Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp88538rdh; Tue, 13 Feb 2024 10:10:05 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCV6a4eaYq57poLt+NBuheFXUuf04mHvI7beFrCURAiOYefFR26eXSO2H0JxnJIoRAFyiclMWoJbts6IZGgpElq56Uakc8qvwtzy7TRMbg== X-Google-Smtp-Source: AGHT+IGslTYwJ8j1HuKu5rGMm0iMEet+rnbi5ppMGMuFOP2cd23rjTMgU4lkV2riZBpYe7GTAAgy X-Received: by 2002:a05:6402:2037:b0:560:e4d8:ccca with SMTP id ay23-20020a056402203700b00560e4d8cccamr369548edb.28.1707847805507; Tue, 13 Feb 2024 10:10:05 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707847805; cv=pass; d=google.com; s=arc-20160816; b=croVU4iK4KkB0wATkHAQLqAS3fYq0N0eI97tYd+GV7Ky/jBNA7BZ85zM6xQRogTI/5 qZ3/UmpOo0lO4l2lrRflFtPsYx9hmhuCDpU1B4xNdtSIWcHOdwNDY9ubCjNIGLhfdkzv fOfY+AiJWQUyi/3M0rB4D5qNwq0rC2Skd/d/JkIoMikk4MbcFxXHlwnXTeEP06GfFNVa z0OjR6OCgORQCWiWTfOPwCyX0Hz3mtlkGHzO1NygDlgQ2K1PBe66KZukYbFm8oYHWfJU 6ra3DLug5A5wt0cYVFsE4kAROlPdPYQclXnWrEN0my44yZIY9EBE+uJ8BHyJZK5FW9Ye TnPg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-disposition:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:message-id:subject:cc:to:from:date :dkim-signature; bh=33nfQ6E2IZzcs7Pxb0qMF/g8B61uICxiGHNN3IFmu48=; fh=QHx1kTNYhehK2MBsJnF3kIEOy7MLHNPVsW9cip0qxzU=; b=Ajemhg0DILxMmbVddKRx8gQFrNkVumwRVhU06j8vCbvJfs0pVeJ6zkSz+uwNJTQvvm HLbZACRClVcihRNNzqTg0poDX9ktXHIl14yIhh2nFnKIaJrzxLn18iA6Nqn8raocgZCS jH/ZcGcNDI9t4ens2JZhdXRtywpJ3onl2WFXyBlDNtI/CB6EgHvYp7fY/zA9xzJ8YcS9 M7lkNcgHm++Cpl0NbJbgidn8bTgtYiSVtqrBB3E2x0PbWjNAlSSNp8m+ZIahXJZXX8j0 lUVqQZaNT9y5R2NxXIhYWns4Wfy3o7QyFtUSBPd1th+LRHhqswjTYHZMnlR3DHLT0SI1 vlqQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jEr8eJOH; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-crypto+bounces-2041-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2041-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org X-Forwarded-Encrypted: i=2; AJvYcCUVm6uSCT/VJvfcz/x10Jh1oSM/ecsYPFAp6QHzljs1MV/h29GuuS0C2O8GxbtHlVmaobU4LffWMivMbJAw/79Wa5H4L54aF5ehm8pa7Q== Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id j15-20020aa7c40f000000b00561d282a9b4si1536074edq.584.2024.02.13.10.10.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 10:10:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-2041-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jEr8eJOH; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-crypto+bounces-2041-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2041-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 469AF1F243AD for ; Tue, 13 Feb 2024 18:10:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D5B05605B2; Tue, 13 Feb 2024 18:09:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="jEr8eJOH" X-Original-To: linux-crypto@vger.kernel.org Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E372A605AC for ; Tue, 13 Feb 2024 18:09:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.54 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707847788; cv=none; b=Ucn0MBIWxADNIltZtYOPK6YEiQJWbxRVEM48c6SDyPCw7vT7WIqg2u3NmYq8iMUv8v1Z3+NhZEyuvAqk9Hpkclx80sfN2HbT1B8gbl3/bQ3uXvHdjF0t2ZJHuyUYsyqGAAH9JRi/7l39XFz7euRKLtfLqLVJvybiWIR1wugf7LA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707847788; c=relaxed/simple; bh=4ul5Tw3COSLN/gf7enKgp1nS0J788ARuuwxLOzxXNKg=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=mTKGc6Ax8Xi8xfgUwEPcjTb5HsUtTOH4Uj9qDVZ+INEUwjVaSLr9QvyeBQNkI8kXFNBY/aqKVZ/uFZLnbktWJVVN9Cf3pf+uyw0LqYqFPg6oJJM6JaBMyjCLcE6daCtyU5tTPyyl3KAUuaq5YM/qJpZRD3TgbsyoWrY+ddvi2V4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=jEr8eJOH; arc=none smtp.client-ip=209.85.218.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-a3c1a6c10bbso397446266b.3 for ; Tue, 13 Feb 2024 10:09:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1707847785; x=1708452585; darn=vger.kernel.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=33nfQ6E2IZzcs7Pxb0qMF/g8B61uICxiGHNN3IFmu48=; b=jEr8eJOHGPuv9ePsH2/x1K6QMulDrlHaVaqW+3OEwXzZncth6plYvGdNfQktzOiqgQ 5rdJGqQBl6WOuvnA130CWQAafxRvJdo4DrtZAcwe5o0gMHvcHqK/5YzvtEuCEXkT3f4W bUWQnAdVsZ0ew/psMP38XxJkyHSMrM5YZ1K0kjhPSkPGi4jxAfqfIBaFwMAGQf8UQCNz 585gcgJMByrkRh5NfIchzhle9vvwS7UNzchOsnznUALV/7D2YSHPvadLg4ApXoGC8LgE I4e/4i2DQbQ2AVvPjvP9wgwOhMnQET7/Nsl33EGZpIigD8Zw1vcKhD975S9UqhgqyJxe tRAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707847785; x=1708452585; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=33nfQ6E2IZzcs7Pxb0qMF/g8B61uICxiGHNN3IFmu48=; b=K0ejHdo5V58hoD/d2F9okopVjj8N9Nd+9ypu06+G5xBWmaw7uhr36DksIMG1VHfyWK N9PhfLVU6WKAekU81smvluo7WVx3lTNlHW6k/a271t2TysgCNVtEICfsMTOElPMvpv68 dyL8A17BFsiYSqgQPwk84H3fNduPenuX46KRkutZKYqs0A7UoP1ajK+2mBZh0ulAwRti 9aAgFI5zs1KhsxvqgM7XC++B1GZTMiI6rGZWT50xnlWVy/SlxipXvegAv2OCzCeBvlYu MpO5XHEnUKGUp7/UwZPNUXdOR2Rde4U9OBzPF5VXriOU5SM+6o6/6TqS+vZ7XI8fMO48 UTGA== X-Forwarded-Encrypted: i=1; AJvYcCVAPukZZ84tfaoYLb1NOwfN+XYOafW+pL4G1ak5G/3wy538iwYRBiVNVU5b2jSxcbpdTdJph0mEBhYY62vr4YDhUpldGrYvFj02hcfP X-Gm-Message-State: AOJu0YyZkPykx9hjI3C5xzQPvuBnwO6jBX4UoPtoBgbFCrLX5w+kx2+E VBsgBn7qM4jqNHinhd96CAltDiM8nYnPUGKaZttg+tQV2cd9xSs1rS/T9CsxaDE= X-Received: by 2002:a17:906:f9c9:b0:a3c:f71e:215c with SMTP id lj9-20020a170906f9c900b00a3cf71e215cmr94770ejb.19.1707847785142; Tue, 13 Feb 2024 10:09:45 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCXtvq2ePchqRVLeWfWRgjTIk0XHuXOVDZfnCNszJq0nbh4i9MvodQpq3+8ABQI2MxEcHkYz5Scv6UcH/V3N+y/xplTvs75cSdcIXhTHTMTtw27UVIi0YBCIkkYkaWgKQ0GQCgemeQCjQr6wOD/pUUBCfyJTh45toXbSxkECFAdQoj/zayjtgIqsV+LiOukPpn43nbhAMz1p4mHYHrOyvcVydnqgRcM3NhvOpgxMvbvgxaK/ecksL/FqjmsT3v3EBsUd8jZDUcKZ5xd+PgL4Q7eJZcgFRfWJCd7I1AWjL3UQ2luNhrHp9QO5YoQhez+mhpPq94YvzCM30QWAnTzOsoioMInxZMNSMNxeKuHbzNkMgBR2pk7mjDJ9nTxHYlWlsE5b0ZX9Atdv/XGAZT/TOt6C1QYan6Mg/+1/bo8pgXhb+ZTcjVk6LfK3qQ== Received: from localhost ([102.222.70.76]) by smtp.gmail.com with ESMTPSA id gl15-20020a170906e0cf00b00a367bdce1fcsm1520638ejb.64.2024.02.13.10.09.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 10:09:44 -0800 (PST) Date: Tue, 13 Feb 2024 21:09:41 +0300 From: Dan Carpenter To: Damian Muszynski Cc: Giovanni Cabiddu , Herbert Xu , "David S. Miller" , Lucas Segarra Fernandez , Tero Kristo , Dan Carpenter , Markas Rapoportas , qat-linux@intel.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH] crypto: qat - uninitialized variable in adf_hb_error_inject_write() Message-ID: <193d36b0-961a-4b66-b945-37988f157ebe@moroto.mountain> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Mailer: git-send-email haha only kidding There are a few issues in this code. If *ppos is non-zero then the first part of the buffer is not initialized. We never initialize the last character of the buffer. The return is not checked so it's possible that none of the buffer is initialized. This is debugfs code which is root only and the impact of these bugs is very small. However, it's still worth fixing. To fix this: 1) Check that *ppos is zero. 2) Use copy_from_user() instead of simple_write_to_buffer(). 3) Explicitly add a NUL terminator. Fixes: e2b67859ab6e ("crypto: qat - add heartbeat error simulator") Signed-off-by: Dan Carpenter --- .../crypto/intel/qat/qat_common/adf_heartbeat_dbgfs.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/intel/qat/qat_common/adf_heartbeat_dbgfs.c b/drivers/crypto/intel/qat/qat_common/adf_heartbeat_dbgfs.c index 5cd6c2d6f90a..cccdff24b48d 100644 --- a/drivers/crypto/intel/qat/qat_common/adf_heartbeat_dbgfs.c +++ b/drivers/crypto/intel/qat/qat_common/adf_heartbeat_dbgfs.c @@ -160,16 +160,17 @@ static ssize_t adf_hb_error_inject_write(struct file *file, size_t count, loff_t *ppos) { struct adf_accel_dev *accel_dev = file->private_data; - size_t written_chars; char buf[3]; int ret; /* last byte left as string termination */ - if (count != 2) + if (*ppos != 0 || count != 2) return -EINVAL; - written_chars = simple_write_to_buffer(buf, sizeof(buf) - 1, - ppos, user_buf, count); + if (copy_from_user(buf, user_buf, count)) + return -EFAULT; + buf[count] = '\0'; + if (buf[0] != '1') return -EINVAL; @@ -183,7 +184,7 @@ static ssize_t adf_hb_error_inject_write(struct file *file, dev_info(&GET_DEV(accel_dev), "Heartbeat error injection enabled\n"); - return written_chars; + return count; } static const struct file_operations adf_hb_error_inject_fops = { -- 2.43.0