Re: [PATCH] [PATCH] comedi: check for NULL get_valid_routes function pointer
From: Greg KH
Date: Sun Jul 20 2025 - 04:36:05 EST
On Sun, Jul 20, 2025 at 02:33:50AM -0500, Prabhakar Pujeri wrote:
> From: Super User <root@localhost.localdomain>
I don't think you have your git setup properly :(
And look at the subject line, two "[PATCH]"?
> The function get_valid_routes() calls the low-level driver's
> dev->get_valid_routes() callback directly without checking if it is
> set. If this function pointer is NULL, the kernel crashes with a
> NULL instruction pointer dereference.
>
> This patch adds a check to ensure the callback is present before
> calling it, and returns -EINVAL if it is missing.
>
> This prevents a kernel crash when user space invokes an ioctl that
> results in get_valid_routes() being called on drivers that do not
> implement the callback.
>
> Reported-by: syzbot+ab8008c24e84adee93ff@xxxxxxxxxxxxxxxxxxxxxxxxx
Was this tested? If so, please provide that information.
> Signed-off-by: Prabhakar Pujeri <prabhakar.pujeri@xxxxxxxxx>
> ---
> drivers/comedi/comedi_fops.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c
> index 3383a7ce27ff..2b8cb280287b 100644
> --- a/drivers/comedi/comedi_fops.c
> +++ b/drivers/comedi/comedi_fops.c
> @@ -1302,6 +1302,11 @@ static int check_insn_device_config_length(struct comedi_insn *insn,
> static int get_valid_routes(struct comedi_device *dev, unsigned int *data)
> {
> lockdep_assert_held(&dev->mutex);
> + if (!dev->get_valid_routes) {
> + dev_warn(dev->class_dev ?: dev->hw_dev,
> + "get_valid_routes() not implemented\n");
Why are you allowing userspace to flood the kernel log? If this is
something that userspace can trigger, it needs to be handled much
better.
thanks,
greg k-h