From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Tejun Heo <tj@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel list <linux-kernel@vger.kernel.org>,
Bjorn Helgaas <bhelgaas@google.com>
Subject: [PATCH] sysfs/bin: Fix size handling overflow for bin_attribute
Date: Thu, 10 Oct 2013 18:03:55 +1100 [thread overview]
Message-ID: <1381388635.4330.37.camel@pasglop> (raw)
In-Reply-To: <1381378788.4330.30.camel@pasglop>
While looking at the code, I noticed that bin_attribute read() and write()
ops copy the inode size into an int for futher comparisons.
Some bin_attributes can be fairly large. For example, pci creates some for
BARs set to the BAR size and giant BARs are around the corner, so this is
going to break something somewhere eventually.
Let's use the right type.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
---
I noticed that while messing around with my "xscom" file which I had
originally set to be LONG_MAX :-)
I eventually decided to use an i_size of 0 instead which seems to be
the way that sort of "special" file tend to be done (it's a bridge to
a special sideband bus in the system which has a sparse addressing which
is splattered all over 64 bits though I've somewhat "compressed" it to 63
for the sake of sysfs).
Note that I noticed that late and don't have a good test case for it,
but code inspection didn't seem to show anything else cropping i_size.
diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c
index c590cab..373ddcf 100644
--- a/fs/sysfs/bin.c
+++ b/fs/sysfs/bin.c
@@ -69,7 +69,7 @@ static ssize_t
read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off)
{
struct bin_buffer *bb = file->private_data;
- int size = file_inode(file)->i_size;
+ loff_t size = file_inode(file)->i_size;
loff_t offs = *off;
int count = min_t(size_t, bytes, PAGE_SIZE);
char *temp;
@@ -139,7 +139,7 @@ static ssize_t write(struct file *file, const char __user *userbuf,
size_t bytes, loff_t *off)
{
struct bin_buffer *bb = file->private_data;
- int size = file_inode(file)->i_size;
+ loff_t size = file_inode(file)->i_size;
loff_t offs = *off;
int count = min_t(size_t, bytes, PAGE_SIZE);
char *temp;
next prev parent reply other threads:[~2013-10-10 7:04 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-10 4:19 sysfs for my chips Benjamin Herrenschmidt
2013-10-10 7:03 ` Benjamin Herrenschmidt [this message]
2013-10-10 17:38 ` [PATCH] sysfs/bin: Fix size handling overflow for bin_attribute Greg KH
2013-10-10 17:40 ` Greg KH
2013-10-10 20:02 ` Benjamin Herrenschmidt
2013-10-10 17:44 ` sysfs for my chips Greg KH
2013-10-10 20:01 ` Benjamin Herrenschmidt
2013-10-10 20:26 ` Geert Uytterhoeven
2013-10-10 21:30 ` Benjamin Herrenschmidt
2013-10-11 6:52 ` Geert Uytterhoeven
2013-10-11 9:06 ` Benjamin Herrenschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1381388635.4330.37.camel@pasglop \
--to=benh@kernel.crashing.org \
--cc=bhelgaas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox