Re: [PATCH V2] ppdev: Add an error check in register_device

From: Christophe JAILLET
Date: Sun Apr 07 2024 - 06:23:02 EST


Le 07/04/2024 à 10:03, Huai-Yuan Liu a écrit :
In register_device, the return value of ida_simple_get is unchecked,
in witch ida_simple_get will use an invalid index value.

To address this issue, index should be checked after ida_simple_get. When
the index value is abnormal, a warning message should be printed, the port
should be dropped, and the value should be recorded, then jump to 'err'.

Fixes: 9a69645dde11 ("ppdev: fix registering same device name")
Signed-off-by: Huai-Yuan Liu <qq810974084@xxxxxxxxx>
---
V2:
* In patch V2, we found that parport_find_number implicitly calls
parport_get_port(). So when dealing with abnormal index values, we should
call parport_put_port() to throw away the reference to the port.
---
drivers/char/ppdev.c | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index 4c188e9e477c..ac5a93d39fbd 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -300,6 +300,13 @@ static int register_device(int minor, struct pp_struct *pp)
}
index = ida_simple_get(&ida_index, 0, 0, GFP_KERNEL);
+ if (index < 0) {
+ pr_warn("%s: failed to get index!\n", name);
+ parport_put_port(port);

Hi,

I think that a new label should be added, just before the 'err' label, and move this parport_put_port() call there, as well as the one just after parport_register_dev_model().

CJ

+ rc = index;
+ goto err;
+ }
+
memset(&ppdev_cb, 0, sizeof(ppdev_cb));
ppdev_cb.irq_func = pp_irq;
ppdev_cb.flags = (pp->flags & PP_EXCL) ? PARPORT_FLAG_EXCL : 0;