From 96ad3e15b86e2504f3c17fd6a10be48e5ff81cb1 Mon Sep 17 00:00:00 2001 From: Li Zhijian Date: Mon, 18 Mar 2024 14:05:32 +0800 Subject: [PATCH] Revert "firewire: Kill unnecessary buf check in device_attribute.show" This reverts commit 4a2b06ca33763b363038d333274e212db6ff0de1. The previous fix didn't consider callers from other than sysfs. Revert it to fix the NULL dereference kernel: ? sysfs_emit+0xb5/0xc0 kernel: show_immediate+0x13f/0x1d0 [firewire_core] kernel: init_fw_attribute_group+0x81/0x150 [firewire_core] kernel: create_units+0x119/0x160 [firewire_core] kernel: fw_device_init+0x1a9/0x330 [firewire_core] kernel: fw_device_workfn+0x12/0x20 [firewire_core] kernel: process_one_work+0x16f/0x350 kernel: worker_thread+0x306/0x440 kernel: ? __pfx_worker_thread+0x10/0x10 kernel: kthread+0xf2/0x120 kernel: ? __pfx_kthread+0x10/0x10 kernel: ret_from_fork+0x47/0x70 kernel: ? __pfx_kthread+0x10/0x10 kernel: ret_from_fork_asm+0x1b/0x30 kernel: kernel: ---[ end trace 0000000000000000 ]--- kernel: ------------[ cut here ]------------ Fixes: 4a2b06ca3376 ("firewire: Kill unnecessary buf check in device_attribute.show") Reported-by: Takashi Sakamoto Signed-off-by: Li Zhijian --- drivers/firewire/core-device.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c index c0976f6268d3..f208a02d0ebf 100644 --- a/drivers/firewire/core-device.c +++ b/drivers/firewire/core-device.c @@ -322,7 +322,7 @@ static ssize_t show_immediate(struct device *dev, if (value < 0) return -ENOENT; - return sysfs_emit(buf, "0x%06x\n", value); + return buf ? sysfs_emit(buf, "0x%06x\n", value) : 0; } #define IMMEDIATE_ATTR(name, key) \ @@ -334,6 +334,8 @@ static ssize_t show_text_leaf(struct device *dev, struct config_rom_attribute *attr = container_of(dattr, struct config_rom_attribute, attr); const u32 *directories[] = {NULL, NULL}; + size_t bufsize; + char dummy_buf[2]; int i, ret = -ENOENT; down_read(&fw_device_rwsem); @@ -355,9 +357,15 @@ static ssize_t show_text_leaf(struct device *dev, } } + if (buf) { + bufsize = PAGE_SIZE - 1; + } else { + buf = dummy_buf; + bufsize = 1; + } + for (i = 0; i < ARRAY_SIZE(directories) && !!directories[i]; ++i) { - int result = fw_csr_string(directories[i], attr->key, buf, - PAGE_SIZE - 1); + int result = fw_csr_string(directories[i], attr->key, buf, bufsize); // Detected. if (result >= 0) { ret = result; @@ -366,7 +374,7 @@ static ssize_t show_text_leaf(struct device *dev, // in the root directory follows to the directory entry for vendor ID // instead of the immediate value for vendor ID. result = fw_csr_string(directories[i], CSR_DIRECTORY | attr->key, buf, - PAGE_SIZE - 1); + bufsize); if (result >= 0) ret = result; } -- 2.29.2