Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp538096pxf; Wed, 17 Mar 2021 10:03:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy4nujNirik8ISJ1chz2psnxr6QShofSqqh3LboffpMc87uem4HM0zpY/iXtJuLX6Z8KHNT X-Received: by 2002:adf:84e6:: with SMTP id 93mr5162277wrg.376.1616000596149; Wed, 17 Mar 2021 10:03:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616000596; cv=none; d=google.com; s=arc-20160816; b=huPSXqCFh84D2mifT/ynjHvAHHjQ0QETwCoxiby7TNrdh3ty3caWZzSDGZ8N/M7PUi CytBQOMkpHowFIuhfKEZsDPCoaus90c/tpKTkAJkmkrlFIlRYaw6mCOJk6AoqL0S44lk 13rovFbopRa899CAKX9rwTqsCw3J59cHahzDFTUKBccCXqmpLcVozuRPiZXovzKKjpQ6 B8BS3hTOKHGRJhLJcQBLXIL8v5TTTRQ0nX79J0tpzDHXNRcWt/96HJ/mzCZ5XdrjjRiT EYe7vRn+XCJYeaIAIgR5m9bAaXBVO3qr0dJ314uqI9po0xcdKE6LIZO4o4Il6RokFN46 xeKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version:date :message-id:subject:references:in-reply-to:cc:to:from; bh=GuKnjqfnAs+Ve9SmTZ417qIDf+y5sgpZ9gAvlcQmHDs=; b=ORXvwwRt2t38pM7ZbRaMiC24Bo5tzQhIPHI2tYKDn/OYsMXNFYpWuuzHviJ01o+91+ qoxZZ+DGm37J5vWg3Pd69OxVczjkFNnBbNCHpObH0j6EL6hJPUUSnELL2e4lr6QFyCrL 47c8mhFQpwyOqhCD6KOWY5TO9g0WwRqu7bfnJZ6irJfIbQ/W6GetcbDcwEh3h9aoeyjg Ez24PK5k+FuzMR2IG8RFpKpWQWhQKiiz9Pa3COeJJbZaU3+VVjwHmj9VsOMm5YQecpj1 ATsvVMRDLe3/HgJQ3mlQFg9hHcSbp+ogYJ0/VWxi5B3ZOw3cHyZ7ceEy66kzIGzF1azG xXpQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v5si17232914edc.166.2021.03.17.10.02.42; Wed, 17 Mar 2021 10:03:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229681AbhCQMY0 (ORCPT + 99 others); Wed, 17 Mar 2021 08:24:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56240 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229643AbhCQMYE (ORCPT ); Wed, 17 Mar 2021 08:24:04 -0400 Received: from ozlabs.org (ozlabs.org [IPv6:2401:3900:2:1::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2154EC06174A; Wed, 17 Mar 2021 05:24:04 -0700 (PDT) Received: by ozlabs.org (Postfix, from userid 1034) id 4F0q8H4Kc9z9sWP; Wed, 17 Mar 2021 23:23:59 +1100 (AEDT) From: Michael Ellerman To: Tyrel Datwyler , bhelgaas@google.com Cc: linuxppc-dev@lists.ozlabs.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20210315214821.452959-1-tyreld@linux.ibm.com> References: <20210315214821.452959-1-tyreld@linux.ibm.com> Subject: Re: [PATCH v2] rpadlpar: fix potential drc_name corruption in store functions Message-Id: <161598380341.805135.1994223786629407257.b4-ty@ellerman.id.au> Date: Wed, 17 Mar 2021 23:23:23 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 15 Mar 2021 15:48:21 -0600, Tyrel Datwyler wrote: > Both add_slot_store() and remove_slot_store() try to fix up the drc_name > copied from the store buffer by placing a NULL terminator at nbyte + 1 > or in place of a '\n' if present. However, the static buffer that we > copy the drc_name data into is not zeored and can contain anything past > the n-th byte. This is problematic if a '\n' byte appears in that buffer > after nbytes and the string copied into the store buffer was not NULL > terminated to start with as the strchr() search for a '\n' byte will mark > this incorrectly as the end of the drc_name string resulting in a drc_name > string that contains garbage data after the n-th byte. The following > debugging shows an example of the drmgr utility writing "PHB 4543" to > the add_slot sysfs attribute, but add_slot_store logging a corrupted > string value. > > [...] Applied to powerpc/fixes. [1/1] rpadlpar: fix potential drc_name corruption in store functions https://git.kernel.org/powerpc/c/cc7a0bb058b85ea03db87169c60c7cfdd5d34678 cheers