Re: [PATCH v2 2/2] EDAC: Fix sysfs dimm_label store operation

[Borislav Petkov <bp@alien8.de>]

On Tue, Sep 22, 2015 at 08:58:03AM -0600, Toshi Kani wrote:
> Sysfs "dimm_label" and "chX_dimm_label" have the following issues
> in their store operation.
> 
>  1) A newline-terminated input string causes redundant newlines
> 
>   # echo "test" > /sys/bus/mc0/devices/dimm0/dimm_label
>   # cat  /sys/bus/mc0/devices/dimm0/dimm_label
>   test
> 
>   #  od -bc /sys/bus/mc0/devices/dimm0/dimm_label
>   0000000 164 145 163 164 012 012
>             t   e   s   t  \n  \n
>   0000006
> 
>  2) The original label string (31 characters) cannot be stored due to
>     an improper size check
> 
>   # echo "CPU_SrcID#0_Ha#0_Chan#0_DIMM#0" \
>   > /sys/bus/mc0/devices/dimm0/dimm_label
>   # cat /sys/bus/mc0/devices/dimm0/dimm_label
> 
> 
>   # od -bc /sys/bus/mc0/devices/dimm0/dimm_label
>    0000000 012 012
>             \n  \n
>    0000002
> 
>  3) An input string longer than the buffer size results a wrong label
>     info as it allows a retry with the remaining string.
> 
>   # echo "CPU_SrcID#0_Ha#0_Chan#0_DIMM#0_TEST" \
>   > /sys/bus/mc0/devices/dimm0/dimm_label
>   # cat  /sys/bus/mc0/devices/dimm0/dimm_label
>   _TEST
> 
> Fix these issues by making the following changes:
>  1) Replace a newline charactor at the end by setting a null. It also
>     assures that the string is null-terminated within the size.
>  2) Check the label buffer size with 'sizeof(dimm->label)'.
>  3) Fail a request if its string exceeds the label buffer size.
> 
> Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
> Acked-by: Tony Luck <tony.luck@intel.com>
> Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
> Cc: Borislav Petkov <bp@alien8.de>
> Cc: Doug Thompson <dougthompson@xmission.com>
> Cc: Robert Elliott <elliott@hpe.com>
> Cc: Tony Luck <tony.luck@intel.com>
> ---
>  drivers/edac/edac_mc_sysfs.c |   20 ++++++++++----------
>  1 file changed, 10 insertions(+), 10 deletions(-)

...

> @@ -495,13 +495,13 @@ static ssize_t dimmdev_label_store(struct device *dev,
>  {
>  	struct dimm_info *dimm = to_dimm(dev);
>  
> -	ssize_t max_size = 0;
> +	if (count == 0 || count > sizeof(dimm->label))
> +		return -EINVAL;

$ echo "" > /sys/bus/mc0/devices/dimm0/dimm_label
$ od -bc /sys/bus/mc0/devices/dimm0/dimm_label
0000000
$ cat /sys/bus/mc0/devices/dimm0/dimm_label
$

I don't think we want to allow empty labels. I guess something like this
(2 because there's also the additional "\n"):

diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
index d4e0bff268d8..e52ba338334b 100644
--- a/drivers/edac/edac_mc_sysfs.c
+++ b/drivers/edac/edac_mc_sysfs.c
@@ -241,7 +241,7 @@ static ssize_t channel_dimm_label_store(struct device *dev,
        unsigned chan = to_channel(mattr);
        struct rank_info *rank = csrow->channels[chan];
 
-       if (count == 0 || count > sizeof(rank->dimm->label))
+       if (count < 2 || count > sizeof(rank->dimm->label))
                return -EINVAL;
 
        strncpy(rank->dimm->label, data, count);
@@ -495,7 +495,7 @@ static ssize_t dimmdev_label_store(struct device *dev,
 {
        struct dimm_info *dimm = to_dimm(dev);
 
-       if (count == 0 || count > sizeof(dimm->label))
+       if (count < 2 || count > sizeof(dimm->label))
                return -EINVAL;
 
        strncpy(dimm->label, data, count);

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.