tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

soundwire: debugfs: initialize firmware_file to empty string

Passing NULL to debugfs_create_str() causes a NULL pointer dereference,
and creating debugfs nodes with NULL string pointers is no longer
permitted.

Additionally, firmware_file is a global pointer. Previously, adding every
new slave blindly overwrote it with NULL.

Fix these issues by initializing firmware_file to an allocated empty
string once in the subsystem init path (sdw_debugfs_init), and freeing
it in the exit path. Existing driver code handles empty strings
correctly.

Fixes: fe46d2a4301d ("soundwire: debugfs: add interface to read/write commands")
Reported-by: yangshiguang <yangshiguang@xiaomi.com>
Closes: https://lore.kernel.org/lkml/17647e4c.d461.19b46144a4e.Coremail.yangshiguang1011@163.com/
Signed-off-by: Gui-Dong Han <hanguidong02@gmail.com>
Link: https://patch.msgid.link/20260323085930.88894-4-hanguidong02@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Gui-Dong Han and committed by
Greg Kroah-Hartman 7215e455 4afc929c

+7 -2
+7 -2
drivers/soundwire/debugfs.c
··· 358 358 debugfs_create_file("go", 0200, d, slave, &cmd_go_fops); 359 359 360 360 debugfs_create_file("read_buffer", 0400, d, slave, &read_buffer_fops); 361 - firmware_file = NULL; 362 - debugfs_create_str("firmware_file", 0200, d, &firmware_file); 361 + if (firmware_file) 362 + debugfs_create_str("firmware_file", 0200, d, &firmware_file); 363 363 364 364 slave->debugfs = d; 365 365 } ··· 371 371 372 372 void sdw_debugfs_init(void) 373 373 { 374 + if (!firmware_file) 375 + firmware_file = kstrdup("", GFP_KERNEL); 376 + 374 377 sdw_debugfs_root = debugfs_create_dir("soundwire", NULL); 375 378 } 376 379 377 380 void sdw_debugfs_exit(void) 378 381 { 379 382 debugfs_remove_recursive(sdw_debugfs_root); 383 + kfree(firmware_file); 384 + firmware_file = NULL; 380 385 }