From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Kars Mulder <kerneldev@karsmulder.nl>
Cc: linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
David Laight <David.Laight@aculab.com>,
Kai-Heng Feng <kai.heng.feng@canonical.com>,
Pavel Machek <pavel@denx.de>,
Andy Shevchenko <andy.shevchenko@gmail.com>,
Oliver Neukum <oneukum@suse.com>
Subject: Re: [PATCH] usb: core: fix quirks_param_set() writing to a const pointer
Date: Mon, 6 Jul 2020 12:34:05 +0200 [thread overview]
Message-ID: <20200706103405.GA11622@kroah.com> (raw)
In-Reply-To: <3212-5f024c00-215-220fe080@174542169>
On Sun, Jul 05, 2020 at 11:53:27PM +0200, Kars Mulder wrote:
> The function quirks_param_set() takes as argument a const char* pointer
> to the new value of the usbcore.quirks parameter. It then casts this
> pointer to a non-const char* pointer and passes it to the strsep()
> function, which overwrites the value.
>
> Fix this by copying the value to a local buffer on the stack and
> letting that buffer be written to by strsep().
>
> Fixes: 027bd6cafd9a ("usb: core: Add "quirks" parameter for usbcore")
> Signed-off-by: Kars Mulder <kerneldev@karsmulder.nl>
>
> ---
> drivers/usb/core/quirks.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
> index e0b77674869c..86b1a6739b4e 100644
> --- a/drivers/usb/core/quirks.c
> +++ b/drivers/usb/core/quirks.c
> @@ -12,6 +12,8 @@
> #include <linux/usb/hcd.h>
> #include "usb.h"
>
> +#define QUIRKS_PARAM_SIZE 128
> +
> struct quirk_entry {
> u16 vid;
> u16 pid;
> @@ -23,19 +25,21 @@ static DEFINE_MUTEX(quirk_mutex);
> static struct quirk_entry *quirk_list;
> static unsigned int quirk_count;
>
> -static char quirks_param[128];
> +static char quirks_param[QUIRKS_PARAM_SIZE];
>
> -static int quirks_param_set(const char *val, const struct kernel_param *kp)
> +static int quirks_param_set(const char *value, const struct kernel_param *kp)
> {
> + char val[QUIRKS_PARAM_SIZE];
That's a lot of stack space, is it really needed? Can we just use a
static variable instead, or dynamically allocate this?
thanks,
greg k-h
next prev parent reply other threads:[~2020-07-06 10:34 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-22 11:35 Writing to a const pointer: is this supposed to happen? Kars Mulder
2020-06-23 19:55 ` Pavel Machek
2020-06-24 12:34 ` Kars Mulder
2020-06-24 13:10 ` Greg Kroah-Hartman
2020-06-24 15:25 ` Kars Mulder
2020-06-27 10:24 ` David Laight
2020-07-01 23:03 ` Kars Mulder
2020-07-02 7:55 ` David Laight
2020-07-02 21:48 ` Kars Mulder
2020-07-03 8:13 ` David Laight
2020-07-03 13:23 ` Kars Mulder
2020-07-04 11:55 ` Pavel Machek
2020-07-05 21:53 ` [PATCH] usb: core: fix quirks_param_set() writing to a const pointer Kars Mulder
2020-07-06 10:34 ` Greg Kroah-Hartman [this message]
2020-07-06 12:57 ` Kars Mulder
2020-07-06 13:07 ` Greg Kroah-Hartman
2020-07-06 13:58 ` Kars Mulder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200706103405.GA11622@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=David.Laight@aculab.com \
--cc=andy.shevchenko@gmail.com \
--cc=kai.heng.feng@canonical.com \
--cc=kerneldev@karsmulder.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=oneukum@suse.com \
--cc=pavel@denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.