[PATCH v3 1/2] init/do_mounts.c: ignore final \n in name_to_dev_t
sebastian.capella at linaro.org
Thu Oct 10 13:50:10 EDT 2013
Quoting Sebastian Capella (2013-10-03 16:47:35)
> Quoting Sebastian Capella (2013-10-03 14:42:46)
> > Quoting Andrew Morton (2013-10-03 14:15:23)
> > > On Thu, 3 Oct 2013 14:10:37 -0700 Sebastian Capella <sebastian.capella at linaro.org> wrote:
> > >
> > > > Enhance name_to_dev_t to handle trailing newline characters
> > > > on device paths. Some inputs to name_to_dev_t may come from
> > > > userspace where oftentimes a '\n' is appended to the path.
> > > > Added const to the name buffer in both the function
> > > > declaration and the prototype to reflect input buffer
> > > > handling.
> > > >
> > > > By handling trailing newlines in name_to_dev_t, userspace
> > > > buffers may be directly passed to name_to_dev_t without
> > > > modification.
> > >
> > > We have lib/string.c:strim() - perhaps this patch would be
> > > neater if it were to use it?
> > Hi Morton,
> > I was intending to respect the const handling of the input buffer.
> > The actual buffer in this case is not really const as it comes from
> > the file buffering, but removing the const requires changing the
> > store function defined in the kobj_attribute, and would propagate
> > to many areas in the kernel.
> > Modifying the buffer and removing the const was also suggested by Pavel.
> > After some discussion I posted this version which did not change the
> > buffer or the prototype.
> > Please let me know if the preference is to modify the store function
> > definition.
> > I'll prepare a patchset that removes the consts to see how much is
> > changed.
> > Thanks,
> > Sebastian
> Hi Andrew,
> Sorry for calling you Morton earlier.
> I looked into removing the const from the store function, but I'm not sure
> this is the right idea, so I'm going to shelf that for now.
> Please let me know your thoughts.
Do you have any feedback on this?
Below are the three options considered thus far. Do
you have any additional suggestions or preferences?
1) copy buffer, remove \n.
- v1 patch did this
- alternatively could use an array on the stack or a preallocated global
. cleanest change
. adds memcpy
2) make name_to_dev_t work with readonly buffer to ignore \n
- v2 and v3 patches do this
. no memcpy, no big modifications to unrelated code
. seems more appropriate to harden store functions to user input
. a little complicated
3) remove const from buffer and modify contents in place to remove \n
- remove const from sysfs_ops.store, modify dependent definitions
- remove const from kobj_attribute.store, modify dependent definitions
. no memcpy
. a lot of modifications
. const contract to not modify the input buffer seems the right way.
More information about the linux-arm-kernel