lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20170721052835.GB15738@kroah.com>
Date:   Fri, 21 Jul 2017 07:28:35 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Tiezhu Yang <kernelpatch@....com>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] driver core: restrict buffer length in online_store()

On Fri, Jul 21, 2017 at 08:39:04AM +0800, Tiezhu Yang wrote:
> According to Documentation/ABI/testing/sysfs-devices-online, in order to
> control CPU N's hotplug state, we should write one of 'Yy1Nn0' to the file
> /sys/devices/system/cpu/cpuN/online, other values should be invalid. so the
> buffer length should be 2, buf[0] is one of 'Yy1Nn0' and buf[1] is '\n'.
> 
> without patch:
> [root@...alhost home]# echo 0test > /sys/devices/system/cpu/cpu1/online
> [root@...alhost home]# cat /sys/devices/system/cpu/cpu1/online
> 0
> [root@...alhost home]# echo 1test > /sys/devices/system/cpu/cpu1/online
> [root@...alhost home]# cat /sys/devices/system/cpu/cpu1/online
> 1
> [root@...alhost home]# echo ntest > /sys/devices/system/cpu/cpu1/online
> [root@...alhost home]# cat /sys/devices/system/cpu/cpu1/online
> 0
> [root@...alhost home]# echo ytest > /sys/devices/system/cpu/cpu1/online
> [root@...alhost home]# cat /sys/devices/system/cpu/cpu1/online
> 1
> [root@...alhost home]# echo Ntest > /sys/devices/system/cpu/cpu1/online
> [root@...alhost home]# cat /sys/devices/system/cpu/cpu1/online
> 0
> [root@...alhost home]# echo Ytest > /sys/devices/system/cpu/cpu1/online
> [root@...alhost home]# cat /sys/devices/system/cpu/cpu1/online
> 1
> 
> with patch:
> [root@...alhost home]# echo 0test > /sys/devices/system/cpu/cpu1/online
> bash: echo: write error: Invalid argument
> [root@...alhost home]# echo 1test > /sys/devices/system/cpu/cpu1/online
> bash: echo: write error: Invalid argument
> [root@...alhost home]# echo ntest > /sys/devices/system/cpu/cpu1/online
> bash: echo: write error: Invalid argument
> [root@...alhost home]# echo ytest > /sys/devices/system/cpu/cpu1/online
> bash: echo: write error: Invalid argument
> [root@...alhost home]# echo Ntest > /sys/devices/system/cpu/cpu1/online
> bash: echo: write error: Invalid argument
> [root@...alhost home]# echo Ytest > /sys/devices/system/cpu/cpu1/online
> bash: echo: write error: Invalid argument
> 
> Signed-off-by: Tiezhu Yang <kernelpatch@....com>
> ---
>  drivers/base/core.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/base/core.c b/drivers/base/core.c
> index 755451f..6588ed5 100644
> --- a/drivers/base/core.c
> +++ b/drivers/base/core.c
> @@ -1005,6 +1005,12 @@ static ssize_t online_store(struct device *dev, struct device_attribute *attr,
>  	bool val;
>  	int ret;
>  
> +	/* According to Documentation/ABI/testing/sysfs-devices-online,
> +	 * the buf length should be 2, buf[0]: one of 'Yy1Nn0', buf[1]: '\n'.
> +	 */
> +	if (strlen(buf) != 2)
> +		return -EINVAL;
> +
>  	ret = strtobool(buf, &val);

strtobool should handle all of this, so let's not force every individual
user of it to check the "length".

What is the problem that this patch is trying to solve?  Who is writing
odd values to this file that is not working properly?  Who writes
"0testfoo" to the file and expect it to reject the value?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ