Re: [PATCH v3 1/9] driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()

From: Zijun Hu
Date: Tue Dec 17 2024 - 09:12:34 EST

Next message: Linus Walleij: "Re: [PATCH] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking"
Previous message: Simona Vetter: "Re: [PATCH v3 0/4] rust: extend `module!` macro with integer parameter support"
In reply to: Jonathan Cameron: "Re: [PATCH v3 1/9] driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2024/12/16 23:36, Jonathan Cameron wrote:
>> Actually, all callers of these APIs have such usage pattern in kernel tree.
>> Fix by:
>> - Initialize output parameter @iter by memset() in class_dev_iter_init()
>> and give callers prompt by pr_crit() for the error.
>> - Check if @iter is valid in class_dev_iter_next().
>>
>> Fixes: 7b884b7f24b4 ("driver core: class.c: convert to only use class_to_subsys")
>> Signed-off-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
> This looks fine in general, but over to the core device model folk for which
> element they think should be used as the sentinel and whether zeroing the
> whole thing makes sense or just the one being used as a flag, or even setting
> it to an error pointer.

thank you Jonathan for code review.

i actually ever thought about below change and finally dropped it.

- if (!sp)
+ if (!sp) {
+ iter->sp = NULL;
return;
+ }

For such APIs, they return void, and does not any output parameter to
feedback operation results.
it may be good practice to always reset its output parameters firstly.

Next message: Linus Walleij: "Re: [PATCH] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking"
Previous message: Simona Vetter: "Re: [PATCH v3 0/4] rust: extend `module!` macro with integer parameter support"
In reply to: Jonathan Cameron: "Re: [PATCH v3 1/9] driver core: class: Fix wild pointer dereferences in API class_dev_iter_next()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]