* [PATCH v1] usb: typec: altmodes/displayport: add null pointer check for sysfs nodes
@ 2024-01-30 19:26 RD Babiera
2024-01-30 23:08 ` Greg KH
0 siblings, 1 reply; 3+ messages in thread
From: RD Babiera @ 2024-01-30 19:26 UTC (permalink / raw)
To: rdbabiera, heikki.krogerus, gregkh
Cc: badhri, linux-usb, linux-kernel, stable
The DisplayPort driver's sysfs nodes may be present to the userspace before
typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that
a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in
hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns
NULL in those cases.
Verify dp drvdata is present in sysfs reads and writes before proceeding.
Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode")
Cc: stable@vger.kernel.org
Signed-off-by: RD Babiera <rdbabiera@google.com>
---
drivers/usb/typec/altmodes/displayport.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c
index 5a80776c7255..0423326219d8 100644
--- a/drivers/usb/typec/altmodes/displayport.c
+++ b/drivers/usb/typec/altmodes/displayport.c
@@ -518,6 +518,9 @@ configuration_store(struct device *dev, struct device_attribute *attr,
int con;
int ret = 0;
+ if (!dp)
+ return -ENODEV;
+
con = sysfs_match_string(configurations, buf);
if (con < 0)
return con;
@@ -563,6 +566,9 @@ static ssize_t configuration_show(struct device *dev,
u8 cur;
int i;
+ if (!dp)
+ return -ENODEV;
+
mutex_lock(&dp->lock);
cap = DP_CAP_CAPABILITY(dp->alt->vdo);
@@ -615,6 +621,9 @@ pin_assignment_store(struct device *dev, struct device_attribute *attr,
u32 conf;
int ret;
+ if (!dp)
+ return -ENODEV;
+
ret = sysfs_match_string(pin_assignments, buf);
if (ret < 0)
return ret;
@@ -666,6 +675,9 @@ static ssize_t pin_assignment_show(struct device *dev,
u8 cur;
int i;
+ if (!dp)
+ return -ENODEV;
+
mutex_lock(&dp->lock);
cur = get_count_order(DP_CONF_GET_PIN_ASSIGN(dp->data.conf));
@@ -698,6 +710,9 @@ static ssize_t hpd_show(struct device *dev, struct device_attribute *attr, char
{
struct dp_altmode *dp = dev_get_drvdata(dev);
+ if (!dp)
+ return -ENODEV;
+
return sysfs_emit(buf, "%d\n", dp->hpd);
}
static DEVICE_ATTR_RO(hpd);
base-commit: f1a27f081c1fa1eeebf38406e45f29636114470f
--
2.43.0.429.g432eaa2c6b-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH v1] usb: typec: altmodes/displayport: add null pointer check for sysfs nodes
2024-01-30 19:26 [PATCH v1] usb: typec: altmodes/displayport: add null pointer check for sysfs nodes RD Babiera
@ 2024-01-30 23:08 ` Greg KH
2024-02-26 22:54 ` RD Babiera
0 siblings, 1 reply; 3+ messages in thread
From: Greg KH @ 2024-01-30 23:08 UTC (permalink / raw)
To: RD Babiera; +Cc: heikki.krogerus, badhri, linux-usb, linux-kernel, stable
On Tue, Jan 30, 2024 at 07:26:39PM +0000, RD Babiera wrote:
> The DisplayPort driver's sysfs nodes may be present to the userspace before
> typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that
> a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in
> hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns
> NULL in those cases.
>
> Verify dp drvdata is present in sysfs reads and writes before proceeding.
Why not populate the sysfs nodes after the assigment happens? That's
the normal way to do this, otherwise your change looks odd because:
>
> Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode")
> Cc: stable@vger.kernel.org
> Signed-off-by: RD Babiera <rdbabiera@google.com>
> ---
> drivers/usb/typec/altmodes/displayport.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c
> index 5a80776c7255..0423326219d8 100644
> --- a/drivers/usb/typec/altmodes/displayport.c
> +++ b/drivers/usb/typec/altmodes/displayport.c
> @@ -518,6 +518,9 @@ configuration_store(struct device *dev, struct device_attribute *attr,
> int con;
> int ret = 0;
>
> + if (!dp)
> + return -ENODEV;
> +
> con = sysfs_match_string(configurations, buf);
there's nothing keeping dp from being an invalid pointer right after you
check it. Really that might not happen, but it's hard to tell that
here.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH v1] usb: typec: altmodes/displayport: add null pointer check for sysfs nodes
2024-01-30 23:08 ` Greg KH
@ 2024-02-26 22:54 ` RD Babiera
0 siblings, 0 replies; 3+ messages in thread
From: RD Babiera @ 2024-02-26 22:54 UTC (permalink / raw)
To: Greg KH; +Cc: heikki.krogerus, badhri, linux-usb, linux-kernel, stable
Sorry for the delay,
On Tue, Jan 30, 2024 at 3:08 PM Greg KH <gregkh@linuxfoundation.org> wrote:
> Why not populate the sysfs nodes after the assigment happens? That's
> the normal way to do this, otherwise your change looks odd because:
That works a lot better. I must've psyched myself out of touching the
current probe sequence and ended up overcomplicating it, sorry about that.
Thanks for the guidance,
RD
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-02-26 22:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-30 19:26 [PATCH v1] usb: typec: altmodes/displayport: add null pointer check for sysfs nodes RD Babiera
2024-01-30 23:08 ` Greg KH
2024-02-26 22:54 ` RD Babiera
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox