From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5B1E3B5842 for ; Thu, 14 May 2026 08:06:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.41 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778745982; cv=none; b=L11xkzWGqYIZvaVa7KHkiBhNX3UQ+212Gu8Bk8ERXHdJn1jSLZWnDnxCCiyxTey4p96WxMds7jpjmKNeN681eZWUb4lsSl0u57nNXbKpmlQA4JwGK6f7MspU7h9wLS7UztoN9bYqMdv/SfP9fxaNEVNTEm9cBrtRqBvXrYAQ/ao= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778745982; c=relaxed/simple; bh=93eSD/kBmjnUPehl5bOd1PkcsxFoeb+z/4IrjvzFW5k=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=Bb/Qkjtwh9PD3mlhQQFF6/efp238QAzN5MfYyp5AfevDzxOy85ebGhmWqSef33js99f0FrYWX8R9+PHL5R9FVJ2FeBXfw51tRJ3zifskdO066PRyfJBj4fziOEhh/mm0KZIJWf6oYNWmdnR0nS3v01qIBR2OSLNrUyIA0etJn0U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=L8rWrR7R; arc=none smtp.client-ip=209.85.221.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="L8rWrR7R" Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-45ae6a0e523so1895363f8f.1 for ; Thu, 14 May 2026 01:06:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1778745979; x=1779350779; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=0sEeUOyNcRID3I5ygd6MigioVnL/EYNN2mZD8yeALKU=; b=L8rWrR7RvpXY6Mm7WLNxziaUCQPbtl0onuZ38AlVVdcsoFJtkbmHEzKqR8ZAUKXwlK E1FW1Mp7cxxZEfZXIqeyWZBLbxdsAu42e7B0xhbrB/kEGd8TUGinMCH4goPAoFttDuaA IiQ4eHSjcsstI1tTrtxCoLh+YmNxN5mpKolh7HogRsXxvgRIQIYLH1UIUA3YEMnQF7U/ lflhv+v85wS4hPkS4zboNuq/IVCxUDVbFT6zEkZewI0/XYyD8dNn5+iJjcTv6zCQ0fNq WfhbyTzKK8aBm1RKUR7fkaeDuuuNtVLt9eWvo/u0im8XDVmtGtKR6bt10D7CeCpq9CGF tRhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778745979; x=1779350779; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0sEeUOyNcRID3I5ygd6MigioVnL/EYNN2mZD8yeALKU=; b=QfWhbEVrEveZKa+pQBWT0QFWqsLykcDHDoaAXfEcj5/BxCCk6/qXpUl+8Lp/AZ9RNh fhYDEXTdOJ3KwyDSbye+vRdB/lVugm4/TyLKlBSGp4OZwAb64T2Z40EciRIEOT3CQ5O7 fi7LRMNf70MF++zTbDEeBLT+EfFix/2qgYs+b5g2XYsOiDgqFNkPTs2clgeBCdUvjcvm 3pMFHGoFWZ9wCWkravWp9DUXOk0fLkJtJbUQZLTGWrF9CXEK9WCW8aBuOxthUaSS/uho MJkYQK2icbXyzC9aHe/gRT5N008qePbea24YUlt4fDiiK72rslEvZxleGqPhglMPvooG zH6A== X-Forwarded-Encrypted: i=1; AFNElJ+2BNs2frJ+sskyrn68IeXY06amY905SsiIixOpUUbpC41Nlx0dHLE0EHp993/tWBLbsof3SfCb30yOnuY=@vger.kernel.org X-Gm-Message-State: AOJu0YyjdPtNnkmEdB2uusdkaLh7GuTWU3kWLNrmqa1PaBrXGgu8xtFZ YQX4p++yHMxB1G3Pc9vH4IqQXzVcMPMcF7nmO2DVIJMzL0CTUEl76AMTjKd12bu0m7E= X-Gm-Gg: Acq92OG7Vasjpic2CcFwocX2CU/sosxSO4QKx/FsddmABWmwDMigl2uAftZtdGymQGv TdSnoBFnnG9wRSyVNZqANlX3s3Oaty+TZG9V0HtdWb8CpqeVoR0YY+DypGBSXHvNrovhqJqSVBl Cf6g+9ta9sOGPEYz8GxVww4FTDbKoPKENmK9e/ECAFQ07X5Wk8lHR2jXgAijzunx86NtzPW3FL3 Vl6pUQEsNt1i5YUEsSbpqziNf2BHuH/PRvyRGJS6tSvZWe32tdcx8hsJRTLcO8s6T9WOnSGBB8I OLD8DGM1MSgLAvKKuTRX4HMByKg9JrF1uy1ULUFX7Hd1JiISDDO+N3TyiIc3MOSiWK/U2yrNaG+ +8xZLjICaYOgw4m6B9seYYAAD7uoi2/MYpGcse1sdk+Z5KX1ko1XJX5l/l2OEzYYGrNdWb1TJ1O Y+QgSjSilskcgxQuX6+Q/fLdB9T03E31BEtacI4GjXQxbm X-Received: by 2002:a05:6000:2dca:b0:43c:fd7e:72eb with SMTP id ffacd0b85a97d-45c5aa655a4mr10646538f8f.41.1778745979153; Thu, 14 May 2026 01:06:19 -0700 (PDT) Received: from [192.168.42.79] (nat2.prg.suse.com. [195.250.132.146]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45da15a6449sm4787290f8f.37.2026.05.14.01.06.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 14 May 2026 01:06:18 -0700 (PDT) Message-ID: <5bfa28de-9d37-45c2-8c0f-e93b36119910@suse.com> Date: Thu, 14 May 2026 10:06:18 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2] params: bound array element output to the caller's page buffer To: Pengpeng Hou Cc: Daniel Gomez , Sami Tolvanen , Kees Cook , Aaron Tomlin , Dmitry Antipov , Thorsten Blum , linux-kernel@vger.kernel.org, stable@vger.kernel.org References: <20260417075042.26632-1-pengpeng@iscas.ac.cn> <20260507082103.94473-1-pengpeng@iscas.ac.cn> Content-Language: en-US From: Petr Pavlu In-Reply-To: <20260507082103.94473-1-pengpeng@iscas.ac.cn> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 5/7/26 10:21 AM, Pengpeng Hou wrote: > param_array_get() appends each element's string representation into the > shared sysfs page buffer by passing buffer + off to the element getter. > > That works for getters that only write a small bounded string, but > param_get_charp() and similar helpers format against PAGE_SIZE from the > pointer they receive. Once off is non-zero, an element getter can > therefore write past the end of the original sysfs page buffer. > > Collect each element into a temporary PAGE_SIZE buffer first and then > copy only the remaining space into the caller's page buffer. > > Cc: stable@vger.kernel.org > Reviewed-by: Petr Pavlu > Signed-off-by: Pengpeng Hou > --- > Changes since v1: > - drop the incorrect Fixes tag; as Petr pointed out, the issue appears > to predate mainline git history > - add Petr's Reviewed-by > - avoid rewriting the previous separator if the page buffer has no room > to copy any bytes from the next element I'm confused by this change. Didn't the simpler v1 already have this behavior? -- Thanks, Petr