Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp4758341pxb; Mon, 28 Mar 2022 02:58:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwXu22S56ao+5zja0eHs4T5gKaqtyzBTJ/6RoDYIG7sQZ22Bpj8w+wQjbbpDnEJIpu5847u X-Received: by 2002:a17:906:18b2:b0:6d0:ee54:1add with SMTP id c18-20020a17090618b200b006d0ee541addmr26162858ejf.499.1648461484437; Mon, 28 Mar 2022 02:58:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648461484; cv=none; d=google.com; s=arc-20160816; b=S8mtk9VUQWTTUt8xKk/PwiOjI2wHujCaDV4klrM2nYY3CIv5Fk//dr3jqOP7W01aUz wfkWb7bVy17U73dloKgmtcgpvcJ622GvnGtLDTqYaUq0ZfmQH5hSSwP6IjHTYWRjs2eO aF9VlEZCVpSH/gDc7UUBrJOPKI/85i2HZo0qYvUAeh/UfjVngx2jdu7Mu1hu7shYFaF6 BqGWxkj2ssnieEbgFchQ6XwqrZ4J6T5XJDBebMLV7xd+airzn81ojxKPKyB+sUsATxb8 DhVHtvOce7xpMKFiE0yO0Ezi+WSXZZ6Md2g3+WL8NGTcSJZ9KjBxKh5l8PD1DvcqAL/A yseg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=iRywC2fXGTLu3XcU+kOv95CJI0/k5YKaCHVvR7OvlV0=; b=tvGxlcEU1KGr+/kWvIaFUwgZrEPeSc8CK/Djgcp87m0q6MFC65huMhmxMpAQ/qOLzi mDB7XuORa4R6+Nci3YTQJX1ljxAseuS71tyelKYQSZDVdLqf/w9f3uCNC5JJxluCJSEA e8G14B0QBqDVKg/zviCdBLEH+IF2coksyPwlArneG5/UHO9bOuF1u4UKh853xVA7YdOf EYs87g8/3tbGB2qOT/6zhYW3qAj1DnXSKI6nqJV3mY8CnkIrYYQLKzC/kE8dvcTC2DRW Owoy20mW8+4X4LOhGXialPLsIneFDZmT8J13YFAvjanH5vCFcHEmEVdqiC3OnsAI8tmk ZW6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Nfd9upEl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ka7-20020a170907920700b006df76385bc2si12480457ejb.98.2022.03.28.02.57.39; Mon, 28 Mar 2022 02:58:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Nfd9upEl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237780AbiC1DTX (ORCPT + 99 others); Sun, 27 Mar 2022 23:19:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34268 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230495AbiC1DTW (ORCPT ); Sun, 27 Mar 2022 23:19:22 -0400 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D92352CCAE for ; Sun, 27 Mar 2022 20:17:42 -0700 (PDT) Received: by mail-pg1-x531.google.com with SMTP id s72so11198852pgc.5 for ; Sun, 27 Mar 2022 20:17:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=iRywC2fXGTLu3XcU+kOv95CJI0/k5YKaCHVvR7OvlV0=; b=Nfd9upElHAEIafOt6kM6Nan2028B+2XJaXGyzMy2vndOjHxTyrwfDWAzbrS2gqhlfC 5FdbSHzvm62LfGlh6yNDR1CAHwZRuTeHqoKsr/3vY2jQctjGySYCpv4NaGmIPuAJ6iHl X1ZXEhwIOP73ziWzVm3aZhZiFYAhNKz4Du/yyP8333MOVQraMF+m9JPzhG+8n26SvzNT SeQJJowvS7p8zgy0UprHttmaQg9nB+vMvJyrRtxJIgIYUeDyFku8iDgsO6ucq+cKkkwi 7qmYpCvhL2BiCF4uerLvA3b4SnF/bhFnCIX5dvb5eXElUc59kC3LXCbt9Y8PTj+iMlVT 5bnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=iRywC2fXGTLu3XcU+kOv95CJI0/k5YKaCHVvR7OvlV0=; b=keGlrf6QogpbA9rHTpwc+t6TKLGZVCKzJ4cCfM6YUaL+H42zvuwWDlAS3T0DQHUF0o xZb8r/+z6F+EmRwbHD1vXaSLesMn4Ewq1PaTjaLIUt0VlHRjuPyqSvAM5wXtIFO0eRAB OICiV1YtEBswG++C9O4diDcWtEXOxjNb+z8fAuATrwUsJSF2G2qjGnoAwQVKDrv7Q8fW /6W2pzbtvaNb59NrpwVGLs9abkykp3qoEv542YoDgb/veGWeso5c5+fBzP0oVdVHSWbJ QcMvwGz7RfhpK7kS3xKyguFaCyIWkoM7yEwkd+LgSEMr27FnmoyrOi7SgjuT0/CSbKe4 /tBg== X-Gm-Message-State: AOAM530GlnsdXDyZeTHqRSYM9RM+fnx0MwBIz3nGVk+bu9ApZ5eIt8z4 Q/bYppd+igwV56fptYAsD2riVQ== X-Received: by 2002:a63:1620:0:b0:375:948e:65bf with SMTP id w32-20020a631620000000b00375948e65bfmr8880013pgl.49.1648437462221; Sun, 27 Mar 2022 20:17:42 -0700 (PDT) Received: from localhost ([223.184.83.228]) by smtp.gmail.com with ESMTPSA id h12-20020a056a00230c00b004faf2563bcasm12787512pfh.114.2022.03.27.20.17.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Mar 2022 20:17:41 -0700 (PDT) Date: Mon, 28 Mar 2022 08:47:39 +0530 From: Viresh Kumar To: Xiaomeng Tong Cc: vireshk@kernel.org, nm@ti.com, sboyd@kernel.org, rafael.j.wysocki@intel.com, linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] opp: fix a missing check on list iterator Message-ID: <20220328031739.72togwws2u2rlluo@vireshk-i7> References: <20220327053943.3071-1-xiam0nd.tong@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220327053943.3071-1-xiam0nd.tong@gmail.com> User-Agent: NeoMutt/20180716-391-311a52 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 27-03-22, 13:39, Xiaomeng Tong wrote: > The bug is here: > dev = new_dev->dev; > > The list iterator 'new_dev' will point to a bogus position containing > HEAD if the list is empty or no element is found. This case must > be checked before any use of the iterator, otherwise it will lead > to a invalid memory access. > > To fix this bug, add an check. Use a new variable 'iter' as the > list iterator, while use the old variable 'new_dev' as a dedicated > pointer to point to the found element. > > Cc: stable@vger.kernel.org > Fixes: deaa51465105a ("PM / OPP: Add debugfs support") > Signed-off-by: Xiaomeng Tong > --- > drivers/opp/debugfs.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/drivers/opp/debugfs.c b/drivers/opp/debugfs.c > index 596c185b5dda..a4476985e4ce 100644 > --- a/drivers/opp/debugfs.c > +++ b/drivers/opp/debugfs.c > @@ -187,14 +187,19 @@ void opp_debug_register(struct opp_device *opp_dev, struct opp_table *opp_table) > static void opp_migrate_dentry(struct opp_device *opp_dev, > struct opp_table *opp_table) > { > - struct opp_device *new_dev; > + struct opp_device *new_dev = NULL, *iter; > const struct device *dev; > struct dentry *dentry; > > /* Look for next opp-dev */ > - list_for_each_entry(new_dev, &opp_table->dev_list, node) > - if (new_dev != opp_dev) > + list_for_each_entry(iter, &opp_table->dev_list, node) > + if (iter != opp_dev) { > + new_dev = iter; > break; > + } > + > + if (!new_dev) > + return; I think you missed this check in the parent function ? if (!list_is_singular(&opp_table->dev_list)) { i.e. this bug can never happen. -- viresh