From: "Krzysztof Wilczyński" <kw@linux.com>
To: Deepanshu Kartikey <kartikey406@gmail.com>
Cc: bhelgaas@google.com, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org,
syzbot+c7604c9fdd7580cca4e0@syzkaller.appspotmail.com
Subject: Re: [PATCH] PCI/proc: check __get_user() return value in proc_bus_pci_write()
Date: Mon, 4 May 2026 03:46:27 +0900 [thread overview]
Message-ID: <20260503154557.GA1455207@rocinante> (raw)
In-Reply-To: <20260502011446.125268-1-kartikey406@gmail.com>
Hello,
> Check __get_user() and return -EFAULT on failure.
[...]
> @@ -136,7 +136,10 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
>
> if ((pos & 1) && cnt) {
> unsigned char val;
> - __get_user(val, buf);
> + if (__get_user(val, buf)) {
> + ret = -EFAULT;
> + goto out;
> + }
We could move to get_user() here. This would allow you to drop
the access_ok(), too, as get_user() would return -EFAULT on error.
So, something simple, like:
if (get_user(val, buf))
goto err;
> +out:
Use "err" for a single goto label for the error path.
> pci_config_pm_runtime_put(dev);
> -
> *ppos = pos;
> - i_size_write(ino, dev->cfg_size);
> - return nbytes;
> + if (ret > 0)
> + i_size_write(ino, dev->cfg_size);
> + return ret;
This can be kept simple:
err:
pci_config_pm_runtime_put(dev);
return -EFAULT;
The i_size_write() is such an unfortunate band-aid, but unless we have a
way to set the size before the procfs entry is created/made visible, then
the problem that this aims to fix is here to stay for now, see:
ecb3908046ce ("pci: write file size to inode on proc bus file write")
Having said all that, since you are looking at proc_bus_pci_write(),
then perhaps an update to proc_bus_pci_read() to use put_user() would
also be prudent.
Thank you!
Krzysztof
next prev parent reply other threads:[~2026-05-03 18:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-02 1:14 [PATCH] PCI/proc: check __get_user() return value in proc_bus_pci_write() Deepanshu Kartikey
2026-05-03 18:46 ` Krzysztof Wilczyński [this message]
2026-05-04 1:23 ` Deepanshu Kartikey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260503154557.GA1455207@rocinante \
--to=kw@linux.com \
--cc=bhelgaas@google.com \
--cc=kartikey406@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=syzbot+c7604c9fdd7580cca4e0@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox