Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp467793pxb;
        Thu, 31 Mar 2022 09:22:51 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzMaanIJhY/BDAGFD2V7BPsef2n5qFeNLh4c38n+eJyhEHg0+GhPJJtvDl2BrSk7Rnpls6X
X-Received: by 2002:a17:906:60d4:b0:6db:f0a8:f39e with SMTP id f20-20020a17090660d400b006dbf0a8f39emr5747540ejk.54.1648743771111;
        Thu, 31 Mar 2022 09:22:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1648743771; cv=none;
        d=google.com; s=arc-20160816;
        b=epmRVvqzv5hLStAr2NVhfAEM1JwV49PNxJxrpwRCOC7JN7yzyv/fzYfaDfkl3u+LWf
         qBRbat5daseE+vJRWYBbUrYbIquZ6MO4U9XMRWxF3ZKg78D3AMkKpzkHOZlj+m4eW6vD
         j5S52SbAngSs+G91uzyxOFGnBPvaCocCxqBwgcWd+KVBDeqsFSMjKDaWuiHCu4gxZTwS
         /yOwl+t0ysVB1BPGAVoh3gGrMcMXxRoizU3/N2ujgy0ASn8ZY4mkq9Tey36/R4CbWL92
         28LHAlQGVG5F2iLMc8DhmBKFAVPGeYmo5iVgVMpThKrkfixwquxxEpzXlaZym9cht4To
         yH3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:references:in-reply-to
         :subject:cc:to:from:message-id:date:dkim-signature:dkim-signature;
        bh=6U8xSKrhW2wc1FxXYtrajzM6mwrGYhNr4klyheqzPjc=;
        b=x6tNcylG6PIaunlSPHHfcVYeThZ0w3CSJjWAuMfU141iUN3lJ5mL1v2LZR9x2GCHfJ
         zTUdoGJkOoI3qBuOEITgemcJZrsVnOwHORNT4a5T1ynoKvxDRZcDNhwAE84f4DgXY9ZK
         1SSDxB3TtG0oSdmscrirideypv5Nj1QjyK2mO5P0W46ewO5+9a/GpyQvug2ayC0PuhRY
         geKYE6XWo/XoOWPGFLyDcvNMY2Ox7X9p8jSk6j23WAG9KSDbvGoYBkEZMcL7tQrJjYuK
         odoTkI/+XBGvufLFiedDNmiAhBZesOiQ/1vRDpmgSBZ9FPIDBcQubMMIC1j7JGS2eC2M
         mTbQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=ICpR+6Pg;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id gf4-20020a170906e20400b006e49b0c9b4csi33570ejb.76.2022.03.31.09.22.23;
        Thu, 31 Mar 2022 09:22:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=ICpR+6Pg;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236706AbiCaNRh (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Thu, 31 Mar 2022 09:17:37 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55914 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233978AbiCaNRg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 31 Mar 2022 09:17:36 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FFDB4AE0C;
        Thu, 31 Mar 2022 06:15:48 -0700 (PDT)
Received: from relay2.suse.de (relay2.suse.de [149.44.160.134])
        by smtp-out2.suse.de (Postfix) with ESMTP id AAD861F37D;
        Thu, 31 Mar 2022 13:15:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1648732547; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=6U8xSKrhW2wc1FxXYtrajzM6mwrGYhNr4klyheqzPjc=;
        b=ICpR+6PgY739ttHe5dKq5uvmNOvdiyhk2GIdzFJWAjqQkWdM5jw6JMpQ+SbBGNjwW9NFLT
        PaFGzjrZ42pdA7B1mvW5lZzjIjvuRgr5Y7oRqpkVZukV58ruyg0m/7+VR0AbcZ7Ud3dAMa
        pGLI6iUXnf6KYQHASxxOGGg/gUI21/M=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1648732547;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=6U8xSKrhW2wc1FxXYtrajzM6mwrGYhNr4klyheqzPjc=;
        b=aLFV6buPQTeKTk1FHu9R51I9fhVQH/KGdRp9HpXCy/Jp9Zp8/dfJ5PULzqP/Ynjpn16D+5
        2tnJBoyVyxMw+XCg==
Received: from alsa1.suse.de (alsa1.suse.de [10.160.4.42])
        by relay2.suse.de (Postfix) with ESMTP id 93511A3B83;
        Thu, 31 Mar 2022 13:15:47 +0000 (UTC)
Date:   Thu, 31 Mar 2022 15:15:47 +0200
Message-ID: <s5ha6d6dzzw.wl-tiwai@suse.de>
From:   Takashi Iwai <tiwai@suse.de>
To:     Heikki Krogerus <heikki.krogerus@linux.intel.com>
Cc:     Greg KH <gregkh@linuxfoundation.org>, Takashi Iwai <tiwai@suse.de>,
        Won Chung <wonchung@google.com>,
        Jaroslav Kysela <perex@perex.cz>,
        Takashi Iwai <tiwai@suse.com>,
        Mika Westerberg <mika.westerberg@linux.intel.com>,
        Benson Leung <bleung@chromium.org>,
        Prashant Malani <pmalani@chromium.org>,
        linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH v2] sound/hda: Add NULL check to component match callback function
In-Reply-To: <YkWj/vmjohNo0r2c@kuha.fi.intel.com>
References: <20220330211913.2068108-1-wonchung@google.com>
        <s5hzgl6eg48.wl-tiwai@suse.de>
        <CAOvb9yiO_n48JPZ3f0+y-fQ_YoOmuWF5c692Jt5_SKbxdA4yAw@mail.gmail.com>
        <s5hr16ieb8o.wl-tiwai@suse.de>
        <YkVzl4NEzwDAp/Zq@kuha.fi.intel.com>
        <YkWTBwAB1HrxcUR3@kroah.com>
        <YkWj/vmjohNo0r2c@kuha.fi.intel.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3
 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 31 Mar 2022 14:52:14 +0200,
Heikki Krogerus wrote:
> 
> Hi Greg,
> 
> On Thu, Mar 31, 2022 at 01:39:51PM +0200, Greg KH wrote:
> > On Thu, Mar 31, 2022 at 12:25:43PM +0300, Heikki Krogerus wrote:
> > > On Thu, Mar 31, 2022 at 11:12:55AM +0200, Takashi Iwai wrote:
> > > > > > > -     if (!strcmp(dev->driver->name, "i915") &&
> > > > > > > +     if (dev->driver && !strcmp(dev->driver->name, "i915") &&
> > > > > >
> > > > > > Can NULL dev->driver be really seen?  I thought the components are
> > > > > > added by the drivers, hence they ought to have the driver field set.
> > > > > > But there can be corner cases I overlooked.
> > > > > >
> > > > > >
> > > > > > thanks,
> > > > > >
> > > > > > Takashi
> > > > > 
> > > > > Hi Takashi,
> > > > > 
> > > > > When I try using component_add in a different driver (usb4 in my
> > > > > case), I think dev->driver here is NULL because the i915 drivers do
> > > > > not have their component master fully bound when this new component is
> > > > > registered. When I test it, it seems to be causing a crash.
> > > > 
> > > > Hm, from where component_add*() is called?  Basically dev->driver must
> > > > be already set before the corresponding driver gets bound at
> > > > __driver_probe_deviec().  So, if the device is added to component from
> > > > the corresponding driver's probe, dev->driver must be non-NULL.
> > > 
> > > The code that declares a device as component does not have to be the
> > > driver of that device.
> > > 
> > > In our case the components are USB ports, and they are devices that
> > > are actually never bind to any drivers: drivers/usb/core/port.c
> > 
> > Why is a USB device being passed to this code that assumes it is looking
> > for a PCI device with a specific driver name?  As I mentioned on the
> > mei patch, triggering off of a name is really a bad idea, as is assuming
> > the device type without any assurance it is such a device (there's a
> > reason we didn't provide device type identification in the driver core,
> > don't abuse that please...)
> 
> I totally agree. This driver is making a whole bunch of assumptions
> when it should not make any assumptions. And yes, one of those
> assumptions is that the driver of the device has a specific name, and
> that is totally crazy. So why is it making those assumptions? I have
> no idea, but is does, and they are now causing the first problem -
> NULL pointer dereference.

Well, it's a sort of best-effort approach for the component framework.
Currently the framework passes a device pointer without knowing what
it is and every master component tries to match with it unless it's
already bound.  Because of that, the driver has to judge which one is
the right one by itself.  The device driver's string is a loose
matching target that practically worked, so far.

Maybe we should define unique subcomponent numbers and rather check
the passed number at matching.  (Though, only relying on the number is
dangerous, too.)


Takashi