Re: [PATCH] char: misc: init list head only when needed

From: Greg Kroah-Hartman
Date: Sat Sep 04 2021 - 02:32:22 EST


On Mon, Aug 16, 2021 at 06:12:32PM +0800, Jiazi Li wrote:
> If a module successfully registers a misc device.
> Then, due to some bugs, use same address register misc device
> again, init list head will corrupt misc_list, resulting in oops
> when using misc_list.

Then fix those bugs that try to register the misc device more than once?

Does that happen in any in-kernel drivers or is this just a failure of
external drivers that are not submitted to the kernel tree?

> In this scenario, do not init list head, if registration is
> successful, init list head is also not required.
>
> Signed-off-by: Jiazi Li <lijiazi@xxxxxxxxxx>
> ---
> drivers/char/misc.c | 19 ++++++++++++++-----
> 1 file changed, 14 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/char/misc.c b/drivers/char/misc.c
> index ca5141e..2451640 100644
> --- a/drivers/char/misc.c
> +++ b/drivers/char/misc.c
> @@ -176,7 +176,6 @@ int misc_register(struct miscdevice *misc)
> int err = 0;
> bool is_dynamic = (misc->minor == MISC_DYNAMIC_MINOR);
>
> - INIT_LIST_HEAD(&misc->list);
>
> mutex_lock(&misc_mtx);
>
> @@ -185,7 +184,7 @@ int misc_register(struct miscdevice *misc)
>
> if (i >= DYNAMIC_MINORS) {
> err = -EBUSY;
> - goto out;
> + goto err2;
> }
> misc->minor = DYNAMIC_MINORS - i - 1;
> set_bit(i, misc_minors);
> @@ -195,7 +194,13 @@ int misc_register(struct miscdevice *misc)
> list_for_each_entry(c, &misc_list, list) {
> if (c->minor == misc->minor) {
> err = -EBUSY;
> - goto out;
> + /*
> + * if module use same address double register,
> + * init list will corrupt misc_list

I do not understand the text here at all, sorry.

thanks,

greg k-h