| Message ID | 1573026402-21032-1-git-send-email-shenkai8@huawei.com (mailing list archive) |
|---|---|
| State | Changes Requested, archived |
| Headers | show |
| Series | cpufreq: add NULL check to the store method of cpufreq | expand |
On Wed, Nov 6, 2019 at 8:47 AM Shen Kai <shenkai8@huawei.com> wrote: > > From: shenkai <shenkai8@huawei.com> Can you please use the proper spelling of your name here? > > Add NULL check in the store function here to avoid NULL callback invoking. > Though some interfaces of cpufreq are set as read-only, user can still get > write permission using chmod which can lead to a kernel crash. > > The following operations can lead to a kernel crash. > > chmod +w /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq > echo 1 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq > > This bug was found on linux 4.19 > > Signed-off-by: shenkai <shenkai8@huawei.com> And here? > Reported-by: linfeilong <linfeilong@huawei.com> > Reviewed-by: linfeilong <linfeilong@huawei.com> And the proper spelling of the reporter/reviewer name here too? > Acked-by: Viresh Kumar <viresh.kumar@linaro.org> > --- > drivers/cpufreq/cpufreq.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c > index bffc11b..4ccaa96 100644 > --- a/drivers/cpufreq/cpufreq.c > +++ b/drivers/cpufreq/cpufreq.c > @@ -947,6 +947,9 @@ static ssize_t store(struct kobject *kobj, struct attribute *attr, > struct freq_attr *fattr = to_attr(attr); > ssize_t ret = -EINVAL; > > + if (!fattr->store) > + return ret; > + > /* > * cpus_read_trylock() is used here to work around a circular lock > * dependency problem with respect to the cpufreq_register_driver(). > -- > 2.6.4.windows.1 > >
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c index bffc11b..4ccaa96 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -947,6 +947,9 @@ static ssize_t store(struct kobject *kobj, struct attribute *attr, struct freq_attr *fattr = to_attr(attr); ssize_t ret = -EINVAL; + if (!fattr->store) + return ret; + /* * cpus_read_trylock() is used here to work around a circular lock * dependency problem with respect to the cpufreq_register_driver().