From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 993CE26E71F; Sun, 12 Apr 2026 15:17:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776007020; cv=none; b=GQd0pHg7/m/8SQGDosujY1HiA4GBs9wrd0Yr9AlAt+P0Knb9mz+uAl0BOmcsIkRs8AWSHmdywbmKn/sYrJibIieKYxfFD9KHMyHr+e0amxwklf5YjjnYs+6I5GDBtyq0k4hZnaSB5Lns/3ao7NH+QPv494YSp6AFQkq8ZgdAjxo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776007020; c=relaxed/simple; bh=5zef6enKB5ySdyV6i+5YPI+rubdsXOoMloPeHZAGqaQ=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YdJzGWOH+pv0xBVkTMVeSpN+2YB8v5faB5hhEWAzDI/gWe1AZNARc6tcquLnTWfqNSQPTzEYEds/mWrObcVGG2UsdjiHjuI3MYO3TilG9dUyUxk5XGxPWgzJSRCxHwR5muBljwJan0HuF0rBP6UAftADLDu37/kjvOa+AaoTp7I= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=R+le5F8U; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="R+le5F8U" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B38EAC19424; Sun, 12 Apr 2026 15:16:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776007020; bh=5zef6enKB5ySdyV6i+5YPI+rubdsXOoMloPeHZAGqaQ=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=R+le5F8UT4rF8r3/IO4T90e5P2z+XSrdsi6VeJJtPQODVjN8AJvp7CNXTTbO48vk2 AcAFPlTtNOnXXx3HuUPQSSTKLZnXtjGnJi3sjMLpAhhle4UG4yMI7IaysVXlScxlb7 0FegLuHidt3kZs9a+M18aeWyNx/3YT6BaEv8mFRDyTpe5OH6JfbpPenBFBsR+unBfG IZNOuE9Fk4CGcgZwtWGVOCr4ZH3Q7aKoAIyobjdHIUl0w5G69pWA+xskPAjzGQWWaz ARMEt3o0yuMvMXT0MNshgfrX6ZidFUMumL2hbtjsV+xFWSYFsXMjICW/JJ54MIRAt2 raplHc9VlMeCw== Date: Sun, 12 Apr 2026 16:16:51 +0100 From: Jonathan Cameron To: Andy Shevchenko Cc: Pengpeng Hou , Gyeyoung Baek , David Lechner , Nuno =?UTF-8?B?U8Oh?= , Andy Shevchenko , linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] iio: chemical: mhz19b: reject oversized serial replies Message-ID: <20260412161651.3479e47e@jic23-huawei> In-Reply-To: References: <20260402054015.38565-1-pengpeng@iscas.ac.cn> X-Mailer: Claws Mail 4.4.0 (GTK 3.24.52; x86_64-pc-linux-gnu) Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 2 Apr 2026 11:39:04 +0300 Andy Shevchenko wrote: > On Thu, Apr 02, 2026 at 01:40:15PM +0800, Pengpeng Hou wrote: > > mhz19b_receive_buf() appends each serdev chunk into the fixed > > MHZ19B_CMD_SIZE receive buffer and advances buf_idx by len without > > checking that the chunk fits in the remaining space. A large callback > > can therefore overflow st->buf before the command path validates the > > reply. > > > > Reset the reply state before each command and reject oversized serial > > replies before copying them into the fixed buffer. When an oversized > > reply is detected, wake the waiter and report -EMSGSIZE instead of > > overwriting st->buf. > > ... > > > struct completion buf_ready; > > > > u8 buf_idx; > > + bool buf_overflow; > > + blank line here. > > (No need to resend just for this.) > This version addressed the comment I just made on v2 so all good. I tweaked whilst applying. Applied to the fixes-togreg branch of iio.git. Note I'm unlikely to send another fixes pull request this cycle, so I'll rebase that branch on rc1 once available and send out then. Thanks, Jonathan