1. Patchew
  2. linux
  3. View series

[PATCH] accel/ivpu: prevent uninitialized data bug in debugfs

Dan Carpenter posted 1 patch 2 weeks ago 
drivers/accel/ivpu/ivpu_debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] accel/ivpu: prevent uninitialized data bug in debugfs
Posted by Dan Carpenter 2 weeks ago 
The simple_write_to_buffer() will only initialize data starting from
the *pos offset so if it's non-zero then the first part of the buffer
uninitialized.  Really, if *pos is non-zero then this code won't work
so just check for that at the start of the function.

Fixes: 320323d2e545 ("accel/ivpu: Add debugfs interface for setting HWS priority bands")
Signed-off-by: Dan Carpenter <error27@gmail.com>
---
 drivers/accel/ivpu/ivpu_debugfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/accel/ivpu/ivpu_debugfs.c b/drivers/accel/ivpu/ivpu_debugfs.c
index 189dbe94cf14..dc20bc73c6ed 100644
--- a/drivers/accel/ivpu/ivpu_debugfs.c
+++ b/drivers/accel/ivpu/ivpu_debugfs.c
@@ -450,7 +450,7 @@ priority_bands_fops_write(struct file *file, const char __user *user_buf, size_t
 	u32 band;
 	int ret;
 
-	if (size >= sizeof(buf))
+	if (*pos != 0 || size >= sizeof(buf))
 		return -EINVAL;
 
 	ret = simple_write_to_buffer(buf, sizeof(buf) - 1, pos, user_buf, size);
-- 
2.53.0
Re: [PATCH] accel/ivpu: prevent uninitialized data bug in debugfs
Posted by Wachowski, Karol 2 weeks ago 
On 25-May-26 9:14, Dan Carpenter wrote:
> The simple_write_to_buffer() will only initialize data starting from
> the *pos offset so if it's non-zero then the first part of the buffer
> uninitialized.  Really, if *pos is non-zero then this code won't work
> so just check for that at the start of the function.
> 
> Fixes: 320323d2e545 ("accel/ivpu: Add debugfs interface for setting HWS priority bands")
> Signed-off-by: Dan Carpenter <error27@gmail.com>
> ---
>   drivers/accel/ivpu/ivpu_debugfs.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/accel/ivpu/ivpu_debugfs.c b/drivers/accel/ivpu/ivpu_debugfs.c
> index 189dbe94cf14..dc20bc73c6ed 100644
> --- a/drivers/accel/ivpu/ivpu_debugfs.c
> +++ b/drivers/accel/ivpu/ivpu_debugfs.c
> @@ -450,7 +450,7 @@ priority_bands_fops_write(struct file *file, const char __user *user_buf, size_t
>   	u32 band;
>   	int ret;
>   
> -	if (size >= sizeof(buf))
> +	if (*pos != 0 || size >= sizeof(buf))
>   		return -EINVAL;
>   
>   	ret = simple_write_to_buffer(buf, sizeof(buf) - 1, pos, user_buf, size);

Thanks for submission.

Reviewed-by: Karol Wachowski <karol.wachowski@linux.intel.com>
Re: [PATCH] accel/ivpu: prevent uninitialized data bug in debugfs
Posted by Wachowski, Karol 1 week, 6 days ago 
On 25-May-26 9:25, Wachowski, Karol wrote:
> On 25-May-26 9:14, Dan Carpenter wrote:
>> The simple_write_to_buffer() will only initialize data starting from
>> the *pos offset so if it's non-zero then the first part of the buffer
>> uninitialized.  Really, if *pos is non-zero then this code won't work
>> so just check for that at the start of the function.
>>
>> Fixes: 320323d2e545 ("accel/ivpu: Add debugfs interface for setting 
>> HWS priority bands")
>> Signed-off-by: Dan Carpenter <error27@gmail.com>
>> ---
>>   drivers/accel/ivpu/ivpu_debugfs.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/accel/ivpu/ivpu_debugfs.c b/drivers/accel/ivpu/ 
>> ivpu_debugfs.c
>> index 189dbe94cf14..dc20bc73c6ed 100644
>> --- a/drivers/accel/ivpu/ivpu_debugfs.c
>> +++ b/drivers/accel/ivpu/ivpu_debugfs.c
>> @@ -450,7 +450,7 @@ priority_bands_fops_write(struct file *file, const 
>> char __user *user_buf, size_t
>>       u32 band;
>>       int ret;
>> -    if (size >= sizeof(buf))
>> +    if (*pos != 0 || size >= sizeof(buf))
>>           return -EINVAL;
>>       ret = simple_write_to_buffer(buf, sizeof(buf) - 1, pos, 
>> user_buf, size);
> 
> Thanks for submission.
> 
> Reviewed-by: Karol Wachowski <karol.wachowski@linux.intel.com>

Applied to drm-misc-fixes.

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.