eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write()
[ Upstream commit71d46f1ff2] The simple_write_to_buffer() function will return positive/success if it is able to write a single byte anywhere within the buffer. However that potentially leaves a lot of the buffer uninitialized. In this code it's better to return 0 if the offset is non-zero. This code is not written to support partial writes. And then return -EFAULT if the buffer is not completely initialized. Fixes:cfad642538("eeprom: Add IDT 89HPESx EEPROM/CSR driver") Reviewed-by: Serge Semin <fancer.lancer@gmail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/Ysg1Pu/nzSMe3r1q@kili Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Dan Carpenter
committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
parent
4ab5662cc3
commit
5bcc37dc24
@@ -940,14 +940,18 @@ static ssize_t idt_dbgfs_csr_write(struct file *filep, const char __user *ubuf,
|
|||||||
u32 csraddr, csrval;
|
u32 csraddr, csrval;
|
||||||
char *buf;
|
char *buf;
|
||||||
|
|
||||||
|
if (*offp)
|
||||||
|
return 0;
|
||||||
|
|
||||||
/* Copy data from User-space */
|
/* Copy data from User-space */
|
||||||
buf = kmalloc(count + 1, GFP_KERNEL);
|
buf = kmalloc(count + 1, GFP_KERNEL);
|
||||||
if (!buf)
|
if (!buf)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
ret = simple_write_to_buffer(buf, count, offp, ubuf, count);
|
if (copy_from_user(buf, ubuf, count)) {
|
||||||
if (ret < 0)
|
ret = -EFAULT;
|
||||||
goto free_buf;
|
goto free_buf;
|
||||||
|
}
|
||||||
buf[count] = 0;
|
buf[count] = 0;
|
||||||
|
|
||||||
/* Find position of colon in the buffer */
|
/* Find position of colon in the buffer */
|
||||||
|
|||||||
Reference in New Issue
Block a user