From patchwork Thu May 8 13:06:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Markus Burri X-Patchwork-Id: 888710 Received: from AM0PR02CU008.outbound.protection.outlook.com (mail-westeuropeazon11013051.outbound.protection.outlook.com [52.101.72.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49D5922B588; Thu, 8 May 2025 13:06:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.72.51 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746709604; cv=fail; b=mDhkghoO3HxFO7M0DRHt9qKXwF+PfQridi8vdd3sws5BmZ7bZ9Z2lhd7KVEaVbFXunnWmUImeph5MRSEg1sLxSk6WiIqvmX68Xl4Yfm/6rlk5MsWUhSNpRKaKBqxIUYt6i09VrWck9GOoYvjkHGZ7LbvzPIF/DR5SMV9TVx3m9U= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746709604; c=relaxed/simple; bh=bytdSOFTwJ15vx0O6fahikG6P99PIzOf0mBzTzxNoGQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: Content-Type:MIME-Version; b=pw/3AMFPRxTl77sUZqJT+p96K0k1p26h1cUsRY2/zKszhc2wK+OCqRUvshLF/V4NRmSnxfXj9C6gkZR0C4sPGa3ecPLhpJKdgeTiV83KKnwUAX+Dq/np6YOPMhZc+y0p9+KSng/G0KlQVRnxeyvV9IX/3zdE1aXyUVCzT0B03QU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mt.com; spf=fail smtp.mailfrom=mt.com; dkim=pass (2048-bit key) header.d=mt.com header.i=@mt.com header.b=bK4JCmUd; arc=fail smtp.client-ip=52.101.72.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mt.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=mt.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mt.com header.i=@mt.com header.b="bK4JCmUd" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QJPde4QvM8ENV1ym6i8ETnl8WMdGqyyejpoDWYpZzpkuj5j5/BjSy00RCoLo3g9zEDTgyb45IxS2RQ8Q6Li69lednXtCIXt1Nw1TPx058ldqecSKBkP2v1tCsnihwQfBif68sXg9hrMahNCxGEFlJU66lAzpFt4N9HjYkQNRQ1sOJzFcsr4YQjFXbtnztox4vXR9WntSNPPf90hTWyj9DgJ/CnodKHpPzE4Fmv7CsYvAV5AsvunSHsowZVpgns1byW5jmO4kcR1gGWwSEDDkNaJvjFY2SXxCRRqzsAHysiFYLzOyDubGI7yyjtvyAGh+C41BsU4IzT+dZL/HJJ7QCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yP1+b4a/jprhbCwiHbwvZ/V/bgapdxOebcr2yuOU10s=; b=dOnCfnSYxajX92CeRnRR+eLAjNLqR+ZLKhjCNe2lbGbEwiCDve7UkngRr3VUQy4Sgx5vBLXat0oCAaDZ3VJfiFqZJef02qi3zShSyRvnNVdfsB79MLVI3EHi6EJtCM5ZNHLb4nqI/+xWlevT5be7HYwfuArb+tCA1JTmP7JtLbGAwxSMHhaucquNV2XO0w75NuLaPUs6CxVvCr8u8EN0Z9AfsnXFFofDo2vzFOo/c5pBzXNIRW2vq0oLryduwsAwEJhoFo+cpKA+HzFjAZsrvJbolPgssnG53JcTtM2cBcKQXJnuar9JMjRW9mDL9GFA5yTRpiVgiWejRW4CvXt7pQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mt.com; dmarc=pass action=none header.from=mt.com; dkim=pass header.d=mt.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mt.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yP1+b4a/jprhbCwiHbwvZ/V/bgapdxOebcr2yuOU10s=; b=bK4JCmUdwJVHAq5YOKyguMfiVYTggJLltbA7MbTwDlXEx5finKD5a70oCYL3X5Z0C9j6w4VJcaWixjhwoP07DRsf+veGRPlanTvKde7Oap6geqmA+46KEzHoV5bQzLBL9mvpIqQtA17amW+OgG1LmQcBoNZrjgOiH8Ck76DuV5vlyyeP26anDq13jo0Un2EMNcVh9kDHv/C56LoouJ557wZJyPjnJ2pMlul+1U6e1VdhlHytTNchMtzg/fObvx7eNGKvxhNg+oC8SNDJPtBHv4oAH7i6eCmuCcOm8whgVL4D0TH7sDtzrA6BHiH+zdRde7+8CJbT00v2CtCfT/kEEg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mt.com; Received: from DB6PR03MB3062.eurprd03.prod.outlook.com (2603:10a6:6:36::19) by DBAPR03MB6439.eurprd03.prod.outlook.com (2603:10a6:10:199::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8699.21; Thu, 8 May 2025 13:06:39 +0000 Received: from DB6PR03MB3062.eurprd03.prod.outlook.com ([fe80::b201:e423:f29:53b]) by DB6PR03MB3062.eurprd03.prod.outlook.com ([fe80::b201:e423:f29:53b%4]) with mapi id 15.20.8678.033; Thu, 8 May 2025 13:06:39 +0000 From: Markus Burri To: linux-kernel@vger.kernel.org Cc: Markus Burri , Mahesh J Salgaonkar , "Oliver O'Halloran" , Madhavan Srinivasan , Michael Ellerman , Nicholas Piggin , Christophe Leroy , Naveen N Rao , Jacek Lawrynowicz , Maciej Falkowski , Oded Gabbay , Linus Walleij , Bartosz Golaszewski , Nuno Sa , Olivier Moysan , Jonathan Cameron , Lars-Peter Clausen , linuxppc-dev@lists.ozlabs.org, dri-devel@lists.freedesktop.org, linux-gpio@vger.kernel.org, linux-iio@vger.kernel.org, Markus Burri Subject: [PATCH v4 1/6] iio: backend: fix out-of-bound write Date: Thu, 8 May 2025 15:06:07 +0200 Message-Id: <20250508130612.82270-2-markus.burri@mt.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250508130612.82270-1-markus.burri@mt.com> References: <20250508130612.82270-1-markus.burri@mt.com> X-ClientProxiedBy: ZR0P278CA0057.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:21::8) To DB6PR03MB3062.eurprd03.prod.outlook.com (2603:10a6:6:36::19) Precedence: bulk X-Mailing-List: linux-gpio@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB6PR03MB3062:EE_|DBAPR03MB6439:EE_ X-MS-Office365-Filtering-Correlation-Id: f45ad1aa-8e33-4d12-3f7e-08dd8e312bbb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|366016|7416014|376014|52116014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: 4g41KD/BF1zGc9DaCRQo0rmIo330lcFNUi5soR97oISUrBbJO83bWn5qDhdoaig04D4w6jvnsDXyiB1vASF6WeQyUXXu/sGjMh1fJgnRsWkXUtF2FHj/NH9jDGzuYh1zJWbxbiBZQzVzq5r36PwH3YXEaCQghA4pooV41puaNmtA7d22vER98SNnP/q3Ouk9psrZHLdvSba5b0z3+enNsFJ/wJov6NX4gOk2EDQWLmURFe9yRHUvllyKhfl3ikl+BFvtWGi/g/Zu1UFcVWVGCVDyzoPypL0mQLlJ9GhIb+0GXEq/YYJeQw+bI3KGeKEI2byik66Rv/ly0ciAKJTi+ZS2ywTf+6a50siOnslft1rfI5y9kProh9yl64TENwo0B3mWtk/GpB40Skw9clBlvct1m711eWHXyj3VwhCzr1jXwUsmZv84KPk37sNrJyvgMqrbB1lm3McudQBYTiuJ78t7cULOD4NVhUVa8FxdP6YXufLOH/NxjkCSjAs3uuw6wdRLTEWr5Hti+miFKUUJZudIRJgiIAd1ZIT+l++WNGzUP+RUZfxIm6wF4kkVKRs/JQlT/5YdudSVTGuAAHUjk3KdX66G7O5eYRXXRXAMnWwvXPbxq9RuDlSMBjQE/3HKB3zEx6N6lQIJbFlYFb++5rln8n52E+9eEtT/+pYxawtRCh2U+sFCvTB5QlU+GyBCbwkQZ753YcuW+oW1puH54z8uZ+tnlZhb4wHHeh70OFVHOjKiFY9bBIP9COFftdWh3ik2w0cyqPGuypByPa6+EVfCqY7HoKPvSuFGI1AaQYGVv3qVUxV8T0Vj3AwrvhSXGeSHB9F0arVv+0/2nKjqQY/iw3oDQVkEPQ21H3ssDyrZ/NxczYljs0ivgpMTX73BA1e5FNDQyGmlt83Za32yanlJB+ezSma0aOxtzbh0ELQwQ36JQ3nXN4nnh5pNaN5AqQ4EZDa5WSKUuc4FQLiqy0RZucDC38hDkSeoh8F0k3yvPtgKMI882dTV2r+NmcwDfe9LA5/peGUJDTsQeia9c2qQ1WaboI1NfeuTACxuaUCf6qHdCQrSx/UBJoLRRC6fyhTsWpZz2594nZeNUIwXOZdSlIQLrxbAGFGYwNEjbeGNk0ByihEfL4R8KYtGDgYjy74KAaP7iitY3tf2jTXzSfd3S+3aIX+1lL5gem4B9jbiaHaNfHNDQseHwqnhpamIyptw8fHO3e/HEQwKOZB3iM7DeufdnikkUrWoS/VQuNYf2xPIvhiaN+lxmWJdMcpLnS5Yzgv4obzJ9cB3llmzibEnyVragQW/L0SMkCm9VOnlAfsu63r3GhikfbQbL6wFrIrUHwAgzM2knBv0Gy+3lJoljeEbANS2ErRYqLuOE+ArQMwQJUwJJWRzyUczjZ4yahJIN9GbQqU7aSpycq34wX8yj/IaWe8joD0WVIiw3Yo6It2p6NedSpvaI3ibu5N/TA/PoRywRTqWkDJzxHfjag== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB6PR03MB3062.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(366016)(7416014)(376014)(52116014)(1800799024)(38350700014); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: wcd1Nps0LT9CQu2M341ZLDlp6TBWPhfTaQ3GTBsNOrIMU88ZEnOhnaILtzZoPSgiOdB42rD2G3Xpbhqwcs10OQH2um1JeIbOsYrhPMxTzXpg4YZHJMs5svAtF6APvxpWuLfBY2PqNjtb4e/+FQ5dqImy06H7Mp4sbkWnfFHLVfTvuaZMqq0ODKEVzNGLHJcxuclXcSOWejpuvgf9KXRRRl1QgMRfepatuHsaGnpnN8A1UvNzV859SAooaYE0tjgZCVbBE0up2NEOvtVBPufSt66MZ+1zDIzKPGryoJS19J9SxAiPQdNBmfqsYWYQhDP4jrF58ZMP6lsjqjE4NnkHqAhlLp98+me8yje6PUyyLKIbWCuw/a4fBmAduK83sbmupVR2QxjP/bFUIGbeOEmoIMfILNo4m1Oo1X/G8DJzIfWZLMlkumq1d1/AxoRCy5fHCjL1JM8I9NYa68r99hZmWNy9FECjRw5poSE4L83+oZXSgaj9e+WyrW1hu7opEdliN2zJWXj7gmD9Fu4KpW1YPuipBGP+J4saLS8LkRoujbif1edb46tch6XayG2lIGpofxsZ7FvOt4pFJAgf/HA/KvU6ZVVt0KINzivIRpjfrJsIH9VE6NVC6/n4bbGfM72Jr1EHZaDPz753PG56ymavX+WNXlUTpGRh1O3FkJv2GSdRTsSkMmL8xsRiAFY1+Aybi8NUATyZc9+bxBXISod23c5sApvp/7/abagL98HfQF6ycJgONildI9UwNDwc9zJzumuFctPvr8IxzAcI3iDYdl0NnbgSDVNQN17ZCrGu6CWgqXg8xslFPLeomdffX0L6Y65DAcWzwcHCSvUdliQpMlAcW8SOgmLb/2YUJE+Gj1N8Gq1fXjar3oGf0lomzc7FGi7kwL1J71lq/AzTgw+eb8/dwmN46UA4UrSwZhFvR2RNX2BMDFl2qXHQvcQifFQm6X3Wk2xjGR/o3nlbYI4LJNmnjroK40wZDf2gFAPS973TrdCRFHtOOhemddCx7NiFQbS+P+gidg1LKrc1uaVhsma0UYauBCVZZT2OPLOZl+s0b/EjEDa7t3bM+80IMkF+buHLXRVo+V01QtDTtn3qj3JxrT7kQhJE6AoE28gZphynCku3T5UspZAFyLVo5h0GPGg7lCzSv2gKa8lsv7r7oC6VptQttiLWIL3cKAsHHS2jtcn9WpbQlkmSdxCJaWA4uvTfBtkGot1aVkDbZ9i+4z04haEcIV+5JA0fKul9NHVbxHuW5TdMmkyG43pxkmvzqmDbNkMeoIhuqCifzrVfBYcRH3CV29qR7mpYIGB36SOdbjGcqB3tEMem2Nh+BbShaT9STVirgFLDrGBfnOhGITj1sizsfPOH/+/MR7167k2F4/eulV6IH/Ly/V2u46JPpYqRSWFPH7mPQuarwMnUHlpoL1YU5dXyI2vG7lMeOdCURm6C7/av0bxb20k5BeJ7YGOL0fiKOUATpFork2ec1sp2t5dgilXS4LVfBFOMMD/sa8+6+9cLJY4jh6p+Nv/BumHNMpO9DJDTr5AJzhGP+9Mc9no4TBwqoq1yB2wBdvcn0f0+KebvI1iiJ4VXrQcP X-OriginatorOrg: mt.com X-MS-Exchange-CrossTenant-Network-Message-Id: f45ad1aa-8e33-4d12-3f7e-08dd8e312bbb X-MS-Exchange-CrossTenant-AuthSource: DB6PR03MB3062.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2025 13:06:39.6591 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fb4c0aee-6cd2-482f-a1a5-717e7c02496b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: glK84L5gfgYhCrvlnnvmVZ4Oq0OK22CGzEffkaMO+ezr/VGuCH4fohYe0u49iWdnoMEt9aOub0HzgDBi3UiqBQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR03MB6439 The buffer is set to 80 character. If a caller write more characters, count is truncated to the max available space in "simple_write_to_buffer". But afterwards a string terminator is written to the buffer at offset count without boundary check. The zero termination is written OUT-OF-BOUND. Add a check that the given buffer is smaller then the buffer to prevent. Fixes: 035b4989211d ("iio: backend: make sure to NULL terminate stack buffer") Signed-off-by: Markus Burri --- drivers/iio/industrialio-backend.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iio/industrialio-backend.c b/drivers/iio/industrialio-backend.c index a43c8d1bb3d0..31fe793e345e 100644 --- a/drivers/iio/industrialio-backend.c +++ b/drivers/iio/industrialio-backend.c @@ -155,11 +155,14 @@ static ssize_t iio_backend_debugfs_write_reg(struct file *file, ssize_t rc; int ret; + if (count >= sizeof(buf)) + return -ENOSPC; + rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count); if (rc < 0) return rc; - buf[count] = '\0'; + buf[rc] = '\0'; ret = sscanf(buf, "%i %i", &back->cached_reg_addr, &val); From patchwork Thu May 8 13:06:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Markus Burri X-Patchwork-Id: 888709 Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazon11013044.outbound.protection.outlook.com [40.107.162.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF32B227E87; Thu, 8 May 2025 13:06:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.162.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746709619; cv=fail; b=g1b5BMZ6xUrw313F4KvPypLLUIIayHRfrUYyJI9b2t3Z38sqP/nyYT/xgYae9cnZAmYPFEjREhAYvZGTBlLIY7zWTK23Yz67/LZu4Q7Jj61lZCW7qYyvz2+c5GqibTvqWhYVTGrkklM/ImufjVlIEiPXN4r1G7lTmXgx4aXIyhQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746709619; c=relaxed/simple; bh=vlnMzlXSRKggMJ3XEkytmbgJFrFq6L8FQT6+37O/XMI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: Content-Type:MIME-Version; b=MaEzgfLwEtkCKZ8TPaysiDffn13Zd7OflysePd+jf9r5K/5kPA7x7auKnQc/VPUERBUHxepv6DAT8jHakU3nBTm9LRzpB6A6fV25dwJqzrliE5rEi1bQNQXf87bMI0XnRhFoJxfup3vgWYOQ/P+sL9RkCCt/7+Xb3aaK3PjON5I= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mt.com; spf=fail smtp.mailfrom=mt.com; dkim=pass (2048-bit key) header.d=mt.com header.i=@mt.com header.b=skQK5h6w; arc=fail smtp.client-ip=40.107.162.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mt.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=mt.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mt.com header.i=@mt.com header.b="skQK5h6w" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NoM88MTYRT3uoYSNp6XEeuxuXN6jbTo6diQvg/4YCYmDMPOVO82SNhOUmVJ1jIvYxVYINyhu8Mu+HLJZNLcNIfy6wLpALjSWqM4JJvGlgG4cvpZ852THnLynPZKHzA89AEe+5EUqwI66LkpzxMjk/KA4nq9c4Jt44WcUoJ4QbaBunFgch1Jd86f3zz17uGYxrZ+Jef/pFsgq8OwFB7q4ub4OSyUllWXjWZ4SLJ1SpC3s7ebIDbbTCCO6BlQG2vQHWLiouQpuO9r3S9u5uDnn+2W6bpV+nKhRRpXZgsirNSyjQ+f0bNb4AHbCs/tkqY4VmOCZZ4EYWuOuwDSl1HAfpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VRDR/onfdWCuzRRmPokvPr/QmVBJp1A2uHl38EGDFFs=; b=NmSTSxkcCF48l+4mKNx0P/isvQKrb/BOO5pcA21P4G/8RxIj0fswH9xGnsKKhx91UotqVnptceDukGe5UQG6UTP8t6awo8jHzAU8+NEgik4wiwio2IxHGW+Uxqo5jBe+zFn5lyIebvjlFkqV424aVRW/dQhnaRe2yhjopvkFwe5JCLjjfNCX9FownjR4hG7jnQEJm+Xgv+Oi4ADKkkb5+w7MMayeX0tWpf+Y5tJwrfWwATEfcK3/eP/Ov7Rgl6VIGD0Gdc+8AMz4athx/5zs6CbYfD14x9qQgw/BGE/c6+nIY4SpXyMz0u5977eHy49seinE6zhRH4kxVd04urFoTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mt.com; dmarc=pass action=none header.from=mt.com; dkim=pass header.d=mt.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mt.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VRDR/onfdWCuzRRmPokvPr/QmVBJp1A2uHl38EGDFFs=; b=skQK5h6w4o0EIPnCb+YWdjaUdySUHrcMkc0TTsLddxXiNO4M5Hr3yidf2jchjPW2jrNVnhZGvy9vr/drGPn0n9miPaRWM31aLUl7TDe3Fas4OEayDgi2xqhh0NrZCglc9Md+7GUETmgTrEbPFEG86eff4Qt6HetxvKzrS8/jof9qejZ4OLuBvTWeEgGbHl0dFlDuNMcb5pO/RZYmxBC7/FqhnH862UPfva3dqyLjE+jBH7UbCL2ZSdum3XD/YF/RX2xhMCgoo8vwmv+MLIN2O88RZbGriC2KbP6eSG01awg69t0I/D2msG6JeyCYmou1VMnSDTTGGKjSxtHkjJ2nlQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mt.com; Received: from DB6PR03MB3062.eurprd03.prod.outlook.com (2603:10a6:6:36::19) by DBAPR03MB6439.eurprd03.prod.outlook.com (2603:10a6:10:199::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8699.21; Thu, 8 May 2025 13:06:55 +0000 Received: from DB6PR03MB3062.eurprd03.prod.outlook.com ([fe80::b201:e423:f29:53b]) by DB6PR03MB3062.eurprd03.prod.outlook.com ([fe80::b201:e423:f29:53b%4]) with mapi id 15.20.8678.033; Thu, 8 May 2025 13:06:55 +0000 From: Markus Burri To: linux-kernel@vger.kernel.org Cc: Markus Burri , Mahesh J Salgaonkar , "Oliver O'Halloran" , Madhavan Srinivasan , Michael Ellerman , Nicholas Piggin , Christophe Leroy , Naveen N Rao , Jacek Lawrynowicz , Maciej Falkowski , Oded Gabbay , Linus Walleij , Bartosz Golaszewski , Nuno Sa , Olivier Moysan , Jonathan Cameron , Lars-Peter Clausen , linuxppc-dev@lists.ozlabs.org, dri-devel@lists.freedesktop.org, linux-gpio@vger.kernel.org, linux-iio@vger.kernel.org, Markus Burri Subject: [PATCH v4 3/6] iio: fix potential out-of-bound write Date: Thu, 8 May 2025 15:06:09 +0200 Message-Id: <20250508130612.82270-4-markus.burri@mt.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250508130612.82270-1-markus.burri@mt.com> References: <20250508130612.82270-1-markus.burri@mt.com> X-ClientProxiedBy: ZRAP278CA0006.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:10::16) To DB6PR03MB3062.eurprd03.prod.outlook.com (2603:10a6:6:36::19) Precedence: bulk X-Mailing-List: linux-gpio@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB6PR03MB3062:EE_|DBAPR03MB6439:EE_ X-MS-Office365-Filtering-Correlation-Id: acd65b42-e60a-4848-d383-08dd8e313527 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|366016|7416014|376014|52116014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: 3XPYURECBMz6fAEhTDgi69k8o9VhuM5rlAxI7Dd9NjRdxvz0DhjLYhs8z16kKF2WmDy4kJgXu8feIXMrYSEj4YlN7uQ4fBqzD/NXBqUppLq/0aCLRTJGzypBnWAqnt6QpyX0NRAPd81OmOChx5UaN5GtbYk2qPPU9CDQMBMPEk2GyQOfZlMGvcNkAg8hBmuftlKtdGAVca4r8lbpUpTNI1bdKDgXwFaZmp/hXIQ9KXFj8KYOETjpibs+5nyKWiVXe7c0kGuk7MkGyhBoJzqXqApQZKO7+xzpqBFKUMD/jGtlh+sAmCnHsGLIhodk/0LpDemPAMhYON5ZWlj5gLkC6JvR2vaZ0pTzC5GtRYGwdtnOi9RpOCoFk3JLoiSKxrdAax/HIPBKedeJm8eGyxKeRQ8Nvqo4aUcaqLELi41YlLxwyKjO24WpEjqulaesYkXjuvX4ixm8LozUmNbqmFxQjcmQqU/pgOOQoXhh4CdScqx7S5rQ6gbhiWtewmiuA0rMKayW1I/Yjmnm8DV+k21cY3d81mQaL6GhmOIzL3wJHWhN+T6lvjHH4G/EtQ71RVdtijxYmoZrNE6vJv6eNbLl+BiikKjDpciNILWei0AVFUUXOYXwajVo9423MI1Yuyqy0egFDoXSDePdUeWH+VQT1UaWsLuSoojArJA4nM5dA5xfnZRsQtdAXI+vChMp+sav0viCRyDNVZSLYs2IADTsEFzV5Y5S/5SLkLB78OoCMcw5u8yKgtwDEh9yGDkLHQO3YremCmTGzFHLuqad2rTFj7xsNxzW9zLVwgP+dAbDK5gAmo6vWuYIq8moRd0gVVa5TrKtlE/2SpoA1/hiO1bn6qn1/UB5oYje1cdESfR1GRARt2MMzHRWxx2uEr8kKL/StAJVfsVXL3m91+gFKymx83kpY4dU0oLT3AQ4VBsTrOr5BLxBYIEYNt/tewnXD682Ht3AthXGYSLIp/z3tb6vZ2UND1uA25Sivp7iQUqOr/ydTtLHPjZr5AxLwiI7D0mMd8ObHVHuZ2d/HeyfqPb5PZm+fYuUFguzDR1kytUjPnS1CheOoyxCNoXowbNrj7KPgttY+chd5tj3C59LcJG6LG2Rdlf91Rn/7A4q4myCAxc/mh3i5bwQw2lv/KiEkGH2k4S2kw53Oj1oAv6vXTUYPdJiJr3vFNvSftydimI5nNo2YPGsLckMSPwXephIe48ojlHXrsKHayM+zVsesc/5zeFF625nqvKKtRmjzhwcvC9kzHzow7Yv3+mLlzYY6XLs6TqGkwQkMkxk/mDICDd7riR/ZnWouko//lC1bQAcwbSk0zhKtPq4z6rlSUjGwzurLcbpxzQOa60z2DNxkWBZHPogALbl4HXkxlRHPShX9Mam/9eSm93j/NS48yDrnJiqCJMlZ4TekAgI8kFatryRfZk6GQMAM4BTOlEBcz6p0jiXHky75v6VgsEx6a15Uh/Fros6buUtiHG95wsfqfm8eg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB6PR03MB3062.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(366016)(7416014)(376014)(52116014)(1800799024)(38350700014); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: G7TZt4CvpD0XR8WQZsF6nqIGynQ78sbX5LPNdN14B0OHNwsZoawpuQRZhW5Q6NL21wxTl0AsxldA+2GzSy4CDsMXCOyfPfZkyZCmFJKekNSemhB/OHOKbezW8PVlwTZZkFAtempfGlJ0mA3cLjQv/yKZ8zQfz5N88rohZh1p5rTi2SsGqnVvbAkpNELA+2lCSzgC3sCuFOGWeybC3FY5wB4kT8HtZ7CrFmM/UTnGBU/6MtdRJD86CEtKNMUMqyQfmg7K0luwsy/zc7RRO3EKtXbH0FnNXDQlSxZl2IICsHcXgyebZHDhxxuuPtElx6MyqlJpTMnDz95c7kcQwGNvt9+pIWExaP1U/psJBe5BsDlYyaKv8QOJ8UjM+LcHJGzL/sWD9wycNWDU6JVjYT0YJOdpd+xnGBF2XmG3KcutGC614qX+7d2A53g+iFyB3ValuUeAwG/7Bc07UsFNMfVkWdQCBRYqHvyZN7EpzIo/vBe6TNP48Iz8m3qqsaWVcxmjZS5PfzmRiIZkWGn+b62Mv4NXwbGawBj3cOy/0ycuj2rgWZEzbuqAgNT4bRKYonozDmB+hGv9V2JS2v2+5VYP3jy2T4UtEla0PPtO6zL9wPifdlLAbMChC2ulD+JODtkk4hs993MEq8TfdvM/PUWuQbLvTKPc5XNOP3hYV7uO0r9HX8PR2OR6MWfeC+8a/kAPfbASIo+nyaJHkrdopZVjbdoawqAl9o9AwtSKd+SdQWMyNkSoSxhrEg1b+TZSUfSLU25tcJK0NewK0e0XHuRFEbFvpYsiMpciLZLq58ITq10Vf3NjCl9W2VgdIP/RGBpEcRoG6a3wlXGtjVscTZml9dlu+FoTd6B5SVj7q/tJNpMyhzna6CbFdvipGMBa2d11F7zn8fOU0GMLppGBxgSsqE4DlOJya9tFHlorZQDqCmxbmf9D5OuXlu08HbJ+SFWsSQuufD/aDACieYMJP949CGexWLps7pyRQ5FW5547HyrCF1IcYTp68xcss4EPMt28W/Z/3jNIqUpBP/zPkszDBfjdYCVV561d3QiEdjAsjL2JyBbymuqpgSfw7f00nSjKuNbN2/x28V1VNizYquP51EeCySC2rs3FsZiSc/yorF1vZSv4El9UU1mXpoAM/IP07bPVzr0ONieLcxAU/ZSM0JhjmemAWU4xXKmxxHKSbZgp8Yy14zVVzOwKNmMQQR3h27LyhDKjFK8SYgkaWmwW7vtenFb5UcCWU+pQAwxP7PMtORmJE7x2tfIbNi8enbZYxSy0RD5znp3wuU4YSGMgccZX19QE2egRNUwwwl00q4JfpLHjI9lCKLT5r0rYcYEN7SRTEZdVluedTKFMUBPkWvW4cbGbGNcKGktOMwJYirHguC6Rg05oboD2MFzOkUMaBjXvRz2b2E9n4C43HjeQAQLSjsuMolQVmD6wA4KMhJRrLjShWdrvqwdE/DikwUtnyTWsj4GidBdfCvTDJ3PuFf/OnFUtAqTTHsqdbUyQLeyc1VGCsOIsQ2pmQRnG0OVq3i+/+Z8Lx3byQidSv//rC1g7bQn795tdCGGFi8OFr2Nl1yJtZpw6qvulEv35wWlT X-OriginatorOrg: mt.com X-MS-Exchange-CrossTenant-Network-Message-Id: acd65b42-e60a-4848-d383-08dd8e313527 X-MS-Exchange-CrossTenant-AuthSource: DB6PR03MB3062.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2025 13:06:55.3602 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fb4c0aee-6cd2-482f-a1a5-717e7c02496b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: le+jr6sQGJ5ZrccxKg/zDx57d9n6NW0FXP9xtZRwpmfcvdoRicEoBLKcOHy5ycGodIK5NS2Zff5/WqtCx9iHcQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR03MB6439 The buffer is set to 20 characters. If a caller write more characters, count is truncated to the max available space in "simple_write_to_buffer". To protect from OoB access, check that the input size fit into buffer and add a zero terminator after copy to the end of the copied data. Signed-off-by: Markus Burri --- drivers/iio/industrialio-core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c index b9f4113ae5fc..ebf17ea5a5f9 100644 --- a/drivers/iio/industrialio-core.c +++ b/drivers/iio/industrialio-core.c @@ -410,12 +410,15 @@ static ssize_t iio_debugfs_write_reg(struct file *file, char buf[80]; int ret; + if (count >= sizeof(buf)) + return -EINVAL; + ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count); if (ret < 0) return ret; - buf[count] = '\0'; + buf[ret] = '\0'; ret = sscanf(buf, "%i %i", ®, &val); From patchwork Thu May 8 13:06:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Markus Burri X-Patchwork-Id: 888708 Received: from AM0PR02CU008.outbound.protection.outlook.com (mail-westeuropeazon11013042.outbound.protection.outlook.com [52.101.72.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 128BC22AE5E; Thu, 8 May 2025 13:07:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.72.42 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746709638; cv=fail; b=gPBTskq+QWIqDeM/uCLOFN00MV+jmaJ/M3ODM1/1QmxcylM1CWNNjm8TB3b+W6svhEps1Sloe+CBLoCZ/at1kUNcaiYlGo0XT09kRpMvYaK3WR+IwHTHZM6R/ToAbuC6XFt2UDgcWQ4CkF1a1gH+Gt/nbkp7XBLrwEkmGyxZItI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746709638; c=relaxed/simple; bh=tsh74Q0MdhPIR1Zj3v4HiKOyTX8e2UIFoD+IBErfiCo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: Content-Type:MIME-Version; b=sRrUTwJ4griFJvnNYoezfHCPewbRb+D/jefjLCo4QcotYuhTEU96Oo+zWLABF9HxxI442RpiKVqd9t9fWZRBrUx5OHllOOm9OoYERRquyBl2d75cWQRLvVAcn0PHXyZWq+W14vwbzaq1jgKaPiNDGn5p9hyD/tpO64RBepLVVpw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mt.com; spf=fail smtp.mailfrom=mt.com; dkim=pass (2048-bit key) header.d=mt.com header.i=@mt.com header.b=gqm5UuuJ; arc=fail smtp.client-ip=52.101.72.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mt.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=mt.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mt.com header.i=@mt.com header.b="gqm5UuuJ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=bXT3XxDZneGsl4DD7W/UbKsBnsDeL4AeTyTRzbRrITQYBiGw9txxZEx5HAajvtwQWxMSEod/IWleeask5J+IEzHbpn2x607cwXG/ZfwNcWgkpfNNlPuEyfAIxhuw2ubXRXssqw7Rz7Tk2HJf4oEp3mKLdiCUHibhyRyV0hMKqKoJ22E/Z+GhhZBgzP0+NeyKlKHqKxz/LgtkwVtYQ7nH+m9R1HPSpv4IZZlkwbrGfFjCK8ADyxfXukAFRsKx1kPQHKKRiToPNw3AIrhEkBfkcC8yp2qzZPfqtiQm9LaIqjmYAFJA5ZaXRQojjrLB1uLJv2d6IOmQbszAaaV1uwC7cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S5F41WSHzCATAWBZl/xM7lrGyq/XeH1P31zMh2fxr/g=; b=W53Ci65v9L9u2qX+CBVGm9KuMkwi983EMw87O+7A9U4063vlQuiEvwOJVTRnaOuscZpu32Q9AEOrhrvaObdUdrKNYCuG2cJnJ39ksXp2avf7O4xXmEHRgIANUc+DtSf+sYSoDL5n6PCYxyJvTGRcWawHwoMcvevjE9SmiYIzOGXxHaXCewJtWOAYQFu4317S8C6CHzwgT/cU4vfT1H7bNqAY/IxFqdaL8o6N2RQM0Ri0nBdbGc2QMdNzZU85JPXPZNAUr2C9BJUe0GR+k6BVclCLrNFswiDpJ21joNMSoSV4WuN8dF5TwIgqfsQDkKklzgeril4ZfwhvKiUwrI/Z1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mt.com; dmarc=pass action=none header.from=mt.com; dkim=pass header.d=mt.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mt.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S5F41WSHzCATAWBZl/xM7lrGyq/XeH1P31zMh2fxr/g=; b=gqm5UuuJcqTFu+wiaVy3MxzDnd32sggllXLk+WzC4IOzKxuZLxyI3sDxYcWcXc/r1rtpIfAPsLLbdliVkNwbsIx6Z9SRmNzhKaOXaULiJh3zhfJ5+LjvwApCjyxW0XiMq6w9sFXYFiJ6ASnUxFv83vpoAYHzIjfR1wr94YvBd/fj3i9ZmVabI3BALZIK84tD2s5/z8PCqJG30FEreDotpkrOt5l6tr8e37HvnaaPZsWNNOQ2tP95DRiYpe8EKqoebLvc7mGrEOLiXvWSh7uHaeoRacaKx4p9TOGFSNx1bKFw7Mqp0CSy1/kohcDYlJurI5ZIL6kt8PQmdYGE0H8SKQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mt.com; Received: from DB6PR03MB3062.eurprd03.prod.outlook.com (2603:10a6:6:36::19) by DBAPR03MB6439.eurprd03.prod.outlook.com (2603:10a6:10:199::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8699.21; Thu, 8 May 2025 13:07:13 +0000 Received: from DB6PR03MB3062.eurprd03.prod.outlook.com ([fe80::b201:e423:f29:53b]) by DB6PR03MB3062.eurprd03.prod.outlook.com ([fe80::b201:e423:f29:53b%4]) with mapi id 15.20.8678.033; Thu, 8 May 2025 13:07:13 +0000 From: Markus Burri To: linux-kernel@vger.kernel.org Cc: Markus Burri , Mahesh J Salgaonkar , "Oliver O'Halloran" , Madhavan Srinivasan , Michael Ellerman , Nicholas Piggin , Christophe Leroy , Naveen N Rao , Jacek Lawrynowicz , Maciej Falkowski , Oded Gabbay , Linus Walleij , Bartosz Golaszewski , Nuno Sa , Olivier Moysan , Jonathan Cameron , Lars-Peter Clausen , linuxppc-dev@lists.ozlabs.org, dri-devel@lists.freedesktop.org, linux-gpio@vger.kernel.org, linux-iio@vger.kernel.org, Markus Burri Subject: [PATCH v4 5/6] powerpc/eeh: fix potential OoB Date: Thu, 8 May 2025 15:06:11 +0200 Message-Id: <20250508130612.82270-6-markus.burri@mt.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250508130612.82270-1-markus.burri@mt.com> References: <20250508130612.82270-1-markus.burri@mt.com> X-ClientProxiedBy: ZR2P278CA0010.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:50::14) To DB6PR03MB3062.eurprd03.prod.outlook.com (2603:10a6:6:36::19) Precedence: bulk X-Mailing-List: linux-gpio@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB6PR03MB3062:EE_|DBAPR03MB6439:EE_ X-MS-Office365-Filtering-Correlation-Id: d942e158-cec1-4556-2a75-08dd8e313ff9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|366016|7416014|376014|52116014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: i+eBpRJ4YrvktpJ9eyQCVL0/0ZXYHo9S0CCnHdGRwhwxDOH63nevPs8DGY3fExITHd7rolVi5x/Ile2sHulaelP7lkOLcZr+XJcHQn+wSiO8cWBJnAnbQCWtUvKBCtKUhWuy+eL0csGYoiSWIMbIUpK05hyY3zB5NZMUHd0BGaf00HDyIr4zqT2jpTHIBAD2MMArbCI4jIWq3WKoUUg++iAuQjo5omKw3DGZ//OppweYpGNSv4qrUqwJgB2IKx/d3o6CBwhonufpxZ/+wqgH8GYpTezuANEn3OkmQwA6kJ/ECeoh/BFcqKdko3/2Q9eKqs+dKqjC/tXfjO4R5vnqbwtdSxUBQEuqCRuqK+M5xNhBVjucn3sWY+ZSsW9Wh4NWva5m5PWodsJixf63L1vGooWCFPf9OLu6T42zIO+Q9VtqwPFt6gv+m8sllWB3C91q5GdGxNCqojGUMD0PqEK3DImUKQSmWIp9vQIdYx7yQ5T+6Z4RuIViQgdFNmSV8rHgoxatNLpwvRaYL9L3xh2VoXv4qPWGE6RCxJ4jIsuY/YcxUGJSfBvUOwe1z8VCZ2fZXKK/d7NmgNE1UQtrj14Y0h9o5ZkCLjy7HpeBTfxQYWK7lU9f/OARl88yIM3/AL2s1lYksViu1bR0yaZ9rHEZ7QkW5X3peuYIrksU/CdymIdgXmjEQgaLu8iIzs8fTKsMgcC8kC0cd3DOVekZu3cvxY8KtHxmJAfVzAOs1RnW1jWOfDfR/iPkkPZCoUM3owjKm20sEczohtczXW7PnH1okyTzClD1iTaP1pKXUcjjiM1bYtV/GhT2ynzOFqM0Dv2NhqKLijrwN4QhlQQoh4HWP6OmhuBmQlvIbrI5MOIWx3vjFCR6WqwvMA/Q9/TvR5neKjjE/9jsjMDVZ9151+K4H/+XlAmTHUVDvhF60Y3jqLAsh1fytGjdZNaZd6Iyepc0EA+YL7t79GSiLUusgnw6rFX/k31yWCTMyN+gCqLglEcDCSQB0KXebzrWm9iXbX+FK9XPT2gUNu96j9St9SnfaQW/ZiyB51BxvwbB04FC0HgbNZqeLeP0xwChqDqekvJVBenz5SNLxAggiPKIrdQJxFRROKpQjY3V5O/aw0aFr5wrrjP1DzW5KA4qfy5pphzsDnxLYkSjr7NJIhT5iYgklYDup+oNvIRfpeKrpWjmLG6qMpYUxTHUlBmC5XhIFO6zq7UUtWmgp0s+lNWb0jhrQfL5ZtUIR61abbCLrI/ACQ/mpB7xn6eQHyXInV3gUDv4h/jZPguqegzb1GjDoMycOueBaHlNW+TL0+d0c2fhqdSnZVh7SE6wFh+usDW5AgzNkshKqUoPxun/nPSodbF88hCaxBHoJl2r1OBCIbsFb7BJzUtw4rri+PKrpocgK96NMpWBCsXWjjL6A8QzA75SeUHxo4i3xJjGPkyK07mmsmuuyMgWpK6zbihLLQqcN4pWH/l/382weYqrRMu23v85Fw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB6PR03MB3062.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(366016)(7416014)(376014)(52116014)(1800799024)(38350700014); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 1Zh0dIsPa9pR0Tj453r9azWrgpcqbHNs9wfiFjiJ/EOIu+LpBhz+QAOiaCBBSMWvvrE4bSWDth9ktcOpgP0A3YuEq7c17Vp3uha3oQTB6Z9YGDZKXje4NhhFEZMWgK9dQFbv+JPNldivCC88O0X3KLT420SY+Mjj7bBobh71/0oPFYg7x6xyha3En2vuibwLp0kP1MMGmL+jXZg29tW4+dsC3Hf5zn2FsRfoObt8uBhvi1YkgnqkEaBIupVqBGW+Wd+mmm6B1/S7KozPeRKVu3Yr6vzxndIdbRBrDvofZiJZ9HG/Gr0YA7Cno9uAxAMrm5N0fepwCDLu6vG/h4Q7IrOTD0BZV+NiZ/CAV0GHgvehKRJRLewflnAa8U9Dtq4GFrVFOjvZnA7x2Bfbe6ILjG/Xb9Khxu3pk1ECuBXzYdD5P5FvO1PA/O6nehDwTI9o7HU8p5633CHqkKG8XQEikjYEsviL3CqCLc7MNUBXAETjlqYTg4APUfPpp1FRCCn62T4VM0SqZSbt1X/NX8GC/M1WvFPawYk6UDHiFEdCSeshMktJuV3lsN3j4aEJ0p+hGa1wRWBYSjz2jQIAMoGIuOSljCS6Ywv8+KCb5U62SV0NVlaGKJkiYmT7SKozmj4IrDj57f/IY15rUHu2L5t92AmMTfRiTxPk0yr1qdH9AQnXSQG6VcwY2OQKE0xeq+q32cUE2aakKPh7c8dpHbA8pmDbZCYHqbSP/ciZ8hu4TkMlmIWOXx2lqNKZ6KXAlV9+Z8ix/RQtCPrLit0Q1FxszdQ9ND4Ehob0Y4ejeUcCDh6mMweoS9tHELhuy4q9NsM5jVT3eeDhDIxt3fwBdXXhxuXlv8yAOpaDI/zPY7F8xzRU7g/hMo9bYTyPNoMWLI8xySPcCBAqq6XiGLIZCxbtz17AgcYtvA0qZdtq2mbrYuHjXKR76pgkFPsSHSp2YlogbGH7VoNsOMNMB5FmEQIekguVxkt92I4v8zpWsu+i9LIf/H8efl37Knq4Ub+fEy5obw+OT85TIKcFrEzO2B1m+DfTYhTpRkHcNFsla3jCzm7BYNUha1J0xrU/1uzqFkpCj3F7HRNkdR1bNgaQoMx46NAlY9euRbxLd5nrSlZePhZJWjaTRiHZow65vtx04fq6S0xybYDmGP3eu8JcTLKvfgUd6slj8O6O29k3OPTctlshwkheUMn11y7Y7CZ2ezdjU4XkwyTnVrNxAivZ3GBz7EyM9ZCHBe7VGZkOkM1rJFZGTjLt+6mLQo9k3q6BFK6LFTVChamVXB0NsZG4ZWk8xC04htCArgWloUk48IgHnEnN8FFNojWXOY8QVu8L2tt26jbiDZoMiZtKpnA4XjF5ZsNPRtgfm+/H4OWlZze45GGNhzrREfsmXIzHstoe7O/2IJeKyOUiFZJOBoNH13FbfT2aiHCsnLGN3CGVvu/wrSCvgdQZWTXJFjbSXJoHgmC2P9XjMD5m5ne9fjoP/8lMY2rWNdsO+L8UwuVJoVcOg/Tsy9rymWxIKmMuwe8t7Faq6Wziyq4Jbe30yRn7K+7+vzzbpuKxSztzbZj2CTdiugyvmbeg/ynB+Rp606zzjnjK X-OriginatorOrg: mt.com X-MS-Exchange-CrossTenant-Network-Message-Id: d942e158-cec1-4556-2a75-08dd8e313ff9 X-MS-Exchange-CrossTenant-AuthSource: DB6PR03MB3062.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2025 13:07:13.5203 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fb4c0aee-6cd2-482f-a1a5-717e7c02496b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: mYWMiu/vtGaata4SJ4J329tM5Xfa2SiQtyEFic/70daJaBYEUEEPWN89IWq2arUnXqicBKozvVl0TZNiWxFOow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR03MB6439 The buffer is set to 20 characters. If a caller write more characters, count is truncated to the max available space in "simple_write_to_buffer". To protect from OoB access, check that the input size fit into buffer and add a zero terminator after copy to the end of the copied data. Signed-off-by: Markus Burri --- arch/powerpc/kernel/eeh.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c index 83fe99861eb1..92ef05d3678d 100644 --- a/arch/powerpc/kernel/eeh.c +++ b/arch/powerpc/kernel/eeh.c @@ -1734,10 +1734,15 @@ static ssize_t eeh_force_recover_write(struct file *filp, char buf[20]; int ret; - ret = simple_write_to_buffer(buf, sizeof(buf), ppos, user_buf, count); + if (count >= sizeof(buf)) + return -EINVAL; + + ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count); if (!ret) return -EFAULT; + buf[ret] = '\0'; + /* * When PE is NULL the event is a "special" event. Rather than * recovering a specific PE it forces the EEH core to scan for failed