lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOOmCE-KK3AYmjaDO=qV7WzpsgeZ6d7U1Ep9a9=dcu9CEmohLQ@mail.gmail.com>
Date:   Fri, 28 Apr 2023 11:19:04 -0500
From:   Jorge Lopez <jorgealtxwork@...il.com>
To:     Thomas Weißschuh <thomas@...ch.de>
Cc:     hdegoede@...hat.com, platform-driver-x86@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v11 08/14] HP BIOSCFG driver - bioscfg-h

On Fri, Apr 28, 2023 at 11:09 AM Thomas Weißschuh <thomas@...ch.de> wrote:
>
> On 2023-04-28 11:03:56-0500, Jorge Lopez wrote:
> > On Fri, Apr 28, 2023 at 10:36 AM Thomas Weißschuh <thomas@...ch.de> wrote:
> > >
> > > On 2023-04-28 10:24:40-0500, Jorge Lopez wrote:
> > > > On Sun, Apr 23, 2023 at 7:01 AM Thomas Weißschuh <thomas@...ch.de> wrote:
> > > > >
> > > > > On 2023-04-20 11:54:48-0500, Jorge Lopez wrote:
> > > > > > ---
> > > > > >  drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 613 +++++++++++++++++++
> > > > > >  1 file changed, 613 insertions(+)
> > > > > >  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
>
> <snip>
>
> > > > > > +#define ATTRIBUTE_PROPERTY_STORE(curr_val, type)                     \
> > > > > > +     static ssize_t curr_val##_store(struct kobject *kobj,           \
> > > > > > +                                     struct kobj_attribute *attr,    \
> > > > > > +                                     const char *buf, size_t count)  \
> > > > > > +     {                                                               \
> > > > > > +             char *p = NULL;                                         \
> > > > > > +             char *attr_value = NULL;                                \
> > > > > > +             int i;                                                  \
> > > > > > +             int ret = -EIO;                                         \
> > > > > > +                                                                     \
> > > > > > +             attr_value = kstrdup(buf, GFP_KERNEL);                  \
> > > > > > +             if (!attr_value)                                        \
> > > > > > +                     return -ENOMEM;                                 \
> > > > > > +                                                                     \
> > > > > > +             p = memchr(attr_value, '\n', count);                    \
> > > > > > +             if (p != NULL)                                          \
> > > > > > +                     *p = '\0';                                      \
> > > > >
> > > > > This can also truncate the string if there is data after the newline.
> > > >
> > > > This is a expected behavior as described by Hans in a later email
> > >
> > > I'm fine with stripping a trailing newline.
> > >
> > > But this truncates the string at the first newline.
> > >
> > > "foo\nbar" -> "foo"
> > > "\nfoo" -> ""
> > >
> > All inputs expected by this driver and respectively by BIOS are a
> > single line.  For this reason, '\n' will cause the string to be
> > truncated.
> > I propose reporting a warning message indicating that the data entered
> > has a '\n' character and will be truncated in addition to failing the
> > operation with -EINVAL
>
> EINVAL sounds good, but a warning is overkill IMO.
>
> Whoever put in the garbage value will see the error.
>
> Stripping a trailing newline still seems fine though.

So. should the driver return an -EINVAL error or truncate the line,
report a warning message, and allow it to proceed.?
Please advice

> This would be a very good candidate for a helper function.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ