korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-17 09:14:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
cc7a0bb058
linux/drivers/pci
History
Tyrel Datwyler cc7a0bb058 PCI: rpadlpar: Fix potential drc_name corruption in store functions 
Both add_slot_store() and remove_slot_store() try to fix up the
drc_name copied from the store buffer by placing a NUL terminator at
nbyte + 1 or in place of a '\n' if present. However, the static buffer
that we copy the drc_name data into is not zeroed and can contain
anything past the n-th byte.

This is problematic if a '\n' byte appears in that buffer after nbytes
and the string copied into the store buffer was not NUL terminated to
start with as the strchr() search for a '\n' byte will mark this
incorrectly as the end of the drc_name string resulting in a drc_name
string that contains garbage data after the n-th byte.

Additionally it will cause us to overwrite that '\n' byte on the stack
with NUL, potentially corrupting data on the stack.

The following debugging shows an example of the drmgr utility writing
"PHB 4543" to the add_slot sysfs attribute, but add_slot_store()
logging a corrupted string value.

  drmgr: drmgr: -c phb -a -s PHB 4543 -d 1
  add_slot_store: drc_name = PHB 4543°|<82>!, rc = -19

Fix this by using strscpy() instead of memcpy() to ensure the string
is NUL terminated when copied into the static drc_name buffer.
Further, since the string is now NUL terminated the code only needs to
change '\n' to '\0' when present.

Cc: stable@vger.kernel.org
Signed-off-by: Tyrel Datwyler <tyreld@linux.ibm.com>
[mpe: Reformat change log and add mention of possible stack corruption]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210315214821.452959-1-tyreld@linux.ibm.com
2021-03-17 13:48:07 +11:00
..
controller pci-v5.12-changes 2021-02-25 09:56:08 -08:00
endpoint PCI: endpoint: Add EP function driver to provide NTB functionality 2021-02-23 14:12:28 -06:00
hotplug PCI: rpadlpar: Fix potential drc_name corruption in store functions 2021-03-17 13:48:07 +11:00
pcie pci-v5.12-changes 2021-02-25 09:56:08 -08:00
switch PCI: switchtec: Add missing __iomem tag to fix sparse warnings 2020-07-31 11:23:45 -05:00
access.c Merge branch 'pci/misc' 2020-08-05 18:24:16 -05:00
ats.c Merge branch 'pci/doc' 2020-08-05 18:24:22 -05:00
bus.c PCI: Add device even if driver attach failed 2020-07-07 17:33:41 -05:00
ecam.c PCI: Unify ECAM constants in native PCI Express drivers 2020-12-10 14:55:49 -06:00
host-bridge.c
iov.c PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY 2020-09-21 14:42:11 -06:00
irq.c PCI: Remove unused pci_lost_interrupt() 2020-07-29 14:25:18 -05:00
Kconfig pci-v5.10-changes 2020-10-22 12:41:00 -07:00
Makefile PCI: Apply CONFIG_PCI_DEBUG to entire drivers/pci hierarchy 2021-02-09 15:10:20 -06:00
mmap.c
msi.c PCI/MSI: Set device flag indicating only 32-bit MSI support 2020-12-04 12:17:04 -06:00
of.c PCI: of: Warn if non-prefetchable memory aperture size is > 32-bit 2020-11-18 16:16:38 +00:00
p2pdma.c RDMA 5.11 pull request 2020-12-16 13:42:26 -08:00
pci-acpi.c pci-v5.11-changes 2020-12-15 16:49:59 -08:00
pci-bridge-emul.c PCI: pci-bridge-emul: Fix array overruns, improve safety 2021-02-17 17:25:31 -06:00
pci-bridge-emul.h PCI: pci-bridge-emul: Fix big-endian support 2019-10-17 12:42:48 +01:00
pci-driver.c Merge branch 'pci/misc' 2020-12-15 15:11:08 -06:00
pci-label.c PCI: Replace http:// links with https:// 2020-06-30 13:05:09 -05:00
pci-mid.c PCI: intel-mid: Convert to new X86 CPU match macros 2020-03-24 21:35:06 +01:00
pci-pf-stub.c PCI/IOV: Simplify pci-pf-stub with module_pci_driver() 2020-09-17 12:40:20 -05:00
pci-stub.c
pci-sysfs.c PCI: Revoke mappings like devmem 2021-02-11 15:59:19 +01:00
pci.c pci-v5.12-changes 2021-02-25 09:56:08 -08:00
pci.h drm pull for 5.12-rc1 2021-02-21 14:44:44 -08:00
probe.c Merge branch 'pci/msi' 2020-12-15 15:11:08 -06:00
proc.c PCI: Revoke mappings like devmem 2021-02-11 15:59:19 +01:00
quirks.c Merge branch 'remotes/lorenzo/pci/dwc' 2020-12-15 15:11:11 -06:00
remove.c PCI: Fix pci_host_bridge struct device release/free handling 2020-05-14 16:36:35 -05:00
rom.c PCI: Use ioremap(), not phys_to_virt() for platform ROM 2020-03-30 09:52:23 -05:00
search.c PCI: Remove WARN_ON(in_interrupt()) 2021-02-10 16:46:29 -06:00
setup-bus.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
setup-irq.c
setup-res.c PCI: Decline to resize resources if boot config must be preserved 2021-01-12 16:39:52 -06:00
slot.c Merge branch 'pci/misc' 2020-12-15 15:11:08 -06:00
syscall.c PCI: Align checking of syscall user config accessors 2021-01-27 10:41:59 -06:00
vc.c PCI: Fix kerneldoc warnings 2020-08-05 18:23:14 -05:00
vpd.c
xen-pcifront.c dma-mapping: split <linux/dma-mapping.h> 2020-10-06 07:07:03 +02:00