Re: [PATCH 1/5] debugfs: Prevent NULL dereference reading from string property

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Richard Fitzgerald <rf@opensource.cirrus.com>
Cc: rafael@kernel.org, linux-kernel@vger.kernel.org,
	patches@opensource.cirrus.com
Subject: Re: [PATCH 1/5] debugfs: Prevent NULL dereference reading from string property
Date: Tue, 16 May 2023 19:43:49 +0200	[thread overview]
Message-ID: <2023051642-tiling-manlike-7536@gregkh> (raw)
In-Reply-To: <705c4511-bfba-ea46-1aad-b3783c1b21ae@opensource.cirrus.com>

On Tue, May 16, 2023 at 06:29:52PM +0100, Richard Fitzgerald wrote:
> On 16/5/23 17:33, Greg KH wrote:
> > On Tue, May 16, 2023 at 05:07:49PM +0100, Richard Fitzgerald wrote:
> > > Check in debugfs_read_file_str() if the string pointer is NULL.
> > > 
> > > It is perfectly reasonable that a driver may wish to export a string
> > > to debugfs that can have the value NULL to indicate empty/unused/ignore.
> > 
> > Does any in-kernel driver do this today?
> 
> I don't know. The history here is that I was using debugfs_create_str()
> to add a debugfs to a driver and made these improvements along the way.
> Ultimately I had a reason to use a custom reader implementation.
> But as I'd already written these patches I thought I'd send them.
> 
> > 
> > If not, why not fix up the driver instead?
> > 
> 
> Well... could do. Though it seems a bit odd to me that a driver
> design should be forced by the debugfs API, instead of the debugfs API
> fitting normal code design. It's pretty standard and idiomatic for code
> to use if (!str) { /* bail */ } type logic, so why shouldn't the debugfs
> API handle that?
> 
> > > 
> > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
> > > ---
> > >   fs/debugfs/file.c | 3 +++
> > >   1 file changed, 3 insertions(+)
> > > 
> > > diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
> > > index 1f971c880dde..2c085ab4e800 100644
> > > --- a/fs/debugfs/file.c
> > > +++ b/fs/debugfs/file.c
> > > @@ -878,6 +878,9 @@ ssize_t debugfs_read_file_str(struct file *file, char __user *user_buf,
> > >   		return ret;
> > >   	str = *(char **)file->private_data;
> > > +	if (!str)
> > > +		return simple_read_from_buffer(user_buf, count, ppos, "\n", 1);
> > 
> > Why not print "(NULL)"?
> > 
> 
> Again, could do. My thought here is that a debugfs can be piped into
> tools and having to insert a catch for "(NULL)" in the pipeline is a
> nuisance. This is a bit different from a dmesg print, which is less
> likely to be used this way or to guarantee machine-parsing.
> However, I don't mind changing to "(NULL)" if you prefer.

If a driver wants an "empty" string, they should provide an empty
string.  We don't do empty values for any other type of pointer, right?

Actually we really should just bail out with an error if this is NULL,
let's not paper over bad drivers like this.

thanks,

greg k-h

next prev parent reply	other threads:[~2023-05-16 17:43 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-16 16:07 [PATCH 0/5] debugfs: Fixes and improvements to debugfs_create_str() Richard Fitzgerald
2023-05-16 16:07 ` [PATCH 1/5] debugfs: Prevent NULL dereference reading from string property Richard Fitzgerald
2023-05-16 16:33   ` Greg KH
2023-05-16 17:29     ` Richard Fitzgerald
2023-05-16 17:43       ` Greg KH [this message]
2023-05-16 18:04         ` Richard Fitzgerald
2023-05-17  6:19           ` Greg KH
2023-05-16 17:14   ` Richard Fitzgerald
2023-05-16 16:07 ` [PATCH 2/5] debugfs: Remove kerneldoc that says debugfs_create_str() returns a value Richard Fitzgerald
2023-05-16 16:07 ` [PATCH 3/5] debugfs: Update debugfs_create_str() kerneldoc to warn about pointer race Richard Fitzgerald
2023-05-16 16:35   ` Greg KH
2023-05-16 17:50     ` Richard Fitzgerald
2023-05-17  6:18       ` Greg KH
2023-05-16 16:07 ` [PATCH 4/5] debugfs: Move debugfs_create_str() export to correct location Richard Fitzgerald
2023-05-16 16:07 ` [PATCH 5/5] debugfs: Add debugfs_create_const_str() Richard Fitzgerald
2023-05-16 16:37   ` Greg KH
2023-05-16 16:37   ` Greg KH
2023-05-16 16:38   ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2023051642-tiling-manlike-7536@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=patches@opensource.cirrus.com \
    --cc=rafael@kernel.org \
    --cc=rf@opensource.cirrus.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox