Commit 71d46f1f authored Jul 08, 2022 by Dan Carpenter Committed by Greg Kroah-Hartman Jul 14, 2022

eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write()



The simple_write_to_buffer() function will return positive/success if it
is able to write a single byte anywhere within the buffer.  However that
potentially leaves a lot of the buffer uninitialized.

In this code it's better to return 0 if the offset is non-zero.  This
code is not written to support partial writes.  And then return -EFAULT
if the buffer is not completely initialized.

Fixes: cfad6425 ("eeprom: Add IDT 89HPESx EEPROM/CSR driver")
Reviewed-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/Ysg1Pu/nzSMe3r1q@kili


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 2a3c8f8a

drivers/misc/eeprom/idt_89hpesx.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -909,14 +909,18 @@ static ssize_t idt_dbgfs_csr_write(struct file filep, const char __user ubuf,
		u32 csraddr, csrval;
		char *buf;

		if (*offp)
		return 0;

		/* Copy data from User-space */
		buf = kmalloc(count + 1, GFP_KERNEL);
		if (!buf)
		return -ENOMEM;

		ret = simple_write_to_buffer(buf, count, offp, ubuf, count);
		if (ret < 0)
		if (copy_from_user(buf, ubuf, count)) {
		ret = -EFAULT;
		goto free_buf;
		}
		buf[count] = 0;

		/* Find position of colon in the buffer */