Re: [RFT PATCH v2 2/2] iio: Fix unsafe buffer attributes

From: Matti Vaittinen
Date: Sun Oct 02 2022 - 10:26:06 EST


On 10/2/22 16:57, Jonathan Cameron wrote:
On Sat, 1 Oct 2022 10:44:23 +0300
Matti Vaittinen <mazziesaccount@xxxxxxxxx> wrote:

The iio_triggered_buffer_setup_ext() was changed by
commit 15097c7a1adc ("iio: buffer: wrap all buffer attributes into iio_dev_attr")
to silently expect that all attributes given in buffer_attrs array are
device-attributes. This expectation was not forced by the API - and some
drivers did register attributes created by IIO_CONST_ATTR().

The added attribute "wrapping" does not copy the pointer to stored
string constant and when the sysfs file is read the kernel will access
to invalid location.

Signed-off-by: Matti Vaittinen <mazziesaccount@xxxxxxxxx>
Fixes: 15097c7a1adc ("iio: buffer: wrap all buffer attributes into iio_dev_attr")

Hi Matti,

This feels like we are doing too much in one go.
I would start with fixes for each individual driver, then once those are in we
come around again and do the refactor.

So for the first patch set (one per driver) just siwtch to yor new
dev_attr but still use a struct attribute * array.
Second series then does the refactor so we don't introduce any new instances
in future. More churn but the code to backport is more tightly confined.

Agreed. Besides, backporting the fix to stable will be much easier that way. I'll split this for v3. Thanks for the input!


Yours,
--Matti

--
Matti Vaittinen
Linux kernel developer at ROHM Semiconductors
Oulu Finland

~~ When things go utterly wrong vim users can always type :help! ~~