Re: [PATCH v2 2/2] EDAC: Fix sysfs dimm_label store operation

From: Borislav Petkov
Date: Thu Sep 24 2015 - 12:48:39 EST

On Tue, Sep 22, 2015 at 08:58:03AM -0600, Toshi Kani wrote:
> Sysfs "dimm_label" and "chX_dimm_label" have the following issues
> in their store operation.
>
> 1) A newline-terminated input string causes redundant newlines
>
> # echo "test" > /sys/bus/mc0/devices/dimm0/dimm_label
> # cat /sys/bus/mc0/devices/dimm0/dimm_label
> test
>
> # od -bc /sys/bus/mc0/devices/dimm0/dimm_label
> 0000000 164 145 163 164 012 012
> t e s t \n \n
> 0000006
>
> 2) The original label string (31 characters) cannot be stored due to
> an improper size check
>
> # echo "CPU_SrcID#0_Ha#0_Chan#0_DIMM#0" \
> > /sys/bus/mc0/devices/dimm0/dimm_label
> # cat /sys/bus/mc0/devices/dimm0/dimm_label
>
>
> # od -bc /sys/bus/mc0/devices/dimm0/dimm_label
> 0000000 012 012
> \n \n
> 0000002
>
> 3) An input string longer than the buffer size results a wrong label
> info as it allows a retry with the remaining string.
>
> # echo "CPU_SrcID#0_Ha#0_Chan#0_DIMM#0_TEST" \
> > /sys/bus/mc0/devices/dimm0/dimm_label
> # cat /sys/bus/mc0/devices/dimm0/dimm_label
> _TEST
>
> Fix these issues by making the following changes:
> 1) Replace a newline charactor at the end by setting a null. It also
> assures that the string is null-terminated within the size.
> 2) Check the label buffer size with 'sizeof(dimm->label)'.
> 3) Fail a request if its string exceeds the label buffer size.
>
> Signed-off-by: Toshi Kani <toshi.kani@xxxxxxx>
> Acked-by: Tony Luck <tony.luck@xxxxxxxxx>
> Cc: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxxxx>
> Cc: Doug Thompson <dougthompson@xxxxxxxxxxxx>
> Cc: Robert Elliott <elliott@xxxxxxx>
> Cc: Tony Luck <tony.luck@xxxxxxxxx>
> ---
> drivers/edac/edac_mc_sysfs.c | 20 ++++++++++----------
> 1 file changed, 10 insertions(+), 10 deletions(-)

...

> @@ -495,13 +495,13 @@ static ssize_t dimmdev_label_store(struct device *dev,
> {
> struct dimm_info *dimm = to_dimm(dev);
>
> - ssize_t max_size = 0;
> + if (count == 0 || count > sizeof(dimm->label))
> + return -EINVAL;

$ echo "" > /sys/bus/mc0/devices/dimm0/dimm_label
$ od -bc /sys/bus/mc0/devices/dimm0/dimm_label
0000000
$ cat /sys/bus/mc0/devices/dimm0/dimm_label
$

I don't think we want to allow empty labels. I guess something like this
(2 because there's also the additional "\n"):

diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
index d4e0bff268d8..e52ba338334b 100644
--- a/drivers/edac/edac_mc_sysfs.c
+++ b/drivers/edac/edac_mc_sysfs.c
@@ -241,7 +241,7 @@ static ssize_t channel_dimm_label_store(struct device *dev,
unsigned chan = to_channel(mattr);
struct rank_info *rank = csrow->channels[chan];

- if (count == 0 || count > sizeof(rank->dimm->label))
+ if (count < 2 || count > sizeof(rank->dimm->label))
return -EINVAL;

strncpy(rank->dimm->label, data, count);
@@ -495,7 +495,7 @@ static ssize_t dimmdev_label_store(struct device *dev,
{
struct dimm_info *dimm = to_dimm(dev);

- if (count == 0 || count > sizeof(dimm->label))
+ if (count < 2 || count > sizeof(dimm->label))
return -EINVAL;

strncpy(dimm->label, data, count);

--
Regards/Gruss,
Boris.

ECO tip #101: Trim your mails when you reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/