Re: [PATCH v2 6/7] pci: fix dyn_id add TOCTOU
From: Danilo Krummrich
Date: Tue Jun 30 2026 - 16:18:14 EST
On Tue Jun 30, 2026 at 1:09 PM CEST, Gary Guo wrote:
> +static int do_pci_add_dynid(struct pci_driver *drv, const struct pci_device_id *id, bool check_dup)
> +{
> + struct pci_dynid *dynid, *existing_dynid;
> +
> + dynid = kzalloc_obj(*dynid);
> + if (!dynid)
> + return -ENOMEM;
> +
> + dynid->id = *id;
> +
> + {
> + guard(spinlock)(&drv->dynids.lock);
> + if (check_dup) {
> + list_for_each_entry(existing_dynid, &drv->dynids.list, node) {
> + if (pci_match_one_id(&existing_dynid->id, id)) {
> + kfree(dynid);
> + return -EEXIST;
> + }
> + }
> + }
> + list_add_tail(&dynid->node, &drv->dynids.list);
> + }
This should use scoped_guard(spinlock, &drv->dynids.lock) instead.
> static const struct pci_device_id *do_pci_match_id(const struct pci_device_id *ids,
> - const struct pci_device_id *dev_id)
> + const struct pci_device_id *dev_id,
> + bool match_override_only)
Maybe something along the lines of include_override_only? At a quick glance
match_override_only could be read as "match override-only entries exclusively".