[PATCH] iwlwifi: mvm: make debugfs write() operations write up to count bytes

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] iwlwifi: mvm: make debugfs write() operations write up to count bytes
@ 2013-08-12  0:39 Djalal Harouni
  2013-08-12  8:19 ` Berg, Johannes
  0 siblings, 1 reply; 3+ messages in thread
From: Djalal Harouni @ 2013-08-12  0:39 UTC (permalink / raw)
  To: Johannes Berg, Emmanuel Grumbach, Intel Linux Wireless,
	John W. Linville, linux-kernel
  Cc: Djalal Harouni, stable

Some debugfs write() operations of the MVM Firmware will ignore the
count argument, and will copy more bytes than what was specified.
Fix this by getting the right count of bytes.

This will also honor restrictions put on the number of bytes to write.

To be consitant this patch also switches the initializer from
'char buf[x] = {}' to the explicit memset() as it is done in other
places of the same file.

Cc: stable@vger.kernel.org
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
---
Patch compile tested only.
Dual BSD/GPLv2 license: Ok

 drivers/net/wireless/iwlwifi/mvm/debugfs.c | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/drivers/net/wireless/iwlwifi/mvm/debugfs.c b/drivers/net/wireless/iwlwifi/mvm/debugfs.c
index 56f6827..ca368db 100644
--- a/drivers/net/wireless/iwlwifi/mvm/debugfs.c
+++ b/drivers/net/wireless/iwlwifi/mvm/debugfs.c
@@ -251,13 +251,16 @@ static ssize_t iwl_dbgfs_power_down_allow_write(struct file *file,
 						size_t count, loff_t *ppos)
 {
 	struct iwl_mvm *mvm = file->private_data;
-	char buf[8] = {};
+	char buf[8];
 	int allow;
 
 	if (!mvm->ucode_loaded)
 		return -EIO;
 
-	if (copy_from_user(buf, user_buf, sizeof(buf)))
+	memset(buf, 0, sizeof(buf));
+	if (count > sizeof(buf) - 1)
+		count = sizeof(buf) - 1;
+	if (copy_from_user(buf, user_buf, count))
 		return -EFAULT;
 
 	if (sscanf(buf, "%d", &allow) != 1)
@@ -278,10 +281,13 @@ static ssize_t iwl_dbgfs_power_down_d3_allow_write(struct file *file,
 						   size_t count, loff_t *ppos)
 {
 	struct iwl_mvm *mvm = file->private_data;
-	char buf[8] = {};
+	char buf[8];
 	int allow;
 
-	if (copy_from_user(buf, user_buf, sizeof(buf)))
+	memset(buf, 0, sizeof(buf));
+	if (count > sizeof(buf) - 1)
+		count = sizeof(buf) - 1;
+	if (copy_from_user(buf, user_buf, count))
 		return -EFAULT;
 
 	if (sscanf(buf, "%d", &allow) != 1)
@@ -363,11 +369,14 @@ static ssize_t iwl_dbgfs_pm_params_write(struct file *file,
 	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
 	struct iwl_mvm *mvm = mvmvif->dbgfs_data;
 	enum iwl_dbgfs_pm_mask param;
-	char buf[32] = {};
+	char buf[32];
 	int val;
 	int ret;
 
-	if (copy_from_user(buf, user_buf, sizeof(buf)))
+	memset(buf, 0, sizeof(buf));
+	if (count > sizeof(buf) - 1)
+		count = sizeof(buf) - 1;
+	if (copy_from_user(buf, user_buf, count))
 		return -EFAULT;
 
 	if (!strncmp("keep_alive=", buf, 11)) {
@@ -824,10 +833,13 @@ static ssize_t iwl_dbgfs_d3_sram_write(struct file *file,
 				       size_t count, loff_t *ppos)
 {
 	struct iwl_mvm *mvm = file->private_data;
-	char buf[8] = {};
+	char buf[8];
 	int store;
 
-	if (copy_from_user(buf, user_buf, sizeof(buf)))
+	memset(buf, 0, sizeof(buf));
+	if (count > sizeof(buf) - 1)
+		count = sizeof(buf) - 1;
+	if (copy_from_user(buf, user_buf, count))
 		return -EFAULT;
 
 	if (sscanf(buf, "%d", &store) != 1)
-- 
1.7.11.7


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* RE: [PATCH] iwlwifi: mvm: make debugfs write() operations write up to count bytes
  2013-08-12  0:39 [PATCH] iwlwifi: mvm: make debugfs write() operations write up to count bytes Djalal Harouni
@ 2013-08-12  8:19 ` Berg, Johannes
  2013-08-12 12:33   ` Djalal Harouni
  0 siblings, 1 reply; 3+ messages in thread
From: Berg, Johannes @ 2013-08-12  8:19 UTC (permalink / raw)
  To: Djalal Harouni, Grumbach, Emmanuel, Intel Linux Wireless,
	John W. Linville, linux-kernel@vger.kernel.org,
	linux-wireless@vger.kernel.org

> Some debugfs write() operations of the MVM Firmware will ignore the count
> argument, and will copy more bytes than what was specified.
> Fix this by getting the right count of bytes.
> 
> This will also honor restrictions put on the number of bytes to write.

That makes some sense.

> To be consitant this patch also switches the initializer from 'char buf[x] = {}' to
> the explicit memset() as it is done in other places of the same file.

I'd rather this (a) be done in a separate patch, and (b) the other way around, switch everything to C99.

> Cc: stable@vger.kernel.org

That doesn't really make sense for the debugfs interface.

> +	memset(buf, 0, sizeof(buf));
> +	if (count > sizeof(buf) - 1)
> +		count = sizeof(buf) - 1;

Why -1? And why not use min()/min_t()?

johannes
-- 

Intel GmbH
Dornacher Strasse 1
85622 Feldkirchen/Muenchen, Deutschland
Sitz der Gesellschaft: Feldkirchen bei Muenchen
Geschaeftsfuehrer: Christian Lamprechter, Hannes Schwaderer, Douglas Lusk
Registergericht: Muenchen HRB 47456
Ust.-IdNr./VAT Registration No.: DE129385895
Citibank Frankfurt a.M. (BLZ 502 109 00) 600119052

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] iwlwifi: mvm: make debugfs write() operations write up to count bytes
  2013-08-12  8:19 ` Berg, Johannes
@ 2013-08-12 12:33   ` Djalal Harouni
  0 siblings, 0 replies; 3+ messages in thread
From: Djalal Harouni @ 2013-08-12 12:33 UTC (permalink / raw)
  To: Berg, Johannes
  Cc: Grumbach, Emmanuel, Intel Linux Wireless, John W. Linville,
	linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org

On Mon, Aug 12, 2013 at 08:19:12AM +0000, Berg, Johannes wrote:
> > Some debugfs write() operations of the MVM Firmware will ignore the count
> > argument, and will copy more bytes than what was specified.
> > Fix this by getting the right count of bytes.
> > 
> > This will also honor restrictions put on the number of bytes to write.
> 
> That makes some sense.
And avoid strncmp() on garbage data.

> > To be consitant this patch also switches the initializer from 'char buf[x] = {}' to
> > the explicit memset() as it is done in other places of the same file.
> 
> I'd rather this (a) be done in a separate patch, and (b) the other way around, switch everything to C99.
Ok

> > Cc: stable@vger.kernel.org
> 
> That doesn't really make sense for the debugfs interface.
Ok

> > +	memset(buf, 0, sizeof(buf));
> > +	if (count > sizeof(buf) - 1)
> > +		count = sizeof(buf) - 1;
> 
> Why -1? And why not use min()/min_t()?
Yes -1 to be sure that the processed string is null terminated

Ok will use min_t 


Will send a second version, Thanks!

> johannes
> -- 
> 
> Intel GmbH
> Dornacher Strasse 1
> 85622 Feldkirchen/Muenchen, Deutschland
> Sitz der Gesellschaft: Feldkirchen bei Muenchen
> Geschaeftsfuehrer: Christian Lamprechter, Hannes Schwaderer, Douglas Lusk
> Registergericht: Muenchen HRB 47456
> Ust.-IdNr./VAT Registration No.: DE129385895
> Citibank Frankfurt a.M. (BLZ 502 109 00) 600119052
> 

-- 
Djalal Harouni
http://opendz.org

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-08-12 12:33 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-08-12  0:39 [PATCH] iwlwifi: mvm: make debugfs write() operations write up to count bytes Djalal Harouni
2013-08-12  8:19 ` Berg, Johannes
2013-08-12 12:33   ` Djalal Harouni

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox