmn+VViOH j8y3HTl4hsgjbcXiWmz56YdPS+uvtgUeEjzvAGciQd+uEmR/I4C/hfvY4ttxZ7gny16y tkM93eZBRudiBqKZ6vQMAUSV84S6DrKKpiz8sHeptHCbjmkc8R34MmuyAZwme6iupq9j 410RZ+rSPuBFSJLUli3WB4Tlgfu554FOgAg9UjyeMecGI0M2XQLlJEPTQlya9CEhHmwS Z3fgkTQXE63ONPBfjW8t0/OTjBiQJb6wk3AyitVH9Aezn6SyRDdrYCOqQAJz+2Rbynrw 3Ktg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=kDzPapGdXIwmXcJmTQZGIuILt4q/vwSqlKWbIudkGQY=; b=ZoPVJd8IbvPF6PkUcu+NNXySi5cByiP3QWNHEmGupEEKGF3T+gkEmj/OWfuxosnYNT H3zKOHLn4DgAeKcwpPNdkM0lbnDqD4r/44+jwuGzrUr0a20ExetcMcevX5gbhrSyAK5t /eQeUcc5fuxu1gvqUxflZLr9+M14Z3drX9mm1/5H9nYV0uHkZbKx4mUwLAZgTcbFgu/J Yxlg5y2ShzZGlSmy96vGJIigW8GA4iEhbUq6D1LakQln1Rgt7MbLAtrym34FwDxXouO/ hKCJnDOcYCDoIXrIxK/rl2oduOIu3fyaK29rykssHtH0NSJGCM1A6x44JkweCPht6T+j DAxA== X-Gm-Message-State: AOAM533NuL987SriT/3gZQHK2rIZKi4mAFUaZAmri6Vit+JFBWb+J43Y VyGE+gVRD2/qp2Iyh3whPKPH4o4pF6k= X-Received: by 2002:aca:b288:: with SMTP id b130mr3031391oif.152.1605024080787; Tue, 10 Nov 2020 08:01:20 -0800 (PST) Received: from localhost ([2600:1700:e321:62f0:329c:23ff:fee3:9d7c]) by smtp.gmail.com with ESMTPSA id t6sm3231782ooo.22.2020.11.10.08.01.19 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 10 Nov 2020 08:01:19 -0800 (PST) Sender: Guenter Roeck Date: Tue, 10 Nov 2020 08:01:18 -0800 From: Guenter Roeck To: Wang Wensheng Cc: wim@linux-watchdog.org, linux-watchdog@vger.kernel.org, linux-kernel@vger.kernel.org, rui.xiang@huawei.com Subject: Re: [PATCH -next v4] watchdog: Fix potential dereferencing of null pointer Message-ID: <20201110160118.GA17288@roeck-us.net> References: <20201109130512.28121-1-wangwensheng4@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201109130512.28121-1-wangwensheng4@huawei.com> User-Agent: Mutt/1.9.4 (2018-02-28) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 09, 2020 at 01:05:12PM +0000, Wang Wensheng wrote: > A reboot notifier, which stops the WDT by calling the stop hook without > any check, would be registered when we set WDOG_STOP_ON_REBOOT flag. > > Howerer we allow the WDT driver to omit the stop hook since commit > "d0684c8a93549" ("watchdog: Make stop function optional") and provide > a module parameter for user that controls the WDOG_STOP_ON_REBOOT flag > in commit 9232c80659e94 ("watchdog: Add stop_on_reboot parameter to > control reboot policy"). Together that commits make user potential to > insert a watchdog driver that don't provide a stop hook but with the > stop_on_reboot parameter set, then dereferencing of null pointer occurs > on system reboot. > > Check the stop hook before registering the reboot notifier to fix the > issue. > > Fixes: d0684c8a9354 ("watchdog: Make stop function optional") > Signed-off-by: Wang Wensheng Reviewed-by: Guenter Roeck > --- > drivers/watchdog/watchdog_core.c | 22 +++++++++++++--------- > 1 file changed, 13 insertions(+), 9 deletions(-) > > diff --git a/drivers/watchdog/watchdog_core.c b/drivers/watchdog/watchdog_core.c > index 423844757812..0e9a99559609 100644 > --- a/drivers/watchdog/watchdog_core.c > +++ b/drivers/watchdog/watchdog_core.c > @@ -267,15 +267,19 @@ static int __watchdog_register_device(struct watchdog_device *wdd) > } > > if (test_bit(WDOG_STOP_ON_REBOOT, &wdd->status)) { > - wdd->reboot_nb.notifier_call = watchdog_reboot_notifier; > - > - ret = register_reboot_notifier(&wdd->reboot_nb); > - if (ret) { > - pr_err("watchdog%d: Cannot register reboot notifier (%d)\n", > - wdd->id, ret); > - watchdog_dev_unregister(wdd); > - ida_simple_remove(&watchdog_ida, id); > - return ret; > + if (!wdd->ops->stop) > + pr_warn("watchdog%d: stop_on_reboot not supported\n", wdd->id); > + else { > + wdd->reboot_nb.notifier_call = watchdog_reboot_notifier; > + > + ret = register_reboot_notifier(&wdd->reboot_nb); > + if (ret) { > + pr_err("watchdog%d: Cannot register reboot notifier (%d)\n", > + wdd->id, ret); > + watchdog_dev_unregister(wdd); > + ida_simple_remove(&watchdog_ida, id); > + return ret; > + } > } > } > > -- > 2.25.0 >