From nobody Mon Jun 15 00:22:33 2026 Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 273CD39B49C for ; Tue, 7 Apr 2026 09:20:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=209.85.208.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775553655; cv=pass; b=ZqqueK04ErwgaMlueXZrRcettC74fkXZ8o+eOV+jETuHAIpp9WpqNxs0DQ9Y8QEo1Lhtj9yALq2CrpbMgumORGym03jcgTWeIjCmYOluiTCunDd0oTUNILfvuLOSMn7vwUCbWQ82xfebc/HXp0Sl4xEPffPb1750WdXwCchMOzo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775553655; c=relaxed/simple; bh=Z6zoDd1TdRAWV/RFl1T6g1/3lSdNgV2wjs38eEh51mU=; h=MIME-Version:From:Date:Message-ID:Subject:To:Cc:Content-Type; b=IO2dJjLazEWN7BiDp2CVUsk0Yh+uZdsquOJagWS5R9pCCpGIC7p6m+h1Nr5t2T02lWqpEghbeF0qdl2C7CdKb5+/462CMt9zBb2YoYxuELccDnuaWpy8hzJHYGKVPJ2sLjFuG3FzCGuRrGJng9etp8tGCqJTIzcEA+IYN+d0UgU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XCeZvqSO; arc=pass smtp.client-ip=209.85.208.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XCeZvqSO" Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-66d65646c65so5760233a12.1 for ; Tue, 07 Apr 2026 02:20:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1775553650; cv=none; d=google.com; s=arc-20240605; b=DDzPUTRD4Z+8YyZvABgrx7owtQToSFH/x1hrW0Y+Kk1dphzXu3kty4P8SPcVTZtO1N Dh6SAolgo7odj8IrnKIYHKZe2XInHBWJ8SKxCy5aph2nCMZ5YlK0AfM8brMT/J5EIhiS 1cNdZiNsjTy84jn668unh7i8gYXk9+8eUu/cG7QNaFWDIMZd3IHm9V4Y7l9k8AYIHr2q /7Nd0+74mb70BKUdizmRpCAVOzEInLhD1Nwp0Mf5anxZSGdQpvK8h9lT9jtBy59J0PVf +nFtiHB3f296fe/K00iCx5x2lHmXs4UTVWpOhblfsmlkXBCc0Q/9isjvH8e9RB/UVpsk G2tA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:mime-version:dkim-signature; bh=Gsz6VDxb1QXOP0+Jlsbv2rsNiiK+1BZLFBvCwZymreE=; fh=Gc+YRCMmk4v5THxqMqxq01k2a+BrqmqkLEtemgFDUIs=; b=i3O+JIn6DYwc0u4o3JCCLibXW6Nqr2J1tidVomqLlCOU9NHSihWm9gkZPdzQ7h1i1D WfVb7jMPXRTDThPTwub7uO+BOEAlkNjm6qznOBirpD5K860vxbOcNk4w01fGZRQscwBw T2i4EJrNLYFN6WOTpvh5W41U7s60HxZXuMi8h2r5+KlLqX4mc+1mmdRSnxnw153Dt+mE WauqMHOup9TyyMHnGebEKMOqk7q8todS0+hYNmSSXtUAOr13mGtrstDFsRuLplZe1jyk RWYsnWaGfo0OImORcmoxLOfpNAvh6PzhuXKHjAAAHQ8iQWJguwD8zYwXs1n3PgEjXhfl 1DyQ==; darn=vger.kernel.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775553650; x=1776158450; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Gsz6VDxb1QXOP0+Jlsbv2rsNiiK+1BZLFBvCwZymreE=; b=XCeZvqSOyc5RIEQHXwPIS//ViQdl9K+PH9pDeHofQotYVL9j54lTM8vLokJJxQT1HI fio6IbgUF++94YozUnllnlEwZa6ah8DPmCs5TeVwq9lBBgC3NxCitWg+8UwxczsvCSUU GDPA7inycp4tJ6zn3fO32Kckp4I18jFVmUm5r4IBUbXXvPUl6kNTRWDDcoK+Ne2nbYx8 EgKdTaPhAQ659se4K04Xcq7oCPHF1nTaD4GHFdj6R1+BxRTX1DlNQOl0q5+ijPDd17c1 Numr7Vw9AM8S3xIh3hcFtDStioDVbXZjxET4iiSQa1KUCRQ5K9G5n3G8wkmgovIO4ie3 LYDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775553650; x=1776158450; h=cc:to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Gsz6VDxb1QXOP0+Jlsbv2rsNiiK+1BZLFBvCwZymreE=; b=VjDII9zxEjiJLE2B1BLVVAT6QOKVFv2NP2FDSaWwx9KVDrF3AgZoEiDxh/+cVEVYc4 WGL79nQGkg+epgOH1yzcYnVD3EaiLiDb9gxjVGNLuCZTgE+LUGqGkV1rfW0BV+DhOZke 9ZOqq9J6IyaRFzpUa60zwSRBCuruHMFYCq7Fdwwq4mBZk0alX80Vh/+SWdkAHDFeOMuW c1PinB1/4xnTkHnG25+ifVS9hPn5R9qg88P0itGPqcSeQ6glbgN1edNMro/PxAhIL4Th sRYoIf//JePtvbU+MLzm36sA/hZ9szh7fQlNHkLW50grfsmQyF+XNrdb8nV+2R9P6jsL XZIQ== X-Forwarded-Encrypted: i=1; AJvYcCVnYpBVHR+Sh2TjQFSq7cdQn7SdczAy792o5hhe5gHRWA+kImj1a+ShM8mMWHcic/xygraCBgOUqWRcvK4=@vger.kernel.org X-Gm-Message-State: AOJu0Yxl6M9m0Zel3slcrh9c1++vq7s0BtTDzMGL+VGlluGCg9dQU/L4 cYajj0c5H7cSxtKYZgdzUuRiOqacALGrSuH01hfajCuJjytHIHfmlRDWr+ilgylgp73pJW0ZeMY Z9/JEeZZqXLbK70RJP5jUNVX15mt1BQXH0A== X-Gm-Gg: AeBDiesSi13yVzPayMc7Mq8yUbRGYj1dfGEde6Q+zGCi7ZjQZNc21wFfBE33ztO0dWS b9bX6a1dcYot01OposkGaF3RarzoYfnZUJjYmSQUOMXZvsT9K/gH3cfrUM9fLiB1WyaF3mC14Z0 2yoXv/xa6PdUFGkRhv7wJt1hM9vQ8OmwWxmnxgBkW9kEAmDuH0g/qCZL7vR5Q/O2b/OYXiC4uBF eHvGsHeOS6eZB3OS/GyESw8pa5R4GzD7BBLbrweU4JU8MXi3bnsHT0p7rSZkCK8LfvKKNBH8hRW oIr0mKFAV5hjAakVyX1e45JOuA+MJLTc04wXYd/jAAhrPplPXu4hid/pzDCGyz8c9RWBtzm7Qw= = X-Received: by 2002:aa7:c48c:0:b0:66b:d0c4:ee95 with SMTP id 4fb4d7f45d1cf-66e079c6d16mr5745229a12.0.1775553650297; Tue, 07 Apr 2026 02:20:50 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Kai Zen Date: Tue, 7 Apr 2026 12:20:22 +0300 X-Gm-Features: AQROBzBZIjM7dG_3BSGmBww-JXZU6eSsI8uj9TGehcSl5jqbqd8CpeL3KKgMlR8 Message-ID: Subject: [PATCH] RDMA/ionic: bound node_desc sysfs read with %.64s To: Abhijit Gangurde , Allen Hubbe Cc: linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" node_desc[64] in struct ib_device is not guaranteed to be NUL- terminated. The core IB sysfs handler uses "%.64s" for exactly this reason (drivers/infiniband/core/sysfs.c:1307), since node_desc_store() performs a raw memcpy of up to IB_DEVICE_NODE_DESC_MAX bytes with no NUL termination: memcpy(desc.node_desc, buf, min_t(int, count, IB_DEVICE_NODE_DESC_MAX)); If exactly 64 bytes are written via the node_desc sysfs file, the array contains no NUL byte. The ionic hca_type_show() handler uses unbounded "%s" and will read past the end of node_desc into adjacent fields of struct ib_device until it encounters a NUL. Match the core handler and bound the format specifier. Verified against torvalds/linux.git master at bfe62a45. Signed-off-by: Kai Aizen --- drivers/infiniband/hw/ionic/ionic_ibdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/ionic/ionic_ibdev.c b/drivers/infiniband/hw/ionic/ionic_ibdev.c --- a/drivers/infiniband/hw/ionic/ionic_ibdev.c +++ b/drivers/infiniband/hw/ionic/ionic_ibdev.c @@ -185,7 +185,7 @@ static ssize_t hca_type_show(struct device *device, struct ionic_ibdev *dev =3D rdma_device_to_drv_device(device, struct ionic_ibdev, ibdev= ); - return sysfs_emit(buf, "%s\n", dev->ibdev.node_desc); + return sysfs_emit(buf, "%.64s\n", dev->ibdev.node_desc); } static DEVICE_ATTR_RO(hca_type); -- 2.43.0