* [PATCH 0/2] iio: small fixes and improvements
@ 2025-02-18 10:31 Nuno Sá via B4 Relay
2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Nuno Sá via B4 Relay @ 2025-02-18 10:31 UTC (permalink / raw)
To: linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen
The first patch is a fix for the backend code dealing with
direct_register_access. We need to properly terminate the received
string before passing it to sscanf().
The second patch is about using the simple_write_to_buffer() which makes
the direct_register_access write side more symmetric with the read side.
---
Nuno Sá (2):
iio: backend: make sure to NULL terminate stack buffer
iio: core: make use of simple_write_to_buffer()
drivers/iio/industrialio-backend.c | 4 +++-
drivers/iio/industrialio-core.c | 9 +++++----
2 files changed, 8 insertions(+), 5 deletions(-)
---
base-commit: c0f115a8d97599623294c8e9ec28530e19c1e85b
change-id: 20250218-dev-iio-misc-d78425a94985
--
Thanks!
- Nuno Sá
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer
2025-02-18 10:31 [PATCH 0/2] iio: small fixes and improvements Nuno Sá via B4 Relay
@ 2025-02-18 10:31 ` Nuno Sá via B4 Relay
2025-02-18 15:52 ` David Lechner
2025-02-18 10:31 ` [PATCH 2/2] iio: core: make use of simple_write_to_buffer() Nuno Sá via B4 Relay
2025-02-18 17:29 ` [PATCH 0/2] iio: small fixes and improvements David Lechner
2 siblings, 1 reply; 8+ messages in thread
From: Nuno Sá via B4 Relay @ 2025-02-18 10:31 UTC (permalink / raw)
To: linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen
From: Nuno Sá <nuno.sa@analog.com>
Make sure to NULL terminate the buffer in
iio_backend_debugfs_write_reg() before passing it to sscanf(). It is a
stack variable so we should not assume it will 0 initialized.
Fixes: cdf01e0809a4 ("iio: backend: add debugFs interface")
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
---
drivers/iio/industrialio-backend.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/iio/industrialio-backend.c b/drivers/iio/industrialio-backend.c
index d4ad36f54090204bf3bef08457d4aa55aa7c11fc..a43c8d1bb3d0f4dda4277cac94b0ea9232c071e4 100644
--- a/drivers/iio/industrialio-backend.c
+++ b/drivers/iio/industrialio-backend.c
@@ -155,10 +155,12 @@ static ssize_t iio_backend_debugfs_write_reg(struct file *file,
ssize_t rc;
int ret;
- rc = simple_write_to_buffer(buf, sizeof(buf), ppos, userbuf, count);
+ rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count);
if (rc < 0)
return rc;
+ buf[count] = '\0';
+
ret = sscanf(buf, "%i %i", &back->cached_reg_addr, &val);
switch (ret) {
--
2.48.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2] iio: core: make use of simple_write_to_buffer()
2025-02-18 10:31 [PATCH 0/2] iio: small fixes and improvements Nuno Sá via B4 Relay
2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay
@ 2025-02-18 10:31 ` Nuno Sá via B4 Relay
2025-02-18 17:29 ` [PATCH 0/2] iio: small fixes and improvements David Lechner
2 siblings, 0 replies; 8+ messages in thread
From: Nuno Sá via B4 Relay @ 2025-02-18 10:31 UTC (permalink / raw)
To: linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen
From: Nuno Sá <nuno.sa@analog.com>
Instead of open coding (kind of) simple_write_to_buffer(), use it.
While at it, use ascii representation to terminate the string as that is
the more common way of doing it.
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
---
drivers/iio/industrialio-core.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
index a2117ad1337d55468c0f21c274fcbedd352c97ff..b9f4113ae5fc3ee1ef76be6808cc437286690dae 100644
--- a/drivers/iio/industrialio-core.c
+++ b/drivers/iio/industrialio-core.c
@@ -410,11 +410,12 @@ static ssize_t iio_debugfs_write_reg(struct file *file,
char buf[80];
int ret;
- count = min(count, sizeof(buf) - 1);
- if (copy_from_user(buf, userbuf, count))
- return -EFAULT;
+ ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf,
+ count);
+ if (ret < 0)
+ return ret;
- buf[count] = 0;
+ buf[count] = '\0';
ret = sscanf(buf, "%i %i", ®, &val);
--
2.48.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer
2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay
@ 2025-02-18 15:52 ` David Lechner
2025-02-18 16:36 ` Nuno Sá
0 siblings, 1 reply; 8+ messages in thread
From: David Lechner @ 2025-02-18 15:52 UTC (permalink / raw)
To: nuno.sa, linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen
On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote:
> From: Nuno Sá <nuno.sa@analog.com>
>
> Make sure to NULL terminate the buffer in
> iio_backend_debugfs_write_reg() before passing it to sscanf(). It is a
> stack variable so we should not assume it will 0 initialized.
>
> Fixes: cdf01e0809a4 ("iio: backend: add debugFs interface")
> Signed-off-by: Nuno Sá <nuno.sa@analog.com>
> ---
> drivers/iio/industrialio-backend.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iio/industrialio-backend.c b/drivers/iio/industrialio-backend.c
> index d4ad36f54090204bf3bef08457d4aa55aa7c11fc..a43c8d1bb3d0f4dda4277cac94b0ea9232c071e4 100644
> --- a/drivers/iio/industrialio-backend.c
> +++ b/drivers/iio/industrialio-backend.c
> @@ -155,10 +155,12 @@ static ssize_t iio_backend_debugfs_write_reg(struct file *file,
> ssize_t rc;
> int ret;
>
> - rc = simple_write_to_buffer(buf, sizeof(buf), ppos, userbuf, count);
> + rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count);
> if (rc < 0)
> return rc;
>
> + buf[count] = '\0';
Does this need to be count++? Later we return count.
> +
> ret = sscanf(buf, "%i %i", &back->cached_reg_addr, &val);
>
> switch (ret) {
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer
2025-02-18 15:52 ` David Lechner
@ 2025-02-18 16:36 ` Nuno Sá
2025-02-18 16:57 ` David Lechner
0 siblings, 1 reply; 8+ messages in thread
From: Nuno Sá @ 2025-02-18 16:36 UTC (permalink / raw)
To: David Lechner, nuno.sa, linux-iio
Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen
On Tue, 2025-02-18 at 09:52 -0600, David Lechner wrote:
> On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote:
> > From: Nuno Sá <nuno.sa@analog.com>
> >
> > Make sure to NULL terminate the buffer in
> > iio_backend_debugfs_write_reg() before passing it to sscanf(). It is a
> > stack variable so we should not assume it will 0 initialized.
> >
> > Fixes: cdf01e0809a4 ("iio: backend: add debugFs interface")
> > Signed-off-by: Nuno Sá <nuno.sa@analog.com>
> > ---
> > drivers/iio/industrialio-backend.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/iio/industrialio-backend.c b/drivers/iio/industrialio-
> > backend.c
> > index
> > d4ad36f54090204bf3bef08457d4aa55aa7c11fc..a43c8d1bb3d0f4dda4277cac94b0ea9232
> > c071e4 100644
> > --- a/drivers/iio/industrialio-backend.c
> > +++ b/drivers/iio/industrialio-backend.c
> > @@ -155,10 +155,12 @@ static ssize_t iio_backend_debugfs_write_reg(struct
> > file *file,
> > ssize_t rc;
> > int ret;
> >
> > - rc = simple_write_to_buffer(buf, sizeof(buf), ppos, userbuf,
> > count);
> > + rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf,
> > count);
> > if (rc < 0)
> > return rc;
> >
> > + buf[count] = '\0';
>
> Does this need to be count++? Later we return count.
>
Don't think so... count comes down from userspace. The termination is local so
we do not want to return count + 1 when userspace only requested to write count.
Same deal as in iio_debugfs_write_reg()
Also note that we pass sizeof(buf) - 1 into simple_write_to_buffer()
- Nuno Sá
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer
2025-02-18 16:36 ` Nuno Sá
@ 2025-02-18 16:57 ` David Lechner
0 siblings, 0 replies; 8+ messages in thread
From: David Lechner @ 2025-02-18 16:57 UTC (permalink / raw)
To: Nuno Sá, nuno.sa, linux-iio
Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen
On 2/18/25 10:36 AM, Nuno Sá wrote:
> On Tue, 2025-02-18 at 09:52 -0600, David Lechner wrote:
>> On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote:
>>> From: Nuno Sá <nuno.sa@analog.com>
>>>
>>> Make sure to NULL terminate the buffer in
>>> iio_backend_debugfs_write_reg() before passing it to sscanf(). It is a
>>> stack variable so we should not assume it will 0 initialized.
>>>
>>> Fixes: cdf01e0809a4 ("iio: backend: add debugFs interface")
>>> Signed-off-by: Nuno Sá <nuno.sa@analog.com>
>>> ---
>>> drivers/iio/industrialio-backend.c | 4 +++-
>>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/iio/industrialio-backend.c b/drivers/iio/industrialio-
>>> backend.c
>>> index
>>> d4ad36f54090204bf3bef08457d4aa55aa7c11fc..a43c8d1bb3d0f4dda4277cac94b0ea9232
>>> c071e4 100644
>>> --- a/drivers/iio/industrialio-backend.c
>>> +++ b/drivers/iio/industrialio-backend.c
>>> @@ -155,10 +155,12 @@ static ssize_t iio_backend_debugfs_write_reg(struct
>>> file *file,
>>> ssize_t rc;
>>> int ret;
>>>
>>> - rc = simple_write_to_buffer(buf, sizeof(buf), ppos, userbuf,
>>> count);
>>> + rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf,
>>> count);
>>> if (rc < 0)
>>> return rc;
>>>
>>> + buf[count] = '\0';
>>
>> Does this need to be count++? Later we return count.
>>
>
> Don't think so... count comes down from userspace. The termination is local so
> we do not want to return count + 1 when userspace only requested to write count.
> Same deal as in iio_debugfs_write_reg()
>
> Also note that we pass sizeof(buf) - 1 into simple_write_to_buffer()
>
> - Nuno Sá
>>
Ah, right. I get it now. Wasn't thinking so clear earlier.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] iio: small fixes and improvements
2025-02-18 10:31 [PATCH 0/2] iio: small fixes and improvements Nuno Sá via B4 Relay
2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay
2025-02-18 10:31 ` [PATCH 2/2] iio: core: make use of simple_write_to_buffer() Nuno Sá via B4 Relay
@ 2025-02-18 17:29 ` David Lechner
2025-02-22 14:23 ` Jonathan Cameron
2 siblings, 1 reply; 8+ messages in thread
From: David Lechner @ 2025-02-18 17:29 UTC (permalink / raw)
To: nuno.sa, linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen
On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote:
> The first patch is a fix for the backend code dealing with
> direct_register_access. We need to properly terminate the received
> string before passing it to sscanf().
>
> The second patch is about using the simple_write_to_buffer() which makes
> the direct_register_access write side more symmetric with the read side.
>
> ---
Reviewed-by: David Lechner <dlechner@baylibre.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] iio: small fixes and improvements
2025-02-18 17:29 ` [PATCH 0/2] iio: small fixes and improvements David Lechner
@ 2025-02-22 14:23 ` Jonathan Cameron
0 siblings, 0 replies; 8+ messages in thread
From: Jonathan Cameron @ 2025-02-22 14:23 UTC (permalink / raw)
To: David Lechner; +Cc: nuno.sa, linux-iio, Olivier Moysan, Lars-Peter Clausen
On Tue, 18 Feb 2025 11:29:08 -0600
David Lechner <dlechner@baylibre.com> wrote:
> On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote:
> > The first patch is a fix for the backend code dealing with
> > direct_register_access. We need to properly terminate the received
> > string before passing it to sscanf().
> >
> > The second patch is about using the simple_write_to_buffer() which makes
> > the direct_register_access write side more symmetric with the read side.
> >
> > ---
>
> Reviewed-by: David Lechner <dlechner@baylibre.com>
>
Applied
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-02-22 14:23 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-18 10:31 [PATCH 0/2] iio: small fixes and improvements Nuno Sá via B4 Relay
2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay
2025-02-18 15:52 ` David Lechner
2025-02-18 16:36 ` Nuno Sá
2025-02-18 16:57 ` David Lechner
2025-02-18 10:31 ` [PATCH 2/2] iio: core: make use of simple_write_to_buffer() Nuno Sá via B4 Relay
2025-02-18 17:29 ` [PATCH 0/2] iio: small fixes and improvements David Lechner
2025-02-22 14:23 ` Jonathan Cameron
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox