| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Apr 2022 20:26:51 +0200
From: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
To: Andy Shevchenko <andy.shevchenko@...il.com>,
Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Rafael J. Wysocki" <rafael@...nel.org>,
Stuart Yoder <stuyoder@...il.com>,
"K. Y. Srinivasan" <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Mathieu Poirier <mathieu.poirier@...aro.org>,
Vineeth Vijayan <vneethv@...ux.ibm.com>,
Peter Oberparleiter <oberpar@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Alexander Gordeev <agordeev@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Sven Schnelle <svens@...ux.ibm.com>,
Andy Gross <agross@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
linux-clk <linux-clk@...r.kernel.org>,
NXP Linux Team <linux-imx@....com>,
linux-arm Mailing List <linux-arm-kernel@...ts.infradead.org>,
Linux on Hyper-V List <linux-hyperv@...r.kernel.org>,
linux-pci <linux-pci@...r.kernel.org>,
linux-remoteproc@...r.kernel.org, linux-s390@...r.kernel.org,
linux-arm-msm@...r.kernel.org,
ALSA Development Mailing List <alsa-devel@...a-project.org>,
linux-spi <linux-spi@...r.kernel.org>,
virtualization@...ts.linux-foundation.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Rasmus Villemoes <linux@...musvillemoes.dk>
Subject: Re: [PATCH v5 01/11] driver: platform: Add helper for safer setting
of driver_override
On 16/03/2022 16:54, Andy Shevchenko wrote:
> On Wed, Mar 16, 2022 at 5:06 PM Krzysztof Kozlowski
> <krzysztof.kozlowski@...onical.com> wrote:
>
> ...
>
>> +int driver_set_override(struct device *dev, const char **override,
>> + const char *s, size_t len)
>> +{
>> + const char *new, *old;
>> + char *cp;
I focused on some other topics, so I did not respond to your questions
for some time.
>
>> + if (!dev || !override || !s)
>> + return -EINVAL;
>
> Sorry, I didn't pay much attention on this. First of all, I would drop
> dev checks and simply require that dev should be valid. Do you expect
> this can be called when dev is invalid?
No, I can skip the check.
> I would like to hear if it's
> anything but theoretical. Second one, is the !s requirement. Do I
> understand correctly that the string must be always present? But then
> how we NULify the override? Is it possible?
I did not change the convention of this sysfs hook, so removing of
override is passing empty string "". Have in mind that his interface is
mainly for sysfs, not for other drivers.
> Third one is absence of
> len check. See below.
>
>> + /*
>> + * The stored value will be used in sysfs show callback (sysfs_emit()),
>> + * which has a length limit of PAGE_SIZE and adds a trailing newline.
>> + * Thus we can store one character less to avoid truncation during sysfs
>> + * show.
>> + */
>> + if (len >= (PAGE_SIZE - 1))
>> + return -EINVAL;
>
> I would relax this to make sure we can use it if \n is within this limit.
Relax in what way? Store more than PAGE_SIZE? This is a user-visible
string and the name of a driver.
>
>> + cp = strnchr(s, len, '\n');
>> + if (cp)
>> + len = cp - s;
>> +
>> + new = kstrndup(s, len, GFP_KERNEL);
>
> Here is a word about the len check.
>
>> + if (!new)
>
> If len == 0, this won't trigger and you have something very
> interesting as a result.
True, empty string would be set as override. The API says that empty
string clears the override, so len==0 should be valid (just like "\n" is
ok).
>
> One way is to use ZERO_PTR_OR_NULL() another is explicitly check for 0
> and issue a (different?) error code.
Best regards,
Krzysztof
Powered by blists - more mailing lists