From: sashiko-bot@kernel.org
To: "Kees Cook" <kees@kernel.org>
Cc: vkoul@kernel.org, Frank.Li@kernel.org, dmaengine@vger.kernel.org,
linux-media@vger.kernel.org, linux-modules@vger.kernel.org,
linux-pci@vger.kernel.org, kvm@vger.kernel.org
Subject: Re: [PATCH 06/11] moduleparam: Add seq_buf-based .get callback alongside .get_str
Date: Sat, 30 May 2026 00:45:58 +0000 [thread overview]
Message-ID: <20260530004558.A82371F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260521133326.2465264-6-kees@kernel.org>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Silent data truncation and spurious kernel warning when the sysfs buffer is exactly filled.
--
commit 6802395b5f9f236d2cc29365e6d39e6de2eae4ca
Author: Kees Cook <kees@kernel.org>
moduleparam: Add seq_buf-based .get callback alongside .get_str
This commit adds a new seq_buf-based .get callback to struct kernel_param_ops
to format parameter values safely. It updates param_attr_show() to prefer
this new callback when available, using a page-sized buffer. The legacy
.get_str callback is retained as a fallback.
> diff --git a/kernel/params.c b/kernel/params.c
> index 6852caea17854..4eda2d23ddf28 100644
> --- a/kernel/params.c
> +++ b/kernel/params.c
[ ... ]
> @@ -553,12 +553,34 @@ static ssize_t param_attr_show(const struct module_attribute *mattr,
[ ... ]
> kernel_param_lock(mk->mod);
> - count = attribute->param->ops->get_str(buf, attribute->param);
> + if (ops->get) {
> + struct seq_buf s;
> +
> + seq_buf_init(&s, buf, PAGE_SIZE);
> + count = ops->get(&s, attribute->param);
> + if (count >= 0) {
> + WARN_ON_ONCE(count > 0);
> + count = seq_buf_used(&s);
> + /* Make sure string is terminated. */
> + seq_buf_str(&s);
> + /*
> + * If overflowed, reduce count by 1 for trailing
> + * NUL byte.
> + */
> + if (seq_buf_has_overflowed(&s))
> + count--;
[Severity: Medium]
Does this code silently truncate data and trigger a kernel warning when the
buffer is exactly filled?
If the .get() callback writes exactly PAGE_SIZE bytes without triggering an
overflow, seq_buf_has_overflowed(&s) will evaluate to false because s.len
exactly equals s.size. In this case, count remains PAGE_SIZE.
However, seq_buf_str(&s) unconditionally writes a NUL byte at the end of the
buffer, which will replace the last byte of valid data at PAGE_SIZE - 1.
Furthermore, returning PAGE_SIZE causes the sysfs core to print a bad count
warning to dmesg and truncate the count anyway. Should this code explicitly
decrement count when count == PAGE_SIZE to avoid overwriting data and causing
the warning?
> + }
> + } else {
> + count = ops->get_str(buf, attribute->param);
> + }
> kernel_param_unlock(mk->mod);
> return count;
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260521133315.work.845-kees@kernel.org?part=6
next prev parent reply other threads:[~2026-05-30 0:45 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 13:33 [PATCH 00/11] Convert moduleparams to seq_buf Kees Cook
2026-05-21 13:33 ` [PATCH 01/11] params: bound array element output to the caller's page buffer Kees Cook
2026-05-21 16:46 ` David Laight
2026-06-01 20:23 ` Matthew Wilcox
2026-06-02 11:26 ` Andy Shevchenko
2026-06-02 12:33 ` Jason Gunthorpe
2026-06-02 13:04 ` David Laight
2026-05-21 13:33 ` [PATCH 02/11] panic: Replace panic_print_get() with generic helper Kees Cook
2026-05-21 13:33 ` [PATCH 03/11] moduleparam: Add DEFINE_KERNEL_PARAM_OPS macro family Kees Cook
2026-05-25 13:27 ` Petr Pavlu
2026-05-21 13:33 ` [PATCH 04/11] treewide: Convert struct kernel_param_ops initializers to DEFINE_KERNEL_PARAM_OPS Kees Cook
2026-05-21 13:59 ` Sean Christopherson
2026-05-22 17:01 ` Rafael J. Wysocki
2026-05-23 0:38 ` SeongJae Park
2026-05-25 13:35 ` Petr Pavlu
2026-05-21 13:33 ` [PATCH 05/11] moduleparam: Rename .get field to .get_str Kees Cook
2026-05-30 0:45 ` sashiko-bot
2026-05-21 13:33 ` [PATCH 06/11] moduleparam: Add seq_buf-based .get callback alongside .get_str Kees Cook
2026-05-25 16:19 ` Petr Pavlu
2026-05-30 0:45 ` sashiko-bot [this message]
2026-05-21 13:33 ` [PATCH 07/11] moduleparam: Route DEFINE_KERNEL_PARAM_OPS get pointer via _Generic Kees Cook
2026-05-25 16:24 ` Petr Pavlu
2026-05-21 13:33 ` [PATCH 08/11] params: Convert generic kernel_param_ops .get helpers to seq_buf Kees Cook
2026-05-25 17:10 ` Petr Pavlu
2026-05-30 0:45 ` sashiko-bot
2026-05-21 13:33 ` [PATCH 09/11] treewide: Convert custom kernel_param_ops .get callbacks to seq_buf via cocci Kees Cook
2026-05-21 13:45 ` Sean Christopherson
2026-05-22 17:03 ` Rafael J. Wysocki
2026-05-23 0:45 ` SeongJae Park
2026-05-21 13:33 ` [PATCH 10/11] treewide: Manually convert custom kernel_param_ops .get callbacks Kees Cook
2026-05-21 17:44 ` Jani Nikula
2026-05-22 17:05 ` Rafael J. Wysocki
2026-05-21 13:33 ` [PATCH 11/11] moduleparam: Drop legacy kernel_param_ops .get_str field and dispatch logic Kees Cook
2026-05-30 0:46 ` sashiko-bot
2026-05-22 16:33 ` ✗ Fi.CI.BUILD: failure for Convert moduleparams to seq_buf Patchwork
2026-05-26 6:53 ` [PATCH 00/11] " Petr Pavlu
2026-06-01 19:59 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260530004558.A82371F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=Frank.Li@kernel.org \
--cc=dmaengine@vger.kernel.org \
--cc=kees@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
--cc=vkoul@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.