From nobody Fri Apr 3 22:12:24 2026 Received: from mail-dl1-f51.google.com (mail-dl1-f51.google.com [74.125.82.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DA0A35F17D for ; Mon, 23 Mar 2026 09:02:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774256553; cv=none; b=HJ+iZ1mU/VgUIA4oNjar+pedHNEJk+iHz5+8oWv4idqC41drz79y0I/RhPMu0IEieP3ehZQQZa2PNUlvBMgBhKe5F3DinutoCzL+WT9QRPzkgHJ+Zt8VB0csSZn9kiuZ62DCVcTi/mS48L/UhqQTfr9CPdqFz/oomHUCw7W3gWw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774256553; c=relaxed/simple; bh=cDfCpC2k5COsvd3GHRWIpuxPdl/asKWV7zeOf4SM5dg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sKLd6HGbginCqmZbhb7YjSDP1L0ElrCUAT0NFYx8r9WlyQdmvwShWUpKzFgGBmHObfo9hfxUZkEId5RwS1NQxuKYSw+3GVhjG3dtrWnd969w4Ea3q2ao2oqi3DFIMr2SDC5VkDf6Gx/1WB3UB+xcfLt+YBkrVjupWkQYZ474/v4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Uyk7JJTm; arc=none smtp.client-ip=74.125.82.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Uyk7JJTm" Received: by mail-dl1-f51.google.com with SMTP id a92af1059eb24-1273349c56bso3383025c88.0 for ; Mon, 23 Mar 2026 02:02:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1774256550; x=1774861350; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tg0E61uEdPAy3sHgDaZndNka+4Nyveqsr6678EIZbOY=; b=Uyk7JJTmXtrOOi9pV42OguJldt83APHKG0w/Up3IdwACALVp66ir3E6eYKEkpHYnij BPTpajZ2efyBtH5VnFUNyhvnuIRhDPqQBIUnUXE1182a7TIfzyD67kZcEOvVgTboOOUk jD6Yn7dFB5pdBgFGYfeVI4319nA4s8yCNSayHg5v1GuCtwCs/d2yp3FyJU5uQwiYOeXv goLXjrGadaZEt0th3WgitbgTYsnD+r/E3++JC2Xug9Hu3nVr+fuEdG1rgkxlmZOj9zqw 8B3yVxlAikY+2bzC6m4Q8uGYVhWMz+qxh019FIFQSoGtm2r7WGM1vFUFmUx2cmuhZOHf kPAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774256550; x=1774861350; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=tg0E61uEdPAy3sHgDaZndNka+4Nyveqsr6678EIZbOY=; b=bUvvlUwYsC0aKQc5hS7lllNeX65IhSRnyYUlgrL1IGH+1xQ1LxHaQml1rD3z+5JaHa YtAdevqxMTX3SlokMzEqy/Jdq1qr1YANejF/kEd6lffhgIvnOXqdOScRzAy0u4QXwI9n Ct6BqxgF74CpqEHCyT+BGqJVeDAzt15H/WbuztC3E4g8/qo8L4idln8bkDhBWZb5fxBF P3xsxE7+YVgYy0sC5+AJERU0EdEabkbRpHJrtus/kFIEkZsErCJuu+0eO/pcLoZZl+XV YQ/ISzsaPhSjwFIX5Fz2I1FntirocdoPMnA1EEYjKcZ4n6t4nR4qlOSP1GmBX2VVAU3t 6Kgw== X-Forwarded-Encrypted: i=1; AJvYcCVidMFqtoVLAwhddUoZbqxhJ+LAQAtFD3bqO4IyryFH/RweAHHtbQbjkguzrudbdPhm0KRROzaqBg8xk3I=@vger.kernel.org X-Gm-Message-State: AOJu0YzDMS3cLHIHJDO2OuCtUNCmhisJfQRfQ0FlSxAhtSva/ppM4GDC yTW1WtqgA170JqmXKTzgzDbBtX+IRONvLO+zBDjKvOMVYnYaW7GHdkFs X-Gm-Gg: ATEYQzw76z6IYV2ONwXVjXDVBD83q1juEf8XdRuNgRGCMCDQLhm5WFjKSJvurUUs+Ha Sb8Is77diOqppJXg0ycr06XtHBTHaPosQf+jtakHEUNpSLItHV0oQ4IVpKFULmNABf7J3vWvilb aQPdvBHHQwJZEvIs7YgjSJ5JMmotkSu6aLPtFpsVuAShOsMK5ur804W8t1kM6mNE0sitYUa433F Xn5HCTJQikGEAR1gPESosn8CjiHLv8XiUWKnpw0qUpzINWaw7kL29NV81iYCL5DrjanUcRyRvwU 39HTQAj9HgsGQ0aLZSuwJ2KKEvWRY1h6XIOtZ1B1XRs/v99laHSdUSFui5VHzs12qJ27cmf1/6r jL0Z7VlvoEDkAzUSZVJAFC1XVxBWIPwwEKkS0hUDOVUnTEl4si6+w1jnj7FsbPOtXDjlTzM2YcU ISrTokAYi4bBt8ZxY/mWA10FGEZ/cE94N8iRDYjxk3JTqJkAWd28MPWMv7X5EbBq1gFVodGdJ6p l5eKAWfm9PPV7FXHaOel9qxPM3tsGV9pOOHb8hFrf1CFd2sAZvlUD9Qd53FaF+TElQ= X-Received: by 2002:a05:7022:f68b:b0:128:d4db:447a with SMTP id a92af1059eb24-12a726cd01bmr4665776c88.29.1774256549584; Mon, 23 Mar 2026 02:02:29 -0700 (PDT) Received: from 2045L.localdomain (90.sub-75-221-98.myvzw.com. [75.221.98.90]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-12a734bb33fsm8620227c88.9.2026.03.23.02.02.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Mar 2026 02:02:29 -0700 (PDT) From: Gui-Dong Han To: gregkh@linuxfoundation.org, rafael@kernel.org, dakr@kernel.org, vkoul@kernel.org, yung-chuan.liao@linux.intel.com, pierre-louis.bossart@linux.dev Cc: peterz@infradead.org, cristian.marussi@arm.com, sudeep.holla@kernel.org, linux-sound@vger.kernel.org, driver-core@lists.linux.dev, linux-kernel@vger.kernel.org, akaieurus@gmail.com, me@ziyao.cc, Gui-Dong Han , yangshiguang Subject: [PATCH v2 3/3] soundwire: debugfs: initialize firmware_file to empty string Date: Mon, 23 Mar 2026 16:58:46 +0800 Message-ID: <20260323085930.88894-4-hanguidong02@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260323085930.88894-1-hanguidong02@gmail.com> References: <20260323085930.88894-1-hanguidong02@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Passing NULL to debugfs_create_str() causes a NULL pointer dereference, and creating debugfs nodes with NULL string pointers is no longer permitted. Additionally, firmware_file is a global pointer. Previously, adding every new slave blindly overwrote it with NULL. Fix these issues by initializing firmware_file to an allocated empty string once in the subsystem init path (sdw_debugfs_init), and freeing it in the exit path. Existing driver code handles empty strings correctly. Fixes: fe46d2a4301d ("soundwire: debugfs: add interface to read/write comma= nds") Reported-by: yangshiguang Closes: https://lore.kernel.org/lkml/17647e4c.d461.19b46144a4e.Coremail.yan= gshiguang1011@163.com/ Signed-off-by: Gui-Dong Han --- @SoundWire maintainers: Reviewed-by and Acked-by tags are welcome. Based on my testing, reading a string node created with a NULL pointer causes a crash, and writing to it returns -EINVAL. This completely breaks the interface, making me highly suspect this code has never actually been used. Additionally, sharing the global firmware_file pointer is inherently racy. I will investigate fixing or removing it entirely in a follow-up patch, as it falls outside the scope of this series. v2: * Replace devm_kstrdup() with kstrdup() to fix allocation/free mismatch with debugfs. * Move initialization to sdw_debugfs_init() to correctly handle the global pointer and avoid overwriting during slave probe. --- drivers/soundwire/debugfs.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/soundwire/debugfs.c b/drivers/soundwire/debugfs.c index ccc9670ef77c..2905ec19b838 100644 --- a/drivers/soundwire/debugfs.c +++ b/drivers/soundwire/debugfs.c @@ -358,8 +358,8 @@ void sdw_slave_debugfs_init(struct sdw_slave *slave) debugfs_create_file("go", 0200, d, slave, &cmd_go_fops); =20 debugfs_create_file("read_buffer", 0400, d, slave, &read_buffer_fops); - firmware_file =3D NULL; - debugfs_create_str("firmware_file", 0200, d, &firmware_file); + if (firmware_file) + debugfs_create_str("firmware_file", 0200, d, &firmware_file); =20 slave->debugfs =3D d; } @@ -371,10 +371,15 @@ void sdw_slave_debugfs_exit(struct sdw_slave *slave) =20 void sdw_debugfs_init(void) { + if (!firmware_file) + firmware_file =3D kstrdup("", GFP_KERNEL); + sdw_debugfs_root =3D debugfs_create_dir("soundwire", NULL); } =20 void sdw_debugfs_exit(void) { debugfs_remove_recursive(sdw_debugfs_root); + kfree(firmware_file); + firmware_file =3D NULL; } --=20 2.43.0