In register_device, the return value of ida_simple_get is unchecked,
in witch ida_simple_get will use an invalid index value.
To address this issue, index should be checked after ida_simple_get. When
the index value is abnormal, a warning message should be printed, the port
should be dropped, and the value should be recorded, then jump to 'err'.
Fixes: 9a69645dde11 ("ppdev: fix registering same device name")
Signed-off-by: Huai-Yuan Liu <[email protected]>
---
V2:
* In patch V2, we found that parport_find_number implicitly calls
parport_get_port(). So when dealing with abnormal index values, we should
call parport_put_port() to throw away the reference to the port.
---
drivers/char/ppdev.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
index 4c188e9e477c..ac5a93d39fbd 100644
--- a/drivers/char/ppdev.c
+++ b/drivers/char/ppdev.c
@@ -300,6 +300,13 @@ static int register_device(int minor, struct pp_struct *pp)
}
index = ida_simple_get(&ida_index, 0, 0, GFP_KERNEL);
+ if (index < 0) {
+ pr_warn("%s: failed to get index!\n", name);
+ parport_put_port(port);
+ rc = index;
+ goto err;
+ }
+
memset(&ppdev_cb, 0, sizeof(ppdev_cb));
ppdev_cb.irq_func = pp_irq;
ppdev_cb.flags = (pp->flags & PP_EXCL) ? PARPORT_FLAG_EXCL : 0;
--
2.34.1
Le 07/04/2024 à 10:03, Huai-Yuan Liu a écrit :
> In register_device, the return value of ida_simple_get is unchecked,
> in witch ida_simple_get will use an invalid index value.
>
> To address this issue, index should be checked after ida_simple_get. When
> the index value is abnormal, a warning message should be printed, the port
> should be dropped, and the value should be recorded, then jump to 'err'.
>
> Fixes: 9a69645dde11 ("ppdev: fix registering same device name")
> Signed-off-by: Huai-Yuan Liu <[email protected]>
> ---
> V2:
> * In patch V2, we found that parport_find_number implicitly calls
> parport_get_port(). So when dealing with abnormal index values, we should
> call parport_put_port() to throw away the reference to the port.
> ---
> drivers/char/ppdev.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
> index 4c188e9e477c..ac5a93d39fbd 100644
> --- a/drivers/char/ppdev.c
> +++ b/drivers/char/ppdev.c
> @@ -300,6 +300,13 @@ static int register_device(int minor, struct pp_struct *pp)
> }
>
> index = ida_simple_get(&ida_index, 0, 0, GFP_KERNEL);
> + if (index < 0) {
> + pr_warn("%s: failed to get index!\n", name);
> + parport_put_port(port);
Hi,
I think that a new label should be added, just before the 'err' label,
and move this parport_put_port() call there, as well as the one just
after parport_register_dev_model().
CJ
> + rc = index;
> + goto err;
> + }
> +
> memset(&ppdev_cb, 0, sizeof(ppdev_cb));
> ppdev_cb.irq_func = pp_irq;
> ppdev_cb.flags = (pp->flags & PP_EXCL) ? PARPORT_FLAG_EXCL : 0;
Hi,
Thanks for CJ's suggestion. I have modified and sent the
[PATCH V3] email.
Best regards,
Liu.