Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2f79136b authored by Bart Van Assche's avatar Bart Van Assche Committed by Jens Axboe
Browse files

bfq: Check kstrtoul() return value 



Make sysfs writes fail for invalid numbers instead of storing
uninitialized data copied from the stack. This patch removes
all uninitialized_var() occurrences from the BFQ source code.

Acked-by: default avatarPaolo Valente <paolo.valente@linaro.org>
Signed-off-by: default avatarBart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent dfb79af5

block/bfq-iosched.c

+37 −15
Original line number Original line Diff line number Diff line
@@ -4802,13 +4802,15 @@ static ssize_t bfq_var_show(unsigned int var, char *page) 
	return sprintf(page, "%u\n", var);

	return sprintf(page, "%u\n", var);

}

}





static void bfq_var_store(unsigned long *var, const char *page)

static int bfq_var_store(unsigned long *var, const char *page)

{

{

	unsigned long new_val;

	unsigned long new_val;

	int ret = kstrtoul(page, 10, &new_val);

	int ret = kstrtoul(page, 10, &new_val);





	if (ret == 0)

	if (ret)

		return ret;

	*var = new_val;

	*var = new_val;

	return 0;

}

}





#define SHOW_FUNCTION(__FUNC, __VAR, __CONV)				\

#define SHOW_FUNCTION(__FUNC, __VAR, __CONV)				\
@@ -4849,8 +4851,12 @@ static ssize_t \ 
__FUNC(struct elevator_queue *e, const char *page, size_t count)	\

__FUNC(struct elevator_queue *e, const char *page, size_t count)	\

{									\

{									\

	struct bfq_data *bfqd = e->elevator_data;			\

	struct bfq_data *bfqd = e->elevator_data;			\

	unsigned long uninitialized_var(__data);			\

	unsigned long __data;						\

	bfq_var_store(&__data, (page));					\

	int ret;							\

									\

	ret = bfq_var_store(&__data, (page));				\

	if (ret)							\

		return ret;						\

	if (__data < (MIN))						\

	if (__data < (MIN))						\

		__data = (MIN);						\

		__data = (MIN);						\

	else if (__data > (MAX))					\

	else if (__data > (MAX))					\
@@ -4877,8 +4883,12 @@ STORE_FUNCTION(bfq_slice_idle_store, &bfqd->bfq_slice_idle, 0, INT_MAX, 2); 
static ssize_t __FUNC(struct elevator_queue *e, const char *page, size_t count)\

static ssize_t __FUNC(struct elevator_queue *e, const char *page, size_t count)\

{									\

{									\

	struct bfq_data *bfqd = e->elevator_data;			\

	struct bfq_data *bfqd = e->elevator_data;			\

	unsigned long uninitialized_var(__data);			\

	unsigned long __data;						\

	bfq_var_store(&__data, (page));					\

	int ret;							\

									\

	ret = bfq_var_store(&__data, (page));				\

	if (ret)							\

		return ret;						\

	if (__data < (MIN))						\

	if (__data < (MIN))						\

		__data = (MIN);						\

		__data = (MIN);						\

	else if (__data > (MAX))					\

	else if (__data > (MAX))					\
@@ -4894,9 +4904,12 @@ static ssize_t bfq_max_budget_store(struct elevator_queue *e, 
				    const char *page, size_t count)

				    const char *page, size_t count)

{

{

	struct bfq_data *bfqd = e->elevator_data;

	struct bfq_data *bfqd = e->elevator_data;

	unsigned long uninitialized_var(__data);

	unsigned long __data;

	int ret;





	bfq_var_store(&__data, (page));

	ret = bfq_var_store(&__data, (page));

	if (ret)

		return ret;





	if (__data == 0)

	if (__data == 0)

		bfqd->bfq_max_budget = bfq_calc_max_budget(bfqd);

		bfqd->bfq_max_budget = bfq_calc_max_budget(bfqd);
@@ -4919,9 +4932,12 @@ static ssize_t bfq_timeout_sync_store(struct elevator_queue *e, 
				      const char *page, size_t count)

				      const char *page, size_t count)

{

{

	struct bfq_data *bfqd = e->elevator_data;

	struct bfq_data *bfqd = e->elevator_data;

	unsigned long uninitialized_var(__data);

	unsigned long __data;

	int ret;





	bfq_var_store(&__data, (page));

	ret = bfq_var_store(&__data, (page));

	if (ret)

		return ret;





	if (__data < 1)

	if (__data < 1)

		__data = 1;

		__data = 1;
@@ -4939,9 +4955,12 @@ static ssize_t bfq_strict_guarantees_store(struct elevator_queue *e, 
				     const char *page, size_t count)

				     const char *page, size_t count)

{

{

	struct bfq_data *bfqd = e->elevator_data;

	struct bfq_data *bfqd = e->elevator_data;

	unsigned long uninitialized_var(__data);

	unsigned long __data;

	int ret;





	bfq_var_store(&__data, (page));

	ret = bfq_var_store(&__data, (page));

	if (ret)

		return ret;





	if (__data > 1)

	if (__data > 1)

		__data = 1;

		__data = 1;
@@ -4958,9 +4977,12 @@ static ssize_t bfq_low_latency_store(struct elevator_queue *e, 
				     const char *page, size_t count)

				     const char *page, size_t count)

{

{

	struct bfq_data *bfqd = e->elevator_data;

	struct bfq_data *bfqd = e->elevator_data;

	unsigned long uninitialized_var(__data);

	unsigned long __data;

	int ret;





	bfq_var_store(&__data, (page));

	ret = bfq_var_store(&__data, (page));

	if (ret)

		return ret;





	if (__data > 1)

	if (__data > 1)

		__data = 1;

		__data = 1;