| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Aug 2023 14:23:45 +0800
From: Xuewen Yan <xuewen.yan@...soc.com>
To: <rafael@...nel.org>, <pavel@....cz>, <len.brown@...el.com>
CC: <qyousef@...alina.io>, <guohua.yan@...soc.com>,
<linux-pm@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH] PM: QOS: Always use "kstrtos32_from_user()" in cpu_latency_qos_write()
In cpu_latency_qos_write, there is a judgment on whether the count
value is equal to sizeof(s32). This means that when user write 100~999,
it would get error value because it would call the "copy_from_user()"
instead of "kstrtos32".
Just like:
# echo 500 > /dev/cpu_dma_latency
[T4893] write: qos value=170930229
[T4893] write: count value=4
[T4893] write: qos value=170930226
[T4893] write: count value=4
To prevent this happening, delete the "copy_from_user()" and
always use "kstrtos32_from_user()".
Signed-off-by: Xuewen Yan <xuewen.yan@...soc.com>
---
kernel/power/qos.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/kernel/power/qos.c b/kernel/power/qos.c
index 782d3b41c1f3..21a2f873e921 100644
--- a/kernel/power/qos.c
+++ b/kernel/power/qos.c
@@ -379,17 +379,11 @@ static ssize_t cpu_latency_qos_write(struct file *filp, const char __user *buf,
size_t count, loff_t *f_pos)
{
s32 value;
+ int ret;
- if (count == sizeof(s32)) {
- if (copy_from_user(&value, buf, sizeof(s32)))
- return -EFAULT;
- } else {
- int ret;
-
- ret = kstrtos32_from_user(buf, count, 16, &value);
- if (ret)
- return ret;
- }
+ ret = kstrtos32_from_user(buf, count, 16, &value);
+ if (ret)
+ return ret;
cpu_latency_qos_update_request(filp->private_data, value);
--
2.25.1
Powered by blists - more mailing lists