In the instantiation of the fan1_input device attribute, NULL is passed as set function to store_sys_hwmon. The function pointer is never checked before dereferencing it. This is fine if we can guarantee that it will never be called with an invalid pointer, but we can't. If someone from user space decides to change the permissions on this attribute and write to it, kernel will crash. Introduce EEEPC_CREATE_SENSOR_ATTR_RO() to instantiate a read-only attribute, and declare fan1_input with it. This ensures store_sys_hwmon is never called with NULL parameters. If someone tries to write the attribute, the system will at least keep its sanity. This also causes EEEPC_CREATE_SENSOR_ATTR() to be only used for R/W attributes.This enables us to drop the _mode argument from the macro and use DEVICE_ATTR_RW() internally while we're at it. Append _RW to the name for readability. Signed-off-by: Frans Klaver <fransklaver@xxxxxxxxx> --- drivers/platform/x86/eeepc-laptop.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/drivers/platform/x86/eeepc-laptop.c b/drivers/platform/x86/eeepc-laptop.c index ba251bb..e93a54e 100644 --- a/drivers/platform/x86/eeepc-laptop.c +++ b/drivers/platform/x86/eeepc-laptop.c @@ -1039,7 +1039,7 @@ static ssize_t show_sys_hwmon(int (*get)(void), char *buf) } #define EEEPC_SENSOR_SHOW_FUNC(_name, _get) \ - static ssize_t show_##_name(struct device *dev, \ + static ssize_t _name##_show(struct device *dev, \ struct device_attribute *attr, \ char *buf) \ { \ @@ -1047,23 +1047,27 @@ static ssize_t show_sys_hwmon(int (*get)(void), char *buf) } #define EEEPC_SENSOR_STORE_FUNC(_name, _set) \ - static ssize_t store_##_name(struct device *dev, \ + static ssize_t _name##_store(struct device *dev, \ struct device_attribute *attr, \ const char *buf, size_t count) \ { \ return store_sys_hwmon(_set, buf, count); \ } -#define EEEPC_CREATE_SENSOR_ATTR(_name, _mode, _get, _set) \ +#define EEEPC_CREATE_SENSOR_ATTR_RW(_name, _get, _set) \ EEEPC_SENSOR_SHOW_FUNC(_name, _get) \ EEEPC_SENSOR_STORE_FUNC(_name, _set) \ - static DEVICE_ATTR(_name, _mode, show_##_name, store_##_name) + static DEVICE_ATTR_RW(_name) + +#define EEEPC_CREATE_SENSOR_ATTR_RO(_name, _get) \ + EEEPC_SENSOR_SHOW_FUNC(_name, _get) \ + static DEVICE_ATTR_RO(_name) -EEEPC_CREATE_SENSOR_ATTR(fan1_input, S_IRUGO, eeepc_get_fan_rpm, NULL); -EEEPC_CREATE_SENSOR_ATTR(pwm1, S_IRUGO | S_IWUSR, - eeepc_get_fan_pwm, eeepc_set_fan_pwm); -EEEPC_CREATE_SENSOR_ATTR(pwm1_enable, S_IRUGO | S_IWUSR, - eeepc_get_fan_ctrl, eeepc_set_fan_ctrl); +EEEPC_CREATE_SENSOR_ATTR_RO(fan1_input, eeepc_get_fan_rpm); +EEEPC_CREATE_SENSOR_ATTR_RW(pwm1, eeepc_get_fan_pwm, + eeepc_set_fan_pwm); +EEEPC_CREATE_SENSOR_ATTR_RW(pwm1_enable, eeepc_get_fan_ctrl, + eeepc_set_fan_ctrl); static struct attribute *hwmon_attrs[] = { &dev_attr_pwm1.attr, -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe platform-driver-x86" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html