lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20241101170833.GB1807686@google.com>
Date: Fri, 1 Nov 2024 17:08:33 +0000
From: Lee Jones <lee@...nel.org>
To: Jacek Anaszewski <jacek.anaszewski@...il.com>
Cc: Mukesh Ojha <quic_mojha@...cinc.com>, Pavel Machek <pavel@....cz>,
	linux-leds@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] leds: class: Protect brightness_show() with
 led_cdev->led_access mutex

On Sun, 27 Oct 2024, Jacek Anaszewski wrote:

> Hi Mukesh,
> 
> On 10/25/24 19:11, Mukesh Ojha wrote:
> > There is NULL pointer issue observed if from Process A where hid device
> > being added which results in adding a led_cdev addition and later a
> > another call to access of led_cdev attribute from Process B can result
> > in NULL pointer issue.
> > 
> > Use mutex led_cdev->led_access to protect access to led->cdev and its
> > attribute inside brightness_show() and max_brightness_show() and also
> > update the comment for mutex that it should be used to protect the led
> > class device fields.

[...]

> > Signed-off-by: Mukesh Ojha <quic_mojha@...cinc.com>
> > ---
> > Changes in v2:
> >   - Updated the comment for led_access mutex lock.
> >   - Also added mutex protection for max_brightness_show().
> > 
> >   drivers/leds/led-class.c | 14 +++++++++++---
> >   include/linux/leds.h     |  2 +-
> >   2 files changed, 12 insertions(+), 4 deletions(-)
> > 
> > diff --git a/drivers/leds/led-class.c b/drivers/leds/led-class.c
> > index 06b97fd49ad9..f69f4e928d61 100644
> > --- a/drivers/leds/led-class.c
> > +++ b/drivers/leds/led-class.c
> > @@ -29,11 +29,14 @@ static ssize_t brightness_show(struct device *dev,
> >   		struct device_attribute *attr, char *buf)
> >   {
> >   	struct led_classdev *led_cdev = dev_get_drvdata(dev);
> > +	unsigned int brightness;
> > -	/* no lock needed for this */
> > +	mutex_lock(&led_cdev->led_access);
> >   	led_update_brightness(led_cdev);
> > +	brightness = led_cdev->brightness;
> > +	mutex_unlock(&led_cdev->led_access);
> > -	return sprintf(buf, "%u\n", led_cdev->brightness);
> > +	return sprintf(buf, "%u\n", brightness);
> >   }
> >   static ssize_t brightness_store(struct device *dev,
> > @@ -70,8 +73,13 @@ static ssize_t max_brightness_show(struct device *dev,
> >   		struct device_attribute *attr, char *buf)
> >   {
> >   	struct led_classdev *led_cdev = dev_get_drvdata(dev);
> > +	unsigned int max_brightness;
> > +
> > +	mutex_lock(&led_cdev->led_access);
> > +	max_brightness = led_cdev->max_brightness;
> > +	mutex_unlock(&led_cdev->led_access);
> > -	return sprintf(buf, "%u\n", led_cdev->max_brightness);
> > +	return sprintf(buf, "%u\n", max_brightness);
> >   }
> >   static DEVICE_ATTR_RO(max_brightness);
> > diff --git a/include/linux/leds.h b/include/linux/leds.h
> > index e5968c3ed4ae..3524634fcc47 100644
> > --- a/include/linux/leds.h
> > +++ b/include/linux/leds.h
> > @@ -238,7 +238,7 @@ struct led_classdev {
> >   	struct kernfs_node	*brightness_hw_changed_kn;
> >   #endif
> > -	/* Ensures consistent access to the LED Flash Class device */
> > +	/* Ensures consistent access to the LED Class device */
> 
> Nit: It was improper in the original comment as well:
> 
> s/Class/class/

Some things can't be unseen.  Please submit v3.

-- 
Lee Jones [李琼斯]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ