| Message ID | 20220203135418.2252624-1-o.rempel@pengutronix.de (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [v1] counter: fix NULL pointer dereference on counter_comp_u8_store() | expand |
On Thu, Feb 03, 2022 at 02:54:18PM +0100, Oleksij Rempel wrote: > Current kernel will report NULL pointer dereference with following > back trace: > interrupt_cnt_enable_write from counter_comp_u8_store+0xc0/0xf4 > counter_comp_u8_store from dev_attr_store+0x24/0x30 > dev_attr_store from sysfs_kf_write+0x48/0x54 > sysfs_kf_write from kernfs_fop_write_iter+0x128/0x1c8 > kernfs_fop_write_iter from vfs_write+0x124/0x1b4 > vfs_write from ksys_write+0x88/0xe0 > ksys_write from sys_write+0x18/0x1c > sys_write from ret_fast_syscall+0x0/0x1c > > Add missing dev_set_drvdata() to fix it. > > Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de> Hi Oleksij, This dev_set_drvdata() was removed in commit b56346ddbd82 ("counter: Use container_of instead of drvdata to track counter_device"). It looks like we overlooked the counter-sysfs.c file when we made that change. Would you instead replace the dev_get_drvdata() calls in counter-sysfs.c with respective container_of() calls? Add a Fixes tag referencing commit b56346ddbd82 as well to your commit message. Thanks, William Breathitt Gray > --- > drivers/counter/counter-core.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/counter/counter-core.c b/drivers/counter/counter-core.c > index 7e0957eea094..1de16d5e9fbc 100644 > --- a/drivers/counter/counter-core.c > +++ b/drivers/counter/counter-core.c > @@ -98,6 +98,8 @@ struct counter_device *counter_alloc(size_t sizeof_priv) > counter = &ch->counter; > dev = &counter->dev; > > + dev_set_drvdata(dev, counter); > + > /* Acquire unique ID */ > err = ida_alloc(&counter_ida, GFP_KERNEL); > if (err < 0) > -- > 2.30.2 >
diff --git a/drivers/counter/counter-core.c b/drivers/counter/counter-core.c index 7e0957eea094..1de16d5e9fbc 100644 --- a/drivers/counter/counter-core.c +++ b/drivers/counter/counter-core.c @@ -98,6 +98,8 @@ struct counter_device *counter_alloc(size_t sizeof_priv) counter = &ch->counter; dev = &counter->dev; + dev_set_drvdata(dev, counter); + /* Acquire unique ID */ err = ida_alloc(&counter_ida, GFP_KERNEL); if (err < 0)
Current kernel will report NULL pointer dereference with following back trace: interrupt_cnt_enable_write from counter_comp_u8_store+0xc0/0xf4 counter_comp_u8_store from dev_attr_store+0x24/0x30 dev_attr_store from sysfs_kf_write+0x48/0x54 sysfs_kf_write from kernfs_fop_write_iter+0x128/0x1c8 kernfs_fop_write_iter from vfs_write+0x124/0x1b4 vfs_write from ksys_write+0x88/0xe0 ksys_write from sys_write+0x18/0x1c sys_write from ret_fast_syscall+0x0/0x1c Add missing dev_set_drvdata() to fix it. Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de> --- drivers/counter/counter-core.c | 2 ++ 1 file changed, 2 insertions(+)