[PATCH V3] ppdev: Add an error check in register_device

From: Huai-Yuan Liu
Date: Sun Apr 07 2024 - 09:42:58 EST

Next message: syzbot: "Re: [syzbot] [usb?] [wireless?] WARNING in ar5523_cmd/usb_submit_urb"
Previous message: Vinod Koul: "Re: [PATCH V10 1/1] dmaengine: amd: qdma: Add AMD QDMA driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In register_device, the return value of ida_simple_get is unchecked,
in witch ida_simple_get will use an invalid index value.

To address this issue, index should be checked after ida_simple_get. When
the index value is abnormal, a warning message should be printed, the port
should be dropped, and the value should be recorded.

Fixes: 9a69645dde11 ("ppdev: fix registering same device name")
Signed-off-by: Huai-Yuan Liu <qq810974084@xxxxxxxxx>
---
V2:
* In patch V2, we found that parport_find_number implicitly calls
parport_get_port(). So when dealing with abnormal index values, we should
call parport_put_port() to throw away the reference to the port.
V3:
* In patch V3, we made some additional adjustments to the jump labels,
making the code more concise and readable.
Thanks to Christophe JAILLET for helpful suggestion.
---
drivers/char/ppdev.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index 4c188e9e477c..276db589b901 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -296,28 +296,36 @@ static int register_device(int minor, struct pp_struct *pp)
if (!port) {
pr_warn("%s: no associated port!\n", name);
rc = -ENXIO;
- goto err;
+ goto err_free_name;
}

index = ida_simple_get(&ida_index, 0, 0, GFP_KERNEL);
+ if (index < 0) {
+ pr_warn("%s: failed to get index!\n", name);
+ rc = index;
+ goto err_put_port;
+ }
+
memset(&ppdev_cb, 0, sizeof(ppdev_cb));
ppdev_cb.irq_func = pp_irq;
ppdev_cb.flags = (pp->flags & PP_EXCL) ? PARPORT_FLAG_EXCL : 0;
ppdev_cb.private = pp;
pdev = parport_register_dev_model(port, name, &ppdev_cb, index);
- parport_put_port(port);

if (!pdev) {
pr_warn("%s: failed to register device!\n", name);
rc = -ENXIO;
ida_simple_remove(&ida_index, index);
- goto err;
+ goto err_put_port;
}

pp->pdev = pdev;
pp->index = index;
dev_dbg(&pdev->dev, "registered pardevice\n");
-err:
+
+err_put_port:
+ parport_put_port(port);
+err_free_name:
kfree(name);
return rc;
}
--
2.34.1

Next message: syzbot: "Re: [syzbot] [usb?] [wireless?] WARNING in ar5523_cmd/usb_submit_urb"
Previous message: Vinod Koul: "Re: [PATCH V10 1/1] dmaengine: amd: qdma: Add AMD QDMA driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]