Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752885AbdIURYO (ORCPT <rfc822;w@1wt.eu>);
        Thu, 21 Sep 2017 13:24:14 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:55820 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751957AbdIURJ7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 21 Sep 2017 13:09:59 -0400
Date: Thu, 21 Sep 2017 18:09:55 +0100
From: Al Viro <viro@ZenIV.linux.org.uk>
To: arvind <arvind.yadav.cs@gmail.com>
Cc: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] debugfs: Add check for module parameter name
Message-ID: <20170921170955.GJ32076@ZenIV.linux.org.uk>
References: <8cf113648f45ccbf304735fcc4487adecd5b7082.1505996056.git.arvind.yadav.cs@gmail.com>
 <20170921124438.GH32076@ZenIV.linux.org.uk>
 <59C3ED32.1070807@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <59C3ED32.1070807@gmail.com>
User-Agent: Mutt/1.8.3 (2017-05-23)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1747
Lines: 43

On Thu, Sep 21, 2017 at 10:17:46PM +0530, arvind wrote:
> Hi,
> 
> On Thursday 21 September 2017 06:14 PM, Al Viro wrote:
> > On Thu, Sep 21, 2017 at 05:46:54PM +0530, Arvind Yadav wrote:
> > > Here, start_creating() is calling by debugfs_create_dir()
> > > and debugfs_create_automount(). driver can pass name as NULL in
> > > debugfs_create_dir and debugfs_create_automount. So we need to
> > > add check for 'name'.
> > Huh?  "Driver can pass any kind of crap pointer when calling this
> > function, so let's check if that crap happens to be NULL and bail
> > out in that particular case"?  Or am I misreading that?
> Your are correct.
> > 
> > Do you have any in-tree examples, or is that about some out-of-tree
> > code that needs to be saved from itself?
> > 
> Please check "drivers/base/power/opp/debugfs.c"
> 
> static bool opp_debug_create_supplies(struct dev_pm_opp *opp,
>                                       struct opp_table *opp_table,
>                                       struct dentry *pdentry)
> {
>         struct dentry *d;
>         int i;
>         char *name;
> 
>         for (i = 0; i < opp_table->regulator_count; i++) {
>                 name = kasprintf(GFP_KERNEL, "supply-%d", i);
> 
>                 /* Create per-opp directory */
>                 d = debugfs_create_dir(name, pdentry);
> 
>                 kfree(name);

Umm...  Looks like crap, to be honest.  And not just that function -
if anything in there fails to create a file, the thing leaks all
kinds of garbage.

AFAICS, that code has never been tested (and probably not thought
through in the first place) in case of allocation failures.  So
much that an oops might be a mercy - at least then somebody might
consider getting it into sane shape...