From: mark gross <markgross@thegnar.org>
To: Dan Carpenter <error27@gmail.com>,
"Rafael J. Wysocki" <rjw@sisk.pl>,
mark gross <markgross@thegnar.org>,
James Bottomley <James.Bottomley@suse.de>,
Frederic Weisbecker <fweisbec@gmail.com>,
Jonathan Corbet <corbet@lwn.net>,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] pm_qos_params: cleanup: terminate a string
Date: Tue, 07 Sep 2010 06:22:27 +0000 [thread overview]
Message-ID: <20100907062227.GB25651@gvim.org> (raw)
In-Reply-To: <20100903124105.GJ5437@bicker>
On Fri, Sep 03, 2010 at 02:41:06PM +0200, Dan Carpenter wrote:
> This is just a picky thing, but we pass an possibly unterminated string
> to printk if debugging is turned on. Also printk level is set to
> "debug" by pr_debug() so the "KERN_ERR" isn't used.
Picky is good. But we should probably get the other pr_debug fixed and
return -EINVAL if the strlen of the ascii_value is not bigger than 10.
thanks for finding my screw up!
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> diff --git a/kernel/pm_qos_params.c b/kernel/pm_qos_params.c
> index b7e4c36..310a51e 100644
> --- a/kernel/pm_qos_params.c
> +++ b/kernel/pm_qos_params.c
> @@ -389,10 +389,11 @@ static ssize_t pm_qos_power_write(struct file *filp, const char __user *buf,
> } else if (count = 11) { /* len('0x12345678/0') */
> if (copy_from_user(ascii_value, buf, 11))
> return -EFAULT;
> + ascii_value[10] = '\0';
> x = sscanf(ascii_value, "%x", &value);
> if (x != 1)
> return -EINVAL;
> - pr_debug(KERN_ERR "%s, %d, 0x%x\n", ascii_value, x, value);
> + pr_debug("%s, %d, 0x%x\n", ascii_value, x, value);
> } else
> return -EINVAL;
>
Updated version of this patch:
--mark
Signed-off-by: mark gross <markgross@thegnar.org>
Subject: [PATCH] correct some pr_debug misuse and add a stronger parrameter check to
pm_qos_write for the ascii hex value case. Thanks to Dan Carpenter for
pointing out the problem!
---
kernel/pm_qos_params.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/pm_qos_params.c b/kernel/pm_qos_params.c
index f42d3f7..db4295a 100644
--- a/kernel/pm_qos_params.c
+++ b/kernel/pm_qos_params.c
@@ -155,7 +155,7 @@ static void update_target(int pm_qos_class)
call_notifier = 1;
atomic_set(&pm_qos_array[pm_qos_class]->target_value,
extreme_value);
- pr_debug(KERN_ERR "new target for qos %d is %d\n", pm_qos_class,
+ pr_debug("new target for qos %d is %d\n", pm_qos_class,
atomic_read(&pm_qos_array[pm_qos_class]->target_value));
}
spin_unlock_irqrestore(&pm_qos_lock, flags);
@@ -374,10 +374,12 @@ static ssize_t pm_qos_power_write(struct file *filp, const char __user *buf,
} else if (count = 11) { /* len('0x12345678/0') */
if (copy_from_user(ascii_value, buf, 11))
return -EFAULT;
+ if (strlen(ascii_value) > 10)
+ return -EINVAL;
x = sscanf(ascii_value, "%x", &value);
if (x != 1)
return -EINVAL;
- pr_debug(KERN_ERR "%s, %d, 0x%x\n", ascii_value, x, value);
+ pr_debug("%s, %d, 0x%x\n", ascii_value, x, value);
} else
return -EINVAL;
--
1.7.0.4
WARNING: multiple messages have this Message-ID (diff)
From: mark gross <markgross@thegnar.org>
To: Dan Carpenter <error27@gmail.com>,
"Rafael J. Wysocki" <rjw@sisk.pl>,
mark gross <markgross@thegnar.org>,
James Bottomley <James.Bottomley@suse.de>,
Frederic Weisbecker <fweisbec@gmail.com>,
Jonathan Corbet <corbet@lwn.net>,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] pm_qos_params: cleanup: terminate a string
Date: Mon, 6 Sep 2010 23:22:27 -0700 [thread overview]
Message-ID: <20100907062227.GB25651@gvim.org> (raw)
In-Reply-To: <20100903124105.GJ5437@bicker>
On Fri, Sep 03, 2010 at 02:41:06PM +0200, Dan Carpenter wrote:
> This is just a picky thing, but we pass an possibly unterminated string
> to printk if debugging is turned on. Also printk level is set to
> "debug" by pr_debug() so the "KERN_ERR" isn't used.
Picky is good. But we should probably get the other pr_debug fixed and
return -EINVAL if the strlen of the ascii_value is not bigger than 10.
thanks for finding my screw up!
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> diff --git a/kernel/pm_qos_params.c b/kernel/pm_qos_params.c
> index b7e4c36..310a51e 100644
> --- a/kernel/pm_qos_params.c
> +++ b/kernel/pm_qos_params.c
> @@ -389,10 +389,11 @@ static ssize_t pm_qos_power_write(struct file *filp, const char __user *buf,
> } else if (count == 11) { /* len('0x12345678/0') */
> if (copy_from_user(ascii_value, buf, 11))
> return -EFAULT;
> + ascii_value[10] = '\0';
> x = sscanf(ascii_value, "%x", &value);
> if (x != 1)
> return -EINVAL;
> - pr_debug(KERN_ERR "%s, %d, 0x%x\n", ascii_value, x, value);
> + pr_debug("%s, %d, 0x%x\n", ascii_value, x, value);
> } else
> return -EINVAL;
>
Updated version of this patch:
--mark
Signed-off-by: mark gross <markgross@thegnar.org>
Subject: [PATCH] correct some pr_debug misuse and add a stronger parrameter check to
pm_qos_write for the ascii hex value case. Thanks to Dan Carpenter for
pointing out the problem!
---
kernel/pm_qos_params.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/pm_qos_params.c b/kernel/pm_qos_params.c
index f42d3f7..db4295a 100644
--- a/kernel/pm_qos_params.c
+++ b/kernel/pm_qos_params.c
@@ -155,7 +155,7 @@ static void update_target(int pm_qos_class)
call_notifier = 1;
atomic_set(&pm_qos_array[pm_qos_class]->target_value,
extreme_value);
- pr_debug(KERN_ERR "new target for qos %d is %d\n", pm_qos_class,
+ pr_debug("new target for qos %d is %d\n", pm_qos_class,
atomic_read(&pm_qos_array[pm_qos_class]->target_value));
}
spin_unlock_irqrestore(&pm_qos_lock, flags);
@@ -374,10 +374,12 @@ static ssize_t pm_qos_power_write(struct file *filp, const char __user *buf,
} else if (count == 11) { /* len('0x12345678/0') */
if (copy_from_user(ascii_value, buf, 11))
return -EFAULT;
+ if (strlen(ascii_value) > 10)
+ return -EINVAL;
x = sscanf(ascii_value, "%x", &value);
if (x != 1)
return -EINVAL;
- pr_debug(KERN_ERR "%s, %d, 0x%x\n", ascii_value, x, value);
+ pr_debug("%s, %d, 0x%x\n", ascii_value, x, value);
} else
return -EINVAL;
--
1.7.0.4
next prev parent reply other threads:[~2010-09-07 6:22 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-03 12:41 [patch] pm_qos_params: cleanup: terminate a string Dan Carpenter
2010-09-03 12:41 ` Dan Carpenter
2010-09-07 6:22 ` mark gross [this message]
2010-09-07 6:22 ` mark gross
2010-09-07 13:38 ` mark gross
2010-09-07 13:38 ` mark gross
2010-09-07 21:38 ` Dan Carpenter
2010-09-07 21:38 ` Dan Carpenter
2010-09-08 22:13 ` Rafael J. Wysocki
2010-09-08 22:13 ` Rafael J. Wysocki
2010-09-09 2:56 ` mark gross
2010-09-09 2:56 ` mark gross
2010-09-09 21:21 ` Rafael J. Wysocki
2010-09-09 21:21 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100907062227.GB25651@gvim.org \
--to=markgross@thegnar.org \
--cc=James.Bottomley@suse.de \
--cc=corbet@lwn.net \
--cc=error27@gmail.com \
--cc=fweisbec@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rjw@sisk.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.