Commit 946593d1 authored by Li Zhijian's avatar Li Zhijian Committed by Takashi Sakamoto

Revert "firewire: Kill unnecessary buf check in device_attribute.show"

This reverts commit 4a2b06ca.

The previous fix didn't consider callers from other than sysfs. Revert
it to fix the NULL dereference

 kernel:  ? sysfs_emit+0xb5/0xc0
 kernel:  show_immediate+0x13f/0x1d0 [firewire_core]
 kernel:  init_fw_attribute_group+0x81/0x150 [firewire_core]
 kernel:  create_units+0x119/0x160 [firewire_core]
 kernel:  fw_device_init+0x1a9/0x330 [firewire_core]
 kernel:  fw_device_workfn+0x12/0x20 [firewire_core]
 kernel:  process_one_work+0x16f/0x350
 kernel:  worker_thread+0x306/0x440
 kernel:  ? __pfx_worker_thread+0x10/0x10
 kernel:  kthread+0xf2/0x120
 kernel:  ? __pfx_kthread+0x10/0x10
 kernel:  ret_from_fork+0x47/0x70
 kernel:  ? __pfx_kthread+0x10/0x10
 kernel:  ret_from_fork_asm+0x1b/0x30
 kernel:  </TASK>
 kernel: ---[ end trace 0000000000000000 ]---
 kernel: ------------[ cut here ]------------

Fixes: 4a2b06ca ("firewire: Kill unnecessary buf check in device_attribute.show")
Reported-by: default avatarTakashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: default avatarLi Zhijian <lizhijian@fujitsu.com>
Link: https://lore.kernel.org/lkml/625470f3-b196-43f7-9844-fa1cb6da99f8@fujitsu.com/Signed-off-by: default avatarTakashi Sakamoto <o-takashi@sakamocchi.jp>
parent 4438a810
...@@ -322,7 +322,7 @@ static ssize_t show_immediate(struct device *dev, ...@@ -322,7 +322,7 @@ static ssize_t show_immediate(struct device *dev,
if (value < 0) if (value < 0)
return -ENOENT; return -ENOENT;
return sysfs_emit(buf, "0x%06x\n", value); return buf ? sysfs_emit(buf, "0x%06x\n", value) : 0;
} }
#define IMMEDIATE_ATTR(name, key) \ #define IMMEDIATE_ATTR(name, key) \
...@@ -334,6 +334,8 @@ static ssize_t show_text_leaf(struct device *dev, ...@@ -334,6 +334,8 @@ static ssize_t show_text_leaf(struct device *dev,
struct config_rom_attribute *attr = struct config_rom_attribute *attr =
container_of(dattr, struct config_rom_attribute, attr); container_of(dattr, struct config_rom_attribute, attr);
const u32 *directories[] = {NULL, NULL}; const u32 *directories[] = {NULL, NULL};
size_t bufsize;
char dummy_buf[2];
int i, ret = -ENOENT; int i, ret = -ENOENT;
down_read(&fw_device_rwsem); down_read(&fw_device_rwsem);
...@@ -355,9 +357,15 @@ static ssize_t show_text_leaf(struct device *dev, ...@@ -355,9 +357,15 @@ static ssize_t show_text_leaf(struct device *dev,
} }
} }
if (buf) {
bufsize = PAGE_SIZE - 1;
} else {
buf = dummy_buf;
bufsize = 1;
}
for (i = 0; i < ARRAY_SIZE(directories) && !!directories[i]; ++i) { for (i = 0; i < ARRAY_SIZE(directories) && !!directories[i]; ++i) {
int result = fw_csr_string(directories[i], attr->key, buf, int result = fw_csr_string(directories[i], attr->key, buf, bufsize);
PAGE_SIZE - 1);
// Detected. // Detected.
if (result >= 0) { if (result >= 0) {
ret = result; ret = result;
...@@ -366,7 +374,7 @@ static ssize_t show_text_leaf(struct device *dev, ...@@ -366,7 +374,7 @@ static ssize_t show_text_leaf(struct device *dev,
// in the root directory follows to the directory entry for vendor ID // in the root directory follows to the directory entry for vendor ID
// instead of the immediate value for vendor ID. // instead of the immediate value for vendor ID.
result = fw_csr_string(directories[i], CSR_DIRECTORY | attr->key, buf, result = fw_csr_string(directories[i], CSR_DIRECTORY | attr->key, buf,
PAGE_SIZE - 1); bufsize);
if (result >= 0) if (result >= 0)
ret = result; ret = result;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment