[PATCH] powerpc/fadump: reject empty bootargs

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] powerpc/fadump: reject empty bootargs_append writes
@ 2026-04-17  7:39 Pengpeng Hou
  2026-04-17  7:53 ` Christophe Leroy (CS GROUP)
  2026-04-17  9:30 ` Sourabh Jain
  0 siblings, 2 replies; 3+ messages in thread
From: Pengpeng Hou @ 2026-04-17  7:39 UTC (permalink / raw)
  To: Madhavan Srinivasan, Michael Ellerman
  Cc: Nicholas Piggin, Christophe Leroy (CS GROUP), Sourabh Jain,
	Hari Bathini, Jiri Bohac, Shrikanth Hegde, linuxppc-dev,
	linux-kernel, Pengpeng Hou, stable

bootargs_append_store() indexes params[count - 1] when stripping a
trailing newline from the sysfs write buffer.

kernfs passes zero-length writes through to the store callback, so an
empty write makes that newline check read before the start of params.

Reject empty writes before looking at the last input byte.

Fixes: 683eab94da75 ("powerpc/fadump: setup additional parameters for dump capture kernel")
Cc: stable@vger.kernel.org

Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
---
 arch/powerpc/kernel/fadump.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
index 4ebc333dd786..03ab5565e420 100644
--- a/arch/powerpc/kernel/fadump.c
+++ b/arch/powerpc/kernel/fadump.c
@@ -1479,6 +1479,9 @@ static ssize_t bootargs_append_store(struct kobject *kobj,
 	if (!fw_dump.fadump_enabled || fw_dump.dump_active)
 		return -EPERM;
 
+	if (!count)
+		return -EINVAL;
+
 	if (count >= COMMAND_LINE_SIZE)
 		return -EINVAL;
 
-- 
2.50.1 (Apple Git-155)


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] powerpc/fadump: reject empty bootargs_append writes
  2026-04-17  7:39 [PATCH] powerpc/fadump: reject empty bootargs_append writes Pengpeng Hou
@ 2026-04-17  7:53 ` Christophe Leroy (CS GROUP)
  2026-04-17  9:30 ` Sourabh Jain
  1 sibling, 0 replies; 3+ messages in thread
From: Christophe Leroy (CS GROUP) @ 2026-04-17  7:53 UTC (permalink / raw)
  To: Pengpeng Hou, Madhavan Srinivasan, Michael Ellerman
  Cc: Nicholas Piggin, Sourabh Jain, Hari Bathini, Jiri Bohac,
	Shrikanth Hegde, linuxppc-dev, linux-kernel, stable



Le 17/04/2026 à 09:39, Pengpeng Hou a écrit :
> bootargs_append_store() indexes params[count - 1] when stripping a
> trailing newline from the sysfs write buffer.
> 
> kernfs passes zero-length writes through to the store callback, so an
> empty write makes that newline check read before the start of params.
> 
> Reject empty writes before looking at the last input byte.
> 
> Fixes: 683eab94da75 ("powerpc/fadump: setup additional parameters for dump capture kernel")
> Cc: stable@vger.kernel.org
> 
> Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
> ---
>   arch/powerpc/kernel/fadump.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
> index 4ebc333dd786..03ab5565e420 100644
> --- a/arch/powerpc/kernel/fadump.c
> +++ b/arch/powerpc/kernel/fadump.c
> @@ -1479,6 +1479,9 @@ static ssize_t bootargs_append_store(struct kobject *kobj,
>   	if (!fw_dump.fadump_enabled || fw_dump.dump_active)
>   		return -EPERM;
>   
> +	if (!count)
> +		return -EINVAL;

Why return an error ? A 0 size write is a valid write, it should return 
0 I think.

> +
>   	if (count >= COMMAND_LINE_SIZE)
>   		return -EINVAL;
>   


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] powerpc/fadump: reject empty bootargs_append writes
  2026-04-17  7:39 [PATCH] powerpc/fadump: reject empty bootargs_append writes Pengpeng Hou
  2026-04-17  7:53 ` Christophe Leroy (CS GROUP)
@ 2026-04-17  9:30 ` Sourabh Jain
  1 sibling, 0 replies; 3+ messages in thread
From: Sourabh Jain @ 2026-04-17  9:30 UTC (permalink / raw)
  To: Pengpeng Hou, Madhavan Srinivasan, Michael Ellerman
  Cc: Nicholas Piggin, Christophe Leroy (CS GROUP), Hari Bathini,
	Jiri Bohac, Shrikanth Hegde, linuxppc-dev, linux-kernel, stable



On 17/04/26 13:09, Pengpeng Hou wrote:
> bootargs_append_store() indexes params[count - 1] when stripping a
> trailing newline from the sysfs write buffer.
>
> kernfs passes zero-length writes through to the store callback, so an
> empty write makes that newline check read before the start of params.
>
> Reject empty writes before looking at the last input byte.
>
> Fixes: 683eab94da75 ("powerpc/fadump: setup additional parameters for dump capture kernel")
> Cc: stable@vger.kernel.org
>
> Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
> ---
>   arch/powerpc/kernel/fadump.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
> index 4ebc333dd786..03ab5565e420 100644
> --- a/arch/powerpc/kernel/fadump.c
> +++ b/arch/powerpc/kernel/fadump.c
> @@ -1479,6 +1479,9 @@ static ssize_t bootargs_append_store(struct kobject *kobj,
>   	if (!fw_dump.fadump_enabled || fw_dump.dump_active)
>   		return -EPERM;
>   
> +	if (!count)
> +		return -EINVAL;

How you manage to call this function with count as 0?

> +
>   	if (count >= COMMAND_LINE_SIZE)
>   		return -EINVAL;
>   


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-04-17  9:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-17  7:39 [PATCH] powerpc/fadump: reject empty bootargs_append writes Pengpeng Hou
2026-04-17  7:53 ` Christophe Leroy (CS GROUP)
2026-04-17  9:30 ` Sourabh Jain

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox