Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2621630pxb; Sun, 17 Oct 2021 20:45:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx73UH0sfIy6ZWNVsMrdfLE3HEfD3FDi9txT2NBv8sH98vSmFRg0fHdjVSHpiC4bj8wwx4/ X-Received: by 2002:a63:371b:: with SMTP id e27mr6346720pga.94.1634528754057; Sun, 17 Oct 2021 20:45:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634528754; cv=none; d=google.com; s=arc-20160816; b=hSF3bcpBKsVoDEwO5DQ8A5rqlSeW+IIsGR+Wx5GlNDPy2yI1N1pGKuep1KgwAL7Yyz R6tDfg2kqy3tuLK4SxMnTB67g0lwDQzpKt5H2qap9Eu7bzaB/+wg8veIlqTf1QPHYOqx Hui0ODT8T4gNdmx8qTbGmHOPmOMFyS1+I7oaLj+Pvoo4Y8ygM1Qdt+TzbcjYv2qKiT6g /pFUS8g4LC90eInrtLcTr3Oya1zI7Z4X2oHjK3nIK63LI3NqNP3ucYL4RGQU2YRazTw7 gS4tOWLII7kvBbLNyf3+CttKgGZEtyk5aRTjS4ezaU6kI7qOIacoIBzgXPzXzVrB/frM k+ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=5TtOninqbce4TwFOvW02GxnM6HPk1H+DLMzQ7PCVu70=; b=hvdcKnBA2rMBaNr4hWSo5r50dTMrgo9RLPDknoxuk3cgXw6+Ae1pXya/WZowXjCaCo 3bPqxS69GAtjuqJ3PdxSq+eSdC9L25M7HXjHRfQEoTT6O889wCSZnQhu1w02j0beTKZa jJ+xrPyIPQjuGoiBUbbp/FKM6krgHOLCkbodXh7H5yWxCHrMn79y5aK1QphCuDTz3qt0 5wzdrC7xK7a9CkfMkysRPg/EjACynQK3HSgnFQ5+IO8aLUbq58onrrA2Ln/HjKnyehhd iV0My8j2ujLmwBvuX6ihr7D6ohtxNxS2FXqFiYhciv3daWmCXPAVwuMN6RGwkLpQZmLe awxA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x31si17719660pga.635.2021.10.17.20.45.42; Sun, 17 Oct 2021 20:45:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343748AbhJQNrC (ORCPT + 98 others); Sun, 17 Oct 2021 09:47:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:53412 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237530AbhJQNrB (ORCPT ); Sun, 17 Oct 2021 09:47:01 -0400 Received: from jic23-huawei (cpc108967-cmbg20-2-0-cust86.5-4.cable.virginm.net [81.101.6.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 51A3A60FD8; Sun, 17 Oct 2021 13:44:50 +0000 (UTC) Date: Sun, 17 Oct 2021 14:49:03 +0100 From: Jonathan Cameron To: Wang Wensheng Cc: , , , , Subject: Re: [PATCH -next] iio: buffer: Check the return value of kstrdup_const() Message-ID: <20211017144903.59ee0f59@jic23-huawei> In-Reply-To: <20211011125846.66553-1-wangwensheng4@huawei.com> References: <20211011125846.66553-1-wangwensheng4@huawei.com> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 11 Oct 2021 12:58:46 +0000 Wang Wensheng wrote: > We should check the duplication of attr.name properly in > iio_buffer_wrap_attr() or a null-pointer-dereference would > occur on destroying the related sysfs file. > This issue is found by fault-injection. > > BUG: kernel NULL pointer dereference, address: 0000000000000000 > PGD 0 P4D 0 > Oops: 0000 [#1] SMP PTI > RIP: 0010:strlen+0x0/0x20 > Call Trace: > kernfs_name_hash+0x1c/0xb0 > kernfs_find_ns+0xc6/0x160 > kernfs_remove_by_name_ns+0x5c/0xb0 > remove_files.isra.1+0x42/0x90 > internal_create_group+0x42f/0x460 > internal_create_groups+0x49/0xc0 > device_add+0xb5b/0xbe0 > ? kobject_get+0x90/0xa0 > cdev_device_add+0x2b/0x90 > __iio_device_register+0xa56/0xb40 > > Fixes: 15097c7a1adc ("iio: buffer: wrap all buffer attributes into iio_dev_attr") > Reported-by: Hulk Robot > Signed-off-by: Wang Wensheng This version seems to be a duplicate with the version Yang Yingliang sent a few days later, but that version has the free of the iio_attr which is missing here. Thanks, Jonathan > --- > drivers/iio/industrialio-buffer.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/iio/industrialio-buffer.c b/drivers/iio/industrialio-buffer.c > index c648e9553edd..f4011c477bac 100644 > --- a/drivers/iio/industrialio-buffer.c > +++ b/drivers/iio/industrialio-buffer.c > @@ -1312,6 +1312,8 @@ static struct attribute *iio_buffer_wrap_attr(struct iio_buffer *buffer, > iio_attr->buffer = buffer; > memcpy(&iio_attr->dev_attr, dattr, sizeof(iio_attr->dev_attr)); > iio_attr->dev_attr.attr.name = kstrdup_const(attr->name, GFP_KERNEL); > + if (!iio_attr->dev_attr.attr.name) > + return NULL; > sysfs_attr_init(&iio_attr->dev_attr.attr); > > list_add(&iio_attr->l, &buffer->buffer_attr_list);