Re: [PATCH 5/7] misc: reject duplicate names in misc_register()

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Unchecked strcmp() introduces a NULL pointer dereference kernel panic if a miscdevice is registered with a NULL name.
--

commit 45aa5c1645ea4c93820557b37841fd395426656c
Author: Jia He <justin.he@arm.com>

misc: reject duplicate names in misc_register()

This commit introduces a check in misc_register() to prevent registering
duplicate miscdevice names, returning -EEXIST early. It aims to avoid
triggering a backtrace from sysfs_create_dir_ns() when a duplicate name is
encountered.

> diff --git a/drivers/char/misc.c b/drivers/char/misc.c
> --- a/drivers/char/misc.c
> +++ b/drivers/char/misc.c
[ ... ]
> +	{
> +		struct miscdevice *c;
> +
> +		list_for_each_entry(c, &misc_list, list) {
> +			if (strcmp(c->name, misc->name) == 0) {

Could this lead to a NULL pointer dereference if a caller passes a miscdevice
with a NULL name? For instance, if a driver fails to allocate a name string
via kasprintf() and passes NULL without checking.

Before this change, the subsystem handled NULL names somewhat gracefully.
device_create_with_groups() safely formats NULL pointers as "(null)" via %s,
and misc_seq_show() explicitly protects against them when reading /proc/misc.

Additionally, if a device with a NULL name is successfully registered (such as
being the first device when the list is empty), would subsequent calls to
misc_register() by other drivers crash when this loop evaluates the NULL
c->name?

> +				misc_minor_free(misc->minor);
> +				if (is_dynamic)
> +					misc->minor = MISC_DYNAMIC_MINOR;
> +				err = -EEXIST;
> +				goto out;
> +			}
> +		}
> +	}

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260514050455.2954509-1-justin.he@arm.com?part=5