diff options
| author | Li Zhijian <lizhijian@fujitsu.com> | 2024-03-18 14:05:32 +0800 |
|---|---|---|
| committer | Takashi Sakamoto <o-takashi@sakamocchi.jp> | 2024-03-18 18:10:44 +0900 |
| commit | 946593d1555921720fa674432e998a1b5931ddac (patch) | |
| tree | 26f5535e1fac02e2dfdd93cad3a212d0ebd0e69c | |
| parent | 4438a810f3962a65d1d7259ee4195853a4d21a00 (diff) | |
| download | linux-946593d1555921720fa674432e998a1b5931ddac.tar.gz | |
Revert "firewire: Kill unnecessary buf check in device_attribute.show"
This reverts commit 4a2b06ca33763b363038d333274e212db6ff0de1.
The previous fix didn't consider callers from other than sysfs. Revert
it to fix the NULL dereference
kernel: ? sysfs_emit+0xb5/0xc0
kernel: show_immediate+0x13f/0x1d0 [firewire_core]
kernel: init_fw_attribute_group+0x81/0x150 [firewire_core]
kernel: create_units+0x119/0x160 [firewire_core]
kernel: fw_device_init+0x1a9/0x330 [firewire_core]
kernel: fw_device_workfn+0x12/0x20 [firewire_core]
kernel: process_one_work+0x16f/0x350
kernel: worker_thread+0x306/0x440
kernel: ? __pfx_worker_thread+0x10/0x10
kernel: kthread+0xf2/0x120
kernel: ? __pfx_kthread+0x10/0x10
kernel: ret_from_fork+0x47/0x70
kernel: ? __pfx_kthread+0x10/0x10
kernel: ret_from_fork_asm+0x1b/0x30
kernel: </TASK>
kernel: ---[ end trace 0000000000000000 ]---
kernel: ------------[ cut here ]------------
Fixes: 4a2b06ca3376 ("firewire: Kill unnecessary buf check in device_attribute.show")
Reported-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Link: https://lore.kernel.org/lkml/625470f3-b196-43f7-9844-fa1cb6da99f8@fujitsu.com/
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
| -rw-r--r-- | drivers/firewire/core-device.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c index c0976f6268d329..f208a02d0ebf71 100644 --- a/drivers/firewire/core-device.c +++ b/drivers/firewire/core-device.c @@ -322,7 +322,7 @@ static ssize_t show_immediate(struct device *dev, if (value < 0) return -ENOENT; - return sysfs_emit(buf, "0x%06x\n", value); + return buf ? sysfs_emit(buf, "0x%06x\n", value) : 0; } #define IMMEDIATE_ATTR(name, key) \ @@ -334,6 +334,8 @@ static ssize_t show_text_leaf(struct device *dev, struct config_rom_attribute *attr = container_of(dattr, struct config_rom_attribute, attr); const u32 *directories[] = {NULL, NULL}; + size_t bufsize; + char dummy_buf[2]; int i, ret = -ENOENT; down_read(&fw_device_rwsem); @@ -355,9 +357,15 @@ static ssize_t show_text_leaf(struct device *dev, } } + if (buf) { + bufsize = PAGE_SIZE - 1; + } else { + buf = dummy_buf; + bufsize = 1; + } + for (i = 0; i < ARRAY_SIZE(directories) && !!directories[i]; ++i) { - int result = fw_csr_string(directories[i], attr->key, buf, - PAGE_SIZE - 1); + int result = fw_csr_string(directories[i], attr->key, buf, bufsize); // Detected. if (result >= 0) { ret = result; @@ -366,7 +374,7 @@ static ssize_t show_text_leaf(struct device *dev, // in the root directory follows to the directory entry for vendor ID // instead of the immediate value for vendor ID. result = fw_csr_string(directories[i], CSR_DIRECTORY | attr->key, buf, - PAGE_SIZE - 1); + bufsize); if (result >= 0) ret = result; } |