[PATCH] net: netxen: correct sysfs bin attribute return code

[PATCH] net: netxen: correct sysfs bin attribute return code

[Vladimir Zapolskiy]

If read() syscall requests unexpected number of bytes from "dimm" binary
attribute file, return EINVAL instead of EPERM.

At the same time pin down sysfs file size to the fixed
sizeof(struct netxen_dimm_cfg), which allows to exploit some missing
sanity checks from kernfs (file boundary checks vs offset etc.)

Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
---
 drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
index e0c31e3..6409a06 100644
--- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
+++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
@@ -3025,9 +3025,9 @@ netxen_sysfs_read_dimm(struct file *filp, struct kobject *kobj,
 	u8 dw, rows, cols, banks, ranks;
 	u32 val;
 
-	if (size != sizeof(struct netxen_dimm_cfg)) {
+	if (size < attr->size) {
 		netdev_err(netdev, "Invalid size\n");
-		return -1;
+		return -EINVAL;
 	}
 
 	memset(&dimm, 0, sizeof(struct netxen_dimm_cfg));
@@ -3137,7 +3137,7 @@ out:
 
 static struct bin_attribute bin_attr_dimm = {
 	.attr = { .name = "dimm", .mode = (S_IRUGO | S_IWUSR) },
-	.size = 0,
+	.size = sizeof(struct netxen_dimm_cfg),
 	.read = netxen_sysfs_read_dimm,
 };
 
-- 
2.1.4

RE: [PATCH] net: netxen: correct sysfs bin attribute return code

[Manish Chopra]

> -----Original Message-----
> From: Vladimir Zapolskiy [mailto:vz@mleia.com]
> Sent: Tuesday, May 26, 2015 6:20 AM
> To: David Miller; Manish Chopra; Sony Chacko; Rajesh Borundia
> Cc: netdev
> Subject: [PATCH] net: netxen: correct sysfs bin attribute return code
> 
> If read() syscall requests unexpected number of bytes from "dimm" binary
> attribute file, return EINVAL instead of EPERM.
> 
> At the same time pin down sysfs file size to the fixed sizeof(struct
> netxen_dimm_cfg), which allows to exploit some missing sanity checks from
> kernfs (file boundary checks vs offset etc.)
> 
> Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
> ---
>  drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
> b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
> index e0c31e3..6409a06 100644
> --- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
> +++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
> @@ -3025,9 +3025,9 @@ netxen_sysfs_read_dimm(struct file *filp, struct
> kobject *kobj,
>  	u8 dw, rows, cols, banks, ranks;
>  	u32 val;
> 
> -	if (size != sizeof(struct netxen_dimm_cfg)) {
> +	if (size < attr->size) {
>  		netdev_err(netdev, "Invalid size\n");
> -		return -1;
> +		return -EINVAL;
>  	}
> 
>  	memset(&dimm, 0, sizeof(struct netxen_dimm_cfg)); @@ -3137,7
> +3137,7 @@ out:
> 
>  static struct bin_attribute bin_attr_dimm = {
>  	.attr = { .name = "dimm", .mode = (S_IRUGO | S_IWUSR) },
> -	.size = 0,
> +	.size = sizeof(struct netxen_dimm_cfg),
>  	.read = netxen_sysfs_read_dimm,
>  };
> 

Acked-by: Manish Chopra <manish.chopra@qlogic.com>

Thanks.