Re: [GIT PULL] Driver core changes for 7.0-rc1

Next message: Danilo Krummrich: "Re: [GIT PULL] Driver core changes for 7.0-rc1"
Previous message: Miguel Ojeda: "Re: [PATCH 6.12 000/385] 6.12.75-rc1 review"
In reply to: Danilo Krummrich: "Re: [GIT PULL] Driver core changes for 7.0-rc1"
Next in thread: Danilo Krummrich: "Re: [GIT PULL] Driver core changes for 7.0-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Linus Torvalds

Date: Sun Mar 01 2026 - 13:17:49 EST

On Sun, 1 Mar 2026 at 05:04, Danilo Krummrich <dakr@xxxxxxxxxx> wrote:
>
> It happens that quite a few busses rely on this, and there is a possible race
> condition that can lead to UAF bugs in the context of driver_override.
>
> I think it is rather unlikely to happen though, as it would require a user to
> change a device's driver_override field through sysfs while the device is
> matched with a driver.
>
> In any case, this can easily be solved with a separate lock.

Yes, if it's literally just about driver_override, please just fix the locking.

Use some really simple local spinlock lock to just copy the string
into a local copy when accessing it - it's not like it's even some
arbitrarily long string afaik (how long can driver names be?)

Don't use a huge sleeping lock that has other semantics for something
trivial like this.

(Or is there some other driver_override thing I'm not aware of?)

Linus