EDAC: Fix sysfs dimm_label store operation

Sysfs "dimm_label" and "chX_dimm_label" nodes have the following issues
in their store operation:

 1) A newline-terminated input string causes redundant newlines:

  # echo "test" > /sys/bus/mc0/devices/dimm0/dimm_label
  # cat  /sys/bus/mc0/devices/dimm0/dimm_label
  test

  #  od -bc /sys/bus/mc0/devices/dimm0/dimm_label
  0000000 164 145 163 164 012 012
            t   e   s   t  \n  \n
  0000006

 2) The original label string (31 characters) cannot be stored due to
    an improper size check:

  # echo "CPU_SrcID#0_Ha#0_Chan#0_DIMM#0" > /sys/bus/mc0/devices/dimm0/dimm_label
  # cat /sys/bus/mc0/devices/dimm0/dimm_label

  # od -bc /sys/bus/mc0/devices/dimm0/dimm_label
   0000000 012 012
            \n  \n
   0000002

 3) An input string longer than the buffer size results a wrong label
    info as it allows a retry with the remaining string:

  # echo "CPU_SrcID#0_Ha#0_Chan#0_DIMM#0_TEST" > /sys/bus/mc0/devices/dimm0/dimm_label
  # cat  /sys/bus/mc0/devices/dimm0/dimm_label
  _TEST

Fix these issues by making the following changes:
 1) Replace a newline character at the end by setting a null. It also
    assures that the string is null-terminated in the label buffer.
 2) Check the label buffer size with 'sizeof(dimm->label)'.
 3) Fail a request if its string exceeds the label buffer size.

Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Acked-by: Tony Luck <tony.luck@intel.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Cc: Robert Elliott <elliott@hpe.com>
Link: http://lkml.kernel.org/r/1443121564.25474.160.camel@hpe.com
Signed-off-by: Borislav Petkov <bp@suse.de>

diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
index 7d1b31bc6555d0d4d78df510956486c0309349ea..bf6b6802105c2c336d126adcc941180f79b9a0c4 100644 (file)
--- a/drivers/edac/edac_mc_sysfs.c
+++ b/drivers/edac/edac_mc_sysfs.c
@@ -240,14 +240,21 @@ static ssize_t channel_dimm_label_store(struct device *dev,
        struct csrow_info *csrow = to_csrow(dev);
        unsigned chan = to_channel(mattr);
        struct rank_info *rank = csrow->channels[chan];
+       size_t copy_count = count;
 
-       ssize_t max_size = 0;
+       if (count == 0)
+               return -EINVAL;
+
+       if (data[count - 1] == '\0' || data[count - 1] == '\n')
+               copy_count -= 1;
 
-       max_size = min((ssize_t) count, (ssize_t) EDAC_MC_LABEL_LEN - 1);
-       strncpy(rank->dimm->label, data, max_size);
-       rank->dimm->label[max_size] = '\0';
+       if (copy_count >= sizeof(rank->dimm->label))
+               return -EINVAL;
 
-       return max_size;
+       strncpy(rank->dimm->label, data, copy_count);
+       rank->dimm->label[copy_count] = '\0';
+
+       return count;
 }
 
 /* show function for dynamic chX_ce_count attribute */
@@ -494,14 +501,21 @@ static ssize_t dimmdev_label_store(struct device *dev,
                                   size_t count)
 {
        struct dimm_info *dimm = to_dimm(dev);
+       size_t copy_count = count;
 
-       ssize_t max_size = 0;
+       if (count == 0)
+               return -EINVAL;
+
+       if (data[count - 1] == '\0' || data[count - 1] == '\n')
+               copy_count -= 1;
 
-       max_size = min((ssize_t) count, (ssize_t) EDAC_MC_LABEL_LEN - 1);
-       strncpy(dimm->label, data, max_size);
-       dimm->label[max_size] = '\0';
+       if (copy_count >= sizeof(dimm->label))
+               return -EINVAL;
 
-       return max_size;
+       strncpy(dimm->label, data, copy_count);
+       dimm->label[copy_count] = '\0';
+
+       return count;
 }
 
 static ssize_t dimmdev_size_show(struct device *dev,