Linux-NVME Archive on lore.kernel.org
 help / color / Atom feed
From: Christoph Hellwig <hch@infradead.org>
To: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Cc: linux-nvme@lists.infradead.org
Subject: Re: [PATCH] nvmet: check sscanf value for subsys serial attr
Date: Tue, 26 Nov 2019 08:50:11 -0800
Message-ID: <20191126165011.GC10487@infradead.org> (raw)
In-Reply-To: <20191121203142.537-1-chaitanya.kulkarni@wdc.com>

On Thu, Nov 21, 2019 at 12:31:42PM -0800, Chaitanya Kulkarni wrote:
> For nvmet in configfs.c we check return values for all the sscanf()
> calls. Add similar check into the nvmet_subsys_attr_serial_store().
> 
> Signed-off-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
> ---
>  drivers/nvme/target/configfs.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
> index 98613a45bd3b..cc1fd36bf71e 100644
> --- a/drivers/nvme/target/configfs.c
> +++ b/drivers/nvme/target/configfs.c
> @@ -853,12 +853,14 @@ static ssize_t nvmet_subsys_attr_serial_store(struct config_item *item,
>  					      const char *page, size_t count)
>  {
>  	struct nvmet_subsys *subsys = to_subsys(item);
> +	int ret = 0;
>  
>  	down_write(&nvmet_config_sem);
> -	sscanf(page, "%llx\n", &subsys->serial);
> +	if (sscanf(page, "%llx\n", &subsys->serial) != 1)
> +		ret = -EINVAL;
>  	up_write(&nvmet_config_sem);
>  
> -	return count;
> +	return ret ? ret : count;

So the problem is that we've already possible corrupted subsys->serial
when an error occurs.  So I think we need a local variable to sscan
in, return an error if that fails and only if it succeeds take the lock
and assign it to subsys->serial.

_______________________________________________
linux-nvme mailing list
linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

  reply index

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-21 20:31 Chaitanya Kulkarni
2019-11-26 16:50 ` Christoph Hellwig [this message]
2019-11-27  6:13   ` Chaitanya Kulkarni

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191126165011.GC10487@infradead.org \
    --to=hch@infradead.org \
    --cc=chaitanya.kulkarni@wdc.com \
    --cc=linux-nvme@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-NVME Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-nvme/0 linux-nvme/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-nvme linux-nvme/ https://lore.kernel.org/linux-nvme \
		linux-nvme@lists.infradead.org
	public-inbox-index linux-nvme

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.infradead.lists.linux-nvme


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git