On Mon, Feb 03, 2025 at 06:05:19PM +0200, Andy Shevchenko wrote: > > > > +/** > > > > + * __faux_device_create - create and register a faux device and driver > > > > + * @name: name of the device and driver we are adding > > > > + * @faux_ops: struct faux_driver_ops that the new device will call back into, can be NULL > > > > + * @owner: module owner of the device/driver > > > > + * > > > > + * Create a new faux device and driver, both with the same name, and register > > > > + * them in the driver core properly. The probe() callback of @faux_ops will be > > > > + * called with the new device that is created for the caller to do something > > > > + * with. > > > > > > The kernel-doc will complain on missing Return: section. > > > > Is that new? Does that mean platform.c has lots of complaints in it as > > well? What does platform_find_device_by_driver() give you for a > > documentation issue? > > > > And as I didn't hook this up to the kernel documentation build yet, it > > shouldn't produce any warnings anywhere :) > > I would rather say it's old. > > Run > > kernel-doc -Wall -none -v ...your file... > > and find the warning. During the kernel builds this is moved to extra warnings. Ah, nice, didn't know about that. Now fixed up. > > > > + */ > > ... > > > > > + faux_obj = kzalloc(sizeof(*faux_obj) + strlen(name) + 1, GFP_KERNEL); > > > > > > Potential overflow. To avoid one may use struct_size() from overflow.h. > > > > Users should not be providing the string here. Again, this comes from > > platform.c. > > I'm not sure I follow. The name parameter is not limited anyhow, so one may > provide non-terminated string and strlen() will return an arbitrary number. > Potentially this can lead to big numbers and become an overflow when gets > to a parameter for kmalloc(). This most likely never happen in real life, > but still the overflow is possible. I've now bounded at 256, because really, who needs a bigger name for a device than that :) thanks, greg k-h
