diff options
| author | Danilo Krummrich <dakr@kernel.org> | 2026-05-05 16:37:21 +0300 |
|---|---|---|
| committer | Danilo Krummrich <dakr@kernel.org> | 2026-05-30 23:25:23 +0300 |
| commit | 1947229f5f2a8d4ecf8c971aca68a1242bb7b37c (patch) | |
| tree | 44854a288dd42e463dfcde625b7fd6d2a3f20b91 /include/linux | |
| parent | 016267b521b18529c977c9eca9597a1669c3d73c (diff) | |
| download | linux-1947229f5f2a8d4ecf8c971aca68a1242bb7b37c.tar.xz | |
amba: use generic driver_override infrastructure
When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.
Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.
Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
Link: https://lore.kernel.org/driver-core/DGRGTIRHA62X.3RY09D9SOK77P@kernel.org/ [1]
Reported-by: Gui-Dong Han <hanguidong02@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220789
Fixes: 3cf385713460 ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'")
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://patch.msgid.link/20260505133935.3772495-2-dakr@kernel.org
Signed-off-by: Danilo Krummrich <dakr@kernel.org>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/amba/bus.h | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/include/linux/amba/bus.h b/include/linux/amba/bus.h index 9946276aff73..6c54d5c0d21f 100644 --- a/include/linux/amba/bus.h +++ b/include/linux/amba/bus.h @@ -71,11 +71,6 @@ struct amba_device { unsigned int cid; struct amba_cs_uci_id uci; unsigned int irq[AMBA_NR_IRQS]; - /* - * Driver name to force a match. Do not set directly, because core - * frees it. Use driver_set_override() to set or clear it. - */ - const char *driver_override; }; struct amba_driver { |