From: Sourabh Jain <sourabhjain@linux.ibm.com>
To: Pengpeng Hou <pengpeng@iscas.ac.cn>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: Nicholas Piggin <npiggin@gmail.com>,
"Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
Hari Bathini <hbathini@linux.ibm.com>,
Jiri Bohac <jbohac@suse.cz>,
Shrikanth Hegde <sshegde@linux.ibm.com>,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] powerpc/fadump: reject empty bootargs_append writes
Date: Fri, 17 Apr 2026 15:00:36 +0530 [thread overview]
Message-ID: <dc17d2a4-058a-4ca7-b701-32a53c71f07f@linux.ibm.com> (raw)
In-Reply-To: <20260417073907.4985-1-pengpeng@iscas.ac.cn>
On 17/04/26 13:09, Pengpeng Hou wrote:
> bootargs_append_store() indexes params[count - 1] when stripping a
> trailing newline from the sysfs write buffer.
>
> kernfs passes zero-length writes through to the store callback, so an
> empty write makes that newline check read before the start of params.
>
> Reject empty writes before looking at the last input byte.
>
> Fixes: 683eab94da75 ("powerpc/fadump: setup additional parameters for dump capture kernel")
> Cc: stable@vger.kernel.org
>
> Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
> ---
> arch/powerpc/kernel/fadump.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
> index 4ebc333dd786..03ab5565e420 100644
> --- a/arch/powerpc/kernel/fadump.c
> +++ b/arch/powerpc/kernel/fadump.c
> @@ -1479,6 +1479,9 @@ static ssize_t bootargs_append_store(struct kobject *kobj,
> if (!fw_dump.fadump_enabled || fw_dump.dump_active)
> return -EPERM;
>
> + if (!count)
> + return -EINVAL;
How you manage to call this function with count as 0?
> +
> if (count >= COMMAND_LINE_SIZE)
> return -EINVAL;
>
prev parent reply other threads:[~2026-04-17 9:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-17 7:39 [PATCH] powerpc/fadump: reject empty bootargs_append writes Pengpeng Hou
2026-04-17 7:53 ` Christophe Leroy (CS GROUP)
2026-04-17 9:30 ` Sourabh Jain [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dc17d2a4-058a-4ca7-b701-32a53c71f07f@linux.ibm.com \
--to=sourabhjain@linux.ibm.com \
--cc=chleroy@kernel.org \
--cc=hbathini@linux.ibm.com \
--cc=jbohac@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=pengpeng@iscas.ac.cn \
--cc=sshegde@linux.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox