| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Mar 2022 15:29:10 +0200
From: Takashi Iwai <tiwai@...e.de>
To: Heikki Krogerus <heikki.krogerus@...ux.intel.com>
Cc: Won Chung <wonchung@...gle.com>, Jaroslav Kysela <perex@...ex.cz>,
Takashi Iwai <tiwai@...e.com>,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
Benson Leung <bleung@...omium.org>,
Prashant Malani <pmalani@...omium.org>,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH v2] sound/hda: Add NULL check to component match callback function
On Thu, 31 Mar 2022 11:45:47 +0200,
Takashi Iwai wrote:
>
> On Thu, 31 Mar 2022 11:34:38 +0200,
> Heikki Krogerus wrote:
> >
> > On Thu, Mar 31, 2022 at 11:28:20AM +0200, Takashi Iwai wrote:
> > > On Thu, 31 Mar 2022 11:25:43 +0200,
> > > Heikki Krogerus wrote:
> > > >
> > > > On Thu, Mar 31, 2022 at 11:12:55AM +0200, Takashi Iwai wrote:
> > > > > > > > - if (!strcmp(dev->driver->name, "i915") &&
> > > > > > > > + if (dev->driver && !strcmp(dev->driver->name, "i915") &&
> > > > > > >
> > > > > > > Can NULL dev->driver be really seen? I thought the components are
> > > > > > > added by the drivers, hence they ought to have the driver field set.
> > > > > > > But there can be corner cases I overlooked.
> > > > > > >
> > > > > > >
> > > > > > > thanks,
> > > > > > >
> > > > > > > Takashi
> > > > > >
> > > > > > Hi Takashi,
> > > > > >
> > > > > > When I try using component_add in a different driver (usb4 in my
> > > > > > case), I think dev->driver here is NULL because the i915 drivers do
> > > > > > not have their component master fully bound when this new component is
> > > > > > registered. When I test it, it seems to be causing a crash.
> > > > >
> > > > > Hm, from where component_add*() is called? Basically dev->driver must
> > > > > be already set before the corresponding driver gets bound at
> > > > > __driver_probe_deviec(). So, if the device is added to component from
> > > > > the corresponding driver's probe, dev->driver must be non-NULL.
> > > >
> > > > The code that declares a device as component does not have to be the
> > > > driver of that device.
> > > >
> > > > In our case the components are USB ports, and they are devices that
> > > > are actually never bind to any drivers: drivers/usb/core/port.c
> > >
> > > OK, that's what I wanted to know. It'd be helpful if it's more
> > > clearly mentioned in the commit log.
> >
> > Agree.
> >
> > > BTW, the same problem must be seen in MEI drivers, too.
> >
> > Wasn't there a patch for those too? I lost track...
>
> I don't know, I just checked the latest Linus tree.
>
> And, looking at the HD-audio code, I still wonder how NULL dev->driver
> can reach there. Is there any PCI device that is added to component
> without binding to a driver? We have dev_is_pci() check at the
> beginning, so non-PCI devices should bail out there...
Further reading on, I'm really confused. How data=NULL can be passed
to this function? The data argument is the value passed from the
component_match_add_typed() call in HD-audio driver, hence it must be
always the snd_hdac_bus object.
And, I guess the i915 string check can be omitted completely, at
least, for HD-audio driver. It already have a check of the parent of
the device and that should be enough.
Takashi
Powered by blists - more mailing lists