On 2025-01-22 21:15:50+0100, Andrew Lunn wrote:
On Wed, Jan 22, 2025 at 07:39:31PM +0100, Thomas Weißschuh wrote:
The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.
- if (!ptp->info->enable)
ptp->info->enable = ptp_enable;
Is it possible that a driver has defined info as a const, and placed it into read only memory? It is generally good practice to make structures of ops read only to prevent some forms of attack.
The modified info struct is a subsystem-private copy and not the struct passed by the driver. Also ptp_clock_register() requires a mutable ops struct parameter anyways.