Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp5754763ybi;
        Wed, 31 Jul 2019 02:50:11 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxhSy/tGYvE7VUwJfEDm4GJ2p5ZJz/15kbQKCg0EHxFdBkIQ5j1lYbB51MtMV/2K1iaYpL5
X-Received: by 2002:a17:90a:2562:: with SMTP id j89mr2027744pje.123.1564566611025;
        Wed, 31 Jul 2019 02:50:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564566611; cv=none;
        d=google.com; s=arc-20160816;
        b=y+O48MbvgBjNgXdAEfp9HvhebdSAS+gobeveHKVT41rasT39Z30SM7/eWIoYdsFbGr
         hYI6HsAG6Mpkc+uU9Ss0Nd8qHzeOgUDGJpv1hu8TrsFiqMfCl5pCH7Jwsmsxbz+Lpgd2
         0VAkgZRpIRaXF28+wH0mFfQLYxTqrdrVJG3ZXdGVjOO6Jj5hhuixgE/9bNdlsvpBVGTz
         hYHEbOJEsSDn6LWWIBrfLoo7+dmTzysw+g9gfckpWxoHovZfh1x4OV1ouAJT5StczEG3
         vkPHxBeJ0iN/+Kg1sFg8tuMGkXJ1kQTfzY5USCPYCM++eXLmBH17ecTyy9cF/yi6gyn/
         C3RA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from;
        bh=bCBW619KDf0tHLfjJ0vomYE4P5uvQJUhOYtqeVyI/WE=;
        b=sbU0qvjW/0OIVMWl6OPk6qHczcWtNBl7cJxkTRKo7RoYQe/UkvX9MA+VI8jwGIQVNA
         l+fUsiyojS88sCru7wq3/BTtWZkSjeSep1RN8fDdtYuTXLnp4lto14Mmd2L2jm6JxSYg
         p8th+Q9G6GyrGsZDPDTRb4ECvBxgRKRvztjDI39fATrd8KAGzgOekJ10oXLm/F6IFW0U
         kSWy1ZaTf/yyQ7SlI1SSNRx00XUTzAdq0zen9usRY8Vv2QyqGWEtGCSDFM9WAM0oPtMW
         EP1rOZRdPYkljswws06WD74aWnnWeeLDWKeJbSEH1kMl4DN6kHkKMuRECTGUB17AutRm
         rv7g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c14si31396395pgc.244.2019.07.31.02.49.55;
        Wed, 31 Jul 2019 02:50:11 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728205AbfGaJCp (ORCPT <rfc822;0330sisy@gmail.com> + 99 others);
        Wed, 31 Jul 2019 05:02:45 -0400
Received: from relmlor1.renesas.com ([210.160.252.171]:38725 "EHLO
        relmlie5.idc.renesas.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1726699AbfGaJCo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 31 Jul 2019 05:02:44 -0400
X-IronPort-AV: E=Sophos;i="5.64,329,1559487600"; 
   d="scan'208";a="22937243"
Received: from unknown (HELO relmlir6.idc.renesas.com) ([10.200.68.152])
  by relmlie5.idc.renesas.com with ESMTP; 31 Jul 2019 18:02:42 +0900
Received: from localhost.localdomain (unknown [10.166.17.210])
        by relmlir6.idc.renesas.com (Postfix) with ESMTP id F4236421A7EC;
        Wed, 31 Jul 2019 18:02:41 +0900 (JST)
From:   Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
To:     kishon@ti.com
Cc:     pavel@denx.de, linux-kernel@vger.kernel.org,
        linux-renesas-soc@vger.kernel.org, stable@vger.kernel.org,
        Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Subject: [PATCH] phy: renesas: rcar-gen3-usb2: Fix sysfs interface of "role"
Date:   Wed, 31 Jul 2019 18:01:29 +0900
Message-Id: <1564563689-25863-1-git-send-email-yoshihiro.shimoda.uh@renesas.com>
X-Mailer: git-send-email 2.7.4
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Since the role_store() uses strncmp(), it's possible to refer
out-of-memory if the sysfs data size is smaller than strlen("host").
This patch fixes it by using sysfs_streq() instead of strncmp().

Reported-by: Pavel Machek <pavel@denx.de>
Fixes: 9bb86777fb71 ("phy: rcar-gen3-usb2: add sysfs for usb role swap")
Cc: <stable@vger.kernel.org> # v4.10+
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
---
 Just a record. The role_store() doesn't need to check the count because
 the sysfs_streq() checks the first argument is NULL or not.

 On "if (sysfs_streq(buf, "host"))"
  Example 1: echo ho > role
  --> In this case, the count is 3 and the buf has "ho" + NULL.
      So, the third character differs between NULL and 's'.

  Example 2: echo host-is-not-used > role
  --> In this case, the count is 17 and the buf has "host-is-not-used" + NULL.
      So, the fifth character differs between '-' and NULL.

 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c
index 1322185..cc18970 100644
--- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c
+++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c
@@ -20,6 +20,7 @@
 #include <linux/platform_device.h>
 #include <linux/pm_runtime.h>
 #include <linux/regulator/consumer.h>
+#include <linux/string.h>
 #include <linux/usb/of.h>
 #include <linux/workqueue.h>
 
@@ -317,9 +318,9 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr,
 	if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch))
 		return -EIO;
 
-	if (!strncmp(buf, "host", strlen("host")))
+	if (sysfs_streq(buf, "host"))
 		new_mode = PHY_MODE_USB_HOST;
-	else if (!strncmp(buf, "peripheral", strlen("peripheral")))
+	else if (sysfs_streq(buf, "peripheral"))
 		new_mode = PHY_MODE_USB_DEVICE;
 	else
 		return -EINVAL;
-- 
2.7.4