* [PATCH 0/2] iio: small fixes and improvements
@ 2025-02-18 10:31 Nuno Sá via B4 Relay
2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Nuno Sá via B4 Relay @ 2025-02-18 10:31 UTC (permalink / raw)
To: linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen
The first patch is a fix for the backend code dealing with
direct_register_access. We need to properly terminate the received
string before passing it to sscanf().
The second patch is about using the simple_write_to_buffer() which makes
the direct_register_access write side more symmetric with the read side.
---
Nuno Sá (2):
iio: backend: make sure to NULL terminate stack buffer
iio: core: make use of simple_write_to_buffer()
drivers/iio/industrialio-backend.c | 4 +++-
drivers/iio/industrialio-core.c | 9 +++++----
2 files changed, 8 insertions(+), 5 deletions(-)
---
base-commit: c0f115a8d97599623294c8e9ec28530e19c1e85b
change-id: 20250218-dev-iio-misc-d78425a94985
--
Thanks!
- Nuno Sá
^ permalink raw reply [flat|nested] 8+ messages in thread* [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer 2025-02-18 10:31 [PATCH 0/2] iio: small fixes and improvements Nuno Sá via B4 Relay @ 2025-02-18 10:31 ` Nuno Sá via B4 Relay 2025-02-18 15:52 ` David Lechner 2025-02-18 10:31 ` [PATCH 2/2] iio: core: make use of simple_write_to_buffer() Nuno Sá via B4 Relay 2025-02-18 17:29 ` [PATCH 0/2] iio: small fixes and improvements David Lechner 2 siblings, 1 reply; 8+ messages in thread From: Nuno Sá via B4 Relay @ 2025-02-18 10:31 UTC (permalink / raw) To: linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen From: Nuno Sá <nuno.sa@analog.com> Make sure to NULL terminate the buffer in iio_backend_debugfs_write_reg() before passing it to sscanf(). It is a stack variable so we should not assume it will 0 initialized. Fixes: cdf01e0809a4 ("iio: backend: add debugFs interface") Signed-off-by: Nuno Sá <nuno.sa@analog.com> --- drivers/iio/industrialio-backend.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/iio/industrialio-backend.c b/drivers/iio/industrialio-backend.c index d4ad36f54090204bf3bef08457d4aa55aa7c11fc..a43c8d1bb3d0f4dda4277cac94b0ea9232c071e4 100644 --- a/drivers/iio/industrialio-backend.c +++ b/drivers/iio/industrialio-backend.c @@ -155,10 +155,12 @@ static ssize_t iio_backend_debugfs_write_reg(struct file *file, ssize_t rc; int ret; - rc = simple_write_to_buffer(buf, sizeof(buf), ppos, userbuf, count); + rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count); if (rc < 0) return rc; + buf[count] = '\0'; + ret = sscanf(buf, "%i %i", &back->cached_reg_addr, &val); switch (ret) { -- 2.48.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer 2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay @ 2025-02-18 15:52 ` David Lechner 2025-02-18 16:36 ` Nuno Sá 0 siblings, 1 reply; 8+ messages in thread From: David Lechner @ 2025-02-18 15:52 UTC (permalink / raw) To: nuno.sa, linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote: > From: Nuno Sá <nuno.sa@analog.com> > > Make sure to NULL terminate the buffer in > iio_backend_debugfs_write_reg() before passing it to sscanf(). It is a > stack variable so we should not assume it will 0 initialized. > > Fixes: cdf01e0809a4 ("iio: backend: add debugFs interface") > Signed-off-by: Nuno Sá <nuno.sa@analog.com> > --- > drivers/iio/industrialio-backend.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/iio/industrialio-backend.c b/drivers/iio/industrialio-backend.c > index d4ad36f54090204bf3bef08457d4aa55aa7c11fc..a43c8d1bb3d0f4dda4277cac94b0ea9232c071e4 100644 > --- a/drivers/iio/industrialio-backend.c > +++ b/drivers/iio/industrialio-backend.c > @@ -155,10 +155,12 @@ static ssize_t iio_backend_debugfs_write_reg(struct file *file, > ssize_t rc; > int ret; > > - rc = simple_write_to_buffer(buf, sizeof(buf), ppos, userbuf, count); > + rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count); > if (rc < 0) > return rc; > > + buf[count] = '\0'; Does this need to be count++? Later we return count. > + > ret = sscanf(buf, "%i %i", &back->cached_reg_addr, &val); > > switch (ret) { > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer 2025-02-18 15:52 ` David Lechner @ 2025-02-18 16:36 ` Nuno Sá 2025-02-18 16:57 ` David Lechner 0 siblings, 1 reply; 8+ messages in thread From: Nuno Sá @ 2025-02-18 16:36 UTC (permalink / raw) To: David Lechner, nuno.sa, linux-iio Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen On Tue, 2025-02-18 at 09:52 -0600, David Lechner wrote: > On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote: > > From: Nuno Sá <nuno.sa@analog.com> > > > > Make sure to NULL terminate the buffer in > > iio_backend_debugfs_write_reg() before passing it to sscanf(). It is a > > stack variable so we should not assume it will 0 initialized. > > > > Fixes: cdf01e0809a4 ("iio: backend: add debugFs interface") > > Signed-off-by: Nuno Sá <nuno.sa@analog.com> > > --- > > drivers/iio/industrialio-backend.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/iio/industrialio-backend.c b/drivers/iio/industrialio- > > backend.c > > index > > d4ad36f54090204bf3bef08457d4aa55aa7c11fc..a43c8d1bb3d0f4dda4277cac94b0ea9232 > > c071e4 100644 > > --- a/drivers/iio/industrialio-backend.c > > +++ b/drivers/iio/industrialio-backend.c > > @@ -155,10 +155,12 @@ static ssize_t iio_backend_debugfs_write_reg(struct > > file *file, > > ssize_t rc; > > int ret; > > > > - rc = simple_write_to_buffer(buf, sizeof(buf), ppos, userbuf, > > count); > > + rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, > > count); > > if (rc < 0) > > return rc; > > > > + buf[count] = '\0'; > > Does this need to be count++? Later we return count. > Don't think so... count comes down from userspace. The termination is local so we do not want to return count + 1 when userspace only requested to write count. Same deal as in iio_debugfs_write_reg() Also note that we pass sizeof(buf) - 1 into simple_write_to_buffer() - Nuno Sá > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer 2025-02-18 16:36 ` Nuno Sá @ 2025-02-18 16:57 ` David Lechner 0 siblings, 0 replies; 8+ messages in thread From: David Lechner @ 2025-02-18 16:57 UTC (permalink / raw) To: Nuno Sá, nuno.sa, linux-iio Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen On 2/18/25 10:36 AM, Nuno Sá wrote: > On Tue, 2025-02-18 at 09:52 -0600, David Lechner wrote: >> On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote: >>> From: Nuno Sá <nuno.sa@analog.com> >>> >>> Make sure to NULL terminate the buffer in >>> iio_backend_debugfs_write_reg() before passing it to sscanf(). It is a >>> stack variable so we should not assume it will 0 initialized. >>> >>> Fixes: cdf01e0809a4 ("iio: backend: add debugFs interface") >>> Signed-off-by: Nuno Sá <nuno.sa@analog.com> >>> --- >>> drivers/iio/industrialio-backend.c | 4 +++- >>> 1 file changed, 3 insertions(+), 1 deletion(-) >>> >>> diff --git a/drivers/iio/industrialio-backend.c b/drivers/iio/industrialio- >>> backend.c >>> index >>> d4ad36f54090204bf3bef08457d4aa55aa7c11fc..a43c8d1bb3d0f4dda4277cac94b0ea9232 >>> c071e4 100644 >>> --- a/drivers/iio/industrialio-backend.c >>> +++ b/drivers/iio/industrialio-backend.c >>> @@ -155,10 +155,12 @@ static ssize_t iio_backend_debugfs_write_reg(struct >>> file *file, >>> ssize_t rc; >>> int ret; >>> >>> - rc = simple_write_to_buffer(buf, sizeof(buf), ppos, userbuf, >>> count); >>> + rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, >>> count); >>> if (rc < 0) >>> return rc; >>> >>> + buf[count] = '\0'; >> >> Does this need to be count++? Later we return count. >> > > Don't think so... count comes down from userspace. The termination is local so > we do not want to return count + 1 when userspace only requested to write count. > Same deal as in iio_debugfs_write_reg() > > Also note that we pass sizeof(buf) - 1 into simple_write_to_buffer() > > - Nuno Sá >> Ah, right. I get it now. Wasn't thinking so clear earlier. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2] iio: core: make use of simple_write_to_buffer() 2025-02-18 10:31 [PATCH 0/2] iio: small fixes and improvements Nuno Sá via B4 Relay 2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay @ 2025-02-18 10:31 ` Nuno Sá via B4 Relay 2025-02-18 17:29 ` [PATCH 0/2] iio: small fixes and improvements David Lechner 2 siblings, 0 replies; 8+ messages in thread From: Nuno Sá via B4 Relay @ 2025-02-18 10:31 UTC (permalink / raw) To: linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen From: Nuno Sá <nuno.sa@analog.com> Instead of open coding (kind of) simple_write_to_buffer(), use it. While at it, use ascii representation to terminate the string as that is the more common way of doing it. Signed-off-by: Nuno Sá <nuno.sa@analog.com> --- drivers/iio/industrialio-core.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c index a2117ad1337d55468c0f21c274fcbedd352c97ff..b9f4113ae5fc3ee1ef76be6808cc437286690dae 100644 --- a/drivers/iio/industrialio-core.c +++ b/drivers/iio/industrialio-core.c @@ -410,11 +410,12 @@ static ssize_t iio_debugfs_write_reg(struct file *file, char buf[80]; int ret; - count = min(count, sizeof(buf) - 1); - if (copy_from_user(buf, userbuf, count)) - return -EFAULT; + ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, + count); + if (ret < 0) + return ret; - buf[count] = 0; + buf[count] = '\0'; ret = sscanf(buf, "%i %i", ®, &val); -- 2.48.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] iio: small fixes and improvements 2025-02-18 10:31 [PATCH 0/2] iio: small fixes and improvements Nuno Sá via B4 Relay 2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay 2025-02-18 10:31 ` [PATCH 2/2] iio: core: make use of simple_write_to_buffer() Nuno Sá via B4 Relay @ 2025-02-18 17:29 ` David Lechner 2025-02-22 14:23 ` Jonathan Cameron 2 siblings, 1 reply; 8+ messages in thread From: David Lechner @ 2025-02-18 17:29 UTC (permalink / raw) To: nuno.sa, linux-iio; +Cc: Olivier Moysan, Jonathan Cameron, Lars-Peter Clausen On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote: > The first patch is a fix for the backend code dealing with > direct_register_access. We need to properly terminate the received > string before passing it to sscanf(). > > The second patch is about using the simple_write_to_buffer() which makes > the direct_register_access write side more symmetric with the read side. > > --- Reviewed-by: David Lechner <dlechner@baylibre.com> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] iio: small fixes and improvements 2025-02-18 17:29 ` [PATCH 0/2] iio: small fixes and improvements David Lechner @ 2025-02-22 14:23 ` Jonathan Cameron 0 siblings, 0 replies; 8+ messages in thread From: Jonathan Cameron @ 2025-02-22 14:23 UTC (permalink / raw) To: David Lechner; +Cc: nuno.sa, linux-iio, Olivier Moysan, Lars-Peter Clausen On Tue, 18 Feb 2025 11:29:08 -0600 David Lechner <dlechner@baylibre.com> wrote: > On 2/18/25 4:31 AM, Nuno Sá via B4 Relay wrote: > > The first patch is a fix for the backend code dealing with > > direct_register_access. We need to properly terminate the received > > string before passing it to sscanf(). > > > > The second patch is about using the simple_write_to_buffer() which makes > > the direct_register_access write side more symmetric with the read side. > > > > --- > > Reviewed-by: David Lechner <dlechner@baylibre.com> > Applied ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-02-22 14:23 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-02-18 10:31 [PATCH 0/2] iio: small fixes and improvements Nuno Sá via B4 Relay 2025-02-18 10:31 ` [PATCH 1/2] iio: backend: make sure to NULL terminate stack buffer Nuno Sá via B4 Relay 2025-02-18 15:52 ` David Lechner 2025-02-18 16:36 ` Nuno Sá 2025-02-18 16:57 ` David Lechner 2025-02-18 10:31 ` [PATCH 2/2] iio: core: make use of simple_write_to_buffer() Nuno Sá via B4 Relay 2025-02-18 17:29 ` [PATCH 0/2] iio: small fixes and improvements David Lechner 2025-02-22 14:23 ` Jonathan Cameron
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox