Revert "firewire: Kill unnecessary buf check in device_attribute.show"

This reverts commit 4a2b06ca33763b363038d333274e212db6ff0de1.

The previous fix didn't consider callers from other than sysfs. Revert
it to fix the NULL dereference

 kernel:  ? sysfs_emit+0xb5/0xc0
 kernel:  show_immediate+0x13f/0x1d0 [firewire_core]
 kernel:  init_fw_attribute_group+0x81/0x150 [firewire_core]
 kernel:  create_units+0x119/0x160 [firewire_core]
 kernel:  fw_device_init+0x1a9/0x330 [firewire_core]
 kernel:  fw_device_workfn+0x12/0x20 [firewire_core]
 kernel:  process_one_work+0x16f/0x350
 kernel:  worker_thread+0x306/0x440
 kernel:  ? __pfx_worker_thread+0x10/0x10
 kernel:  kthread+0xf2/0x120
 kernel:  ? __pfx_kthread+0x10/0x10
 kernel:  ret_from_fork+0x47/0x70
 kernel:  ? __pfx_kthread+0x10/0x10
 kernel:  ret_from_fork_asm+0x1b/0x30
 kernel:  </TASK>
 kernel: ---[ end trace 0000000000000000 ]---
 kernel: ------------[ cut here ]------------

Fixes: 4a2b06ca3376 ("firewire: Kill unnecessary buf check in device_attribute.show")
Reported-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Link: https://lore.kernel.org/lkml/625470f3-b196-43f7-9844-fa1cb6da99f8@fujitsu.com/
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>

diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
index c0976f6268d3292206e7dcba40fd487837e633ba..f208a02d0ebf717a9bed73072f68c0cf78ebdb68 100644 (file)
--- a/drivers/firewire/core-device.c
+++ b/drivers/firewire/core-device.c
@@ -322,7 +322,7 @@ static ssize_t show_immediate(struct device *dev,
        if (value < 0)
                return -ENOENT;
 
-       return sysfs_emit(buf, "0x%06x\n", value);
+       return buf ? sysfs_emit(buf, "0x%06x\n", value) : 0;
 }
 
 #define IMMEDIATE_ATTR(name, key)                              \
@@ -334,6 +334,8 @@ static ssize_t show_text_leaf(struct device *dev,
        struct config_rom_attribute *attr =
                container_of(dattr, struct config_rom_attribute, attr);
        const u32 *directories[] = {NULL, NULL};
+       size_t bufsize;
+       char dummy_buf[2];
        int i, ret = -ENOENT;
 
        down_read(&fw_device_rwsem);
@@ -355,9 +357,15 @@ static ssize_t show_text_leaf(struct device *dev,
                }
        }
 
+       if (buf) {
+               bufsize = PAGE_SIZE - 1;
+       } else {
+               buf = dummy_buf;
+               bufsize = 1;
+       }
+
        for (i = 0; i < ARRAY_SIZE(directories) && !!directories[i]; ++i) {
-               int result = fw_csr_string(directories[i], attr->key, buf,
-                                          PAGE_SIZE - 1);
+               int result = fw_csr_string(directories[i], attr->key, buf, bufsize);
                // Detected.
                if (result >= 0) {
                        ret = result;
@@ -366,7 +374,7 @@ static ssize_t show_text_leaf(struct device *dev,
                        // in the root directory follows to the directory entry for vendor ID
                        // instead of the immediate value for vendor ID.
                        result = fw_csr_string(directories[i], CSR_DIRECTORY | attr->key, buf,
-                                              PAGE_SIZE - 1);
+                                              bufsize);
                        if (result >= 0)
                                ret = result;
                }