[PATCH 5.4 59/69] platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Vadim Pasternak <vadimp@nvidia.com>,
	Hans de Goede <hdegoede@redhat.com>
Subject: [PATCH 5.4 59/69] platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
Date: Mon, 18 Oct 2021 15:24:57 +0200	[thread overview]
Message-ID: <20211018132331.426661817@linuxfoundation.org> (raw)
In-Reply-To: <20211018132329.453964125@linuxfoundation.org>

From: Vadim Pasternak <vadimp@nvidia.com>

commit 9b024201693e397441668cca0d2df7055fe572eb upstream.

Change kstrtou32() argument 'base' to be zero instead of 'len'.
It works by chance for setting one bit value, but it is not supposed to
work in case value passed to mlxreg_io_attr_store() is greater than 1.

It works for example, for:
echo 1 > /sys/devices/platform/mlxplat/mlxreg-io/hwmon/.../jtag_enable
But it will fail for:
echo n > /sys/devices/platform/mlxplat/mlxreg-io/hwmon/.../jtag_enable,
where n > 1.

The flow for input buffer conversion is as below:
_kstrtoull(const char *s, unsigned int base, unsigned long long *res)
calls:
rv = _parse_integer(s, base, &_res);

For the second case, where n > 1:
- _parse_integer() converts 's' to 'val'.
  For n=2, 'len' is set to 2 (string buffer is 0x32 0x0a), for n=3
  'len' is set to 3 (string buffer 0x33 0x0a), etcetera.
- 'base' is equal or greater then '2' (length of input buffer).

As a result, _parse_integer() exits with result zero (rv):
	rv = 0;
	while (1) {
		...
		if (val >= base)-> (2 >= 2)
			break;
		...
		rv++;
		...
	}

And _kstrtoull() in their turn will fail:
	if (rv == 0)
		return -EINVAL;

Fixes: 5ec4a8ace06c ("platform/mellanox: Introduce support for Mellanox register access driver")
Signed-off-by: Vadim Pasternak <vadimp@nvidia.com>
Link: https://lore.kernel.org/r/20210927142214.2613929-2-vadimp@nvidia.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/platform/mellanox/mlxreg-io.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/platform/mellanox/mlxreg-io.c
+++ b/drivers/platform/mellanox/mlxreg-io.c
@@ -123,7 +123,7 @@ mlxreg_io_attr_store(struct device *dev,
 		return -EINVAL;
 
 	/* Convert buffer to input value. */
-	ret = kstrtou32(buf, len, &input_val);
+	ret = kstrtou32(buf, 0, &input_val);
 	if (ret)
 		return ret;

next prev parent reply	other threads:[~2021-10-18 13:37 UTC|newest]

Thread overview: 73+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-18 13:23 [PATCH 5.4 00/69] 5.4.155-rc1 review Greg Kroah-Hartman
2021-10-18 13:23 ` [PATCH 5.4 01/69] ovl: simplify file splice Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 02/69] ALSA: usb-audio: Add quirk for VF0770 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 03/69] ALSA: seq: Fix a potential UAF by wrong private_free call order Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 04/69] ALSA: hda/realtek: Complete partial device name to avoid ambiguity Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 05/69] ALSA: hda/realtek: Add quirk for Clevo X170KM-G Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 06/69] ALSA: hda/realtek - ALC236 headset MIC recording issue Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 07/69] ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 08/69] nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^ Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 09/69] s390: fix strrchr() implementation Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 10/69] csky: dont let sigreturn play with priveleged bits of status register Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 11/69] csky: Fixup regs.sr broken in ptrace Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 12/69] btrfs: unlock newly allocated extent buffer after error Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 13/69] btrfs: deal with errors when replaying dir entry during log replay Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 14/69] btrfs: deal with errors when adding inode reference " Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 15/69] btrfs: check for error when looking up inode during dir entry replay Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 16/69] watchdog: orion: use 0 for unset heartbeat Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 17/69] x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 18/69] mei: me: add Ice Lake-N device id Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 19/69] xhci: guard accesses to ep_state in xhci_endpoint_reset() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 20/69] xhci: Fix command ring pointer corruption while aborting a command Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 21/69] xhci: Enable trust tx length quirk for Fresco FL11 USB controller Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 22/69] cb710: avoid NULL pointer subtraction Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 23/69] efi/cper: use stack buffer for error record decoding Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 24/69] efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 25/69] usb: musb: dsps: Fix the probe error path Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 26/69] Input: xpad - add support for another USB ID of Nacon GC-100 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 27/69] USB: serial: qcserial: add EM9191 QDL support Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 28/69] USB: serial: option: add Quectel EC200S-CN module support Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 29/69] USB: serial: option: add Telit LE910Cx composition 0x1204 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 30/69] USB: serial: option: add prod. id for Quectel EG91 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 31/69] virtio: write back F_VERSION_1 before validate Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 32/69] EDAC/armada-xp: Fix output of uncorrectable error counter Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 33/69] nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 34/69] KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() Greg Kroah-Hartman
2021-10-19 10:34   ` Michael Ellerman
2021-10-18 13:24 ` [PATCH 5.4 35/69] KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest Greg Kroah-Hartman
2021-10-19 10:54   ` Michael Ellerman
2021-10-18 13:24 ` [PATCH 5.4 36/69] x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 37/69] powerpc/xive: Discard disabled interrupts in get_irqchip_state() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 38/69] iio: adc: aspeed: set driver data when adc probe Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 39/69] iio: adc128s052: Fix the error handling path of adc128_probe() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 40/69] iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 41/69] iio: light: opt3001: Fixed timeout error when 0 lux Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 42/69] iio: ssp_sensors: add more range checking in ssp_parse_dataframe() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 43/69] iio: ssp_sensors: fix error code in ssp_print_mcu_debug() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 44/69] iio: dac: ti-dac5571: fix an error code in probe() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 45/69] sctp: account stream padding length for reconf chunk Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 46/69] gpio: pca953x: Improve bias setting Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 47/69] net: arc: select CRC32 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 48/69] net: korina: " Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 49/69] net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 50/69] net: stmmac: fix get_hw_feature() on old hardware Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 51/69] net: encx24j600: check error in devm_regmap_init_encx24j600 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 52/69] ethernet: s2io: fix setting mac address during resume Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 53/69] nfc: fix error handling of nfc_proto_register() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 54/69] NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 55/69] NFC: digital: fix possible memory leak in digital_in_send_sdd_req() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 56/69] pata_legacy: fix a couple uninitialized variable bugs Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 57/69] ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 58/69] mlxsw: thermal: Fix out-of-bounds memory accesses Greg Kroah-Hartman
2021-10-18 13:24 ` Greg Kroah-Hartman [this message]
2021-10-18 13:24 ` [PATCH 5.4 60/69] drm/panel: olimex-lcd-olinuxino: select CRC32 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 5.4 61/69] drm/msm: Fix null pointer dereference on pointer edp Greg Kroah-Hartman
2021-10-18 13:25 ` [PATCH 5.4 62/69] drm/msm/mdp5: fix cursor-related warnings Greg Kroah-Hartman
2021-10-18 13:25 ` [PATCH 5.4 63/69] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() Greg Kroah-Hartman
2021-10-18 13:25 ` [PATCH 5.4 64/69] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling Greg Kroah-Hartman
2021-10-18 13:25 ` [PATCH 5.4 65/69] acpi/arm64: fix next_platform_timer() section mismatch error Greg Kroah-Hartman
2021-10-18 13:25 ` [PATCH 5.4 66/69] mqprio: Correct stats in mqprio_dump_class_stats() Greg Kroah-Hartman
2021-10-18 13:25 ` [PATCH 5.4 67/69] qed: Fix missing error code in qed_slowpath_start() Greg Kroah-Hartman
2021-10-18 13:25 ` [PATCH 5.4 68/69] r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 Greg Kroah-Hartman
2021-10-18 13:25 ` [PATCH 5.4 69/69] ionic: dont remove netdev->dev_addr when syncing uc list Greg Kroah-Hartman
2021-10-18 14:11 ` [PATCH 5.4 00/69] 5.4.155-rc1 review Naresh Kamboju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211018132331.426661817@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=hdegoede@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=vadimp@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox