This is a note to let you know that I've just added the patch titled
proc: proc_skip_spaces() shouldn't think it is working on C strings
to the 5.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
and it can be found in the queue-5.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From bce9332220bd677d83b19d21502776ad555a0e73 Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 5 Dec 2022 12:09:06 -0800
Subject: proc: proc_skip_spaces() shouldn't think it is working on C strings
From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
commit bce9332220bd677d83b19d21502776ad555a0e73 upstream.
proc_skip_spaces() seems to think it is working on C strings, and ends
up being just a wrapper around skip_spaces() with a really odd calling
convention.
Instead of basing it on skip_spaces(), it should have looked more like
proc_skip_char(), which really is the exact same function (except it
skips a particular character, rather than whitespace). So use that as
inspiration, odd coding and all.
Now the calling convention actually makes sense and works for the
intended purpose.
Reported-and-tested-by: Kyle Zeng <zengyhkyle@xxxxxxxxx>
Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
kernel/sysctl.c | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2156,13 +2156,14 @@ int proc_dostring(struct ctl_table *tabl
(char __user *)buffer, lenp, ppos);
}
-static size_t proc_skip_spaces(char **buf)
+static void proc_skip_spaces(char **buf, size_t *size)
{
- size_t ret;
- char *tmp = skip_spaces(*buf);
- ret = tmp - *buf;
- *buf = tmp;
- return ret;
+ while (*size) {
+ if (!isspace(**buf))
+ break;
+ (*size)--;
+ (*buf)++;
+ }
}
static void proc_skip_char(char **buf, size_t *size, const char v)
@@ -2399,7 +2400,7 @@ static int __do_proc_dointvec(void *tbl_
bool neg;
if (write) {
- left -= proc_skip_spaces(&p);
+ proc_skip_spaces(&p, &left);
if (!left)
break;
@@ -2430,7 +2431,7 @@ static int __do_proc_dointvec(void *tbl_
if (!write && !first && left && !err)
err = proc_put_char(&buffer, &left, '\n');
if (write && !err && left)
- left -= proc_skip_spaces(&p);
+ proc_skip_spaces(&p, &left);
if (write) {
kfree(kbuf);
if (first)
@@ -2479,7 +2480,7 @@ static int do_proc_douintvec_w(unsigned
if (IS_ERR(kbuf))
return -EINVAL;
- left -= proc_skip_spaces(&p);
+ proc_skip_spaces(&p, &left);
if (!left) {
err = -EINVAL;
goto out_free;
@@ -2499,7 +2500,7 @@ static int do_proc_douintvec_w(unsigned
}
if (!err && left)
- left -= proc_skip_spaces(&p);
+ proc_skip_spaces(&p, &left);
out_free:
kfree(kbuf);
@@ -2913,7 +2914,7 @@ static int __do_proc_doulongvec_minmax(v
if (write) {
bool neg;
- left -= proc_skip_spaces(&p);
+ proc_skip_spaces(&p, &left);
if (!left)
break;
@@ -2946,7 +2947,7 @@ static int __do_proc_doulongvec_minmax(v
if (!write && !first && left && !err)
err = proc_put_char(&buffer, &left, '\n');
if (write && !err)
- left -= proc_skip_spaces(&p);
+ proc_skip_spaces(&p, &left);
if (write) {
kfree(kbuf);
if (first)
Patches currently in stable-queue which might be from torvalds@xxxxxxxxxxxxxxxxxxxx are
queue-5.4/x86-bugs-make-sure-msr_spec_ctrl-is-updated-properly-upon-resume-from-s3.patch
queue-5.4/error-injection-add-prompt-for-function-error-injection.patch
queue-5.4/drm-i915-fix-tlb-invalidation-for-gen12-video-and-compute-engines.patch
queue-5.4/xtensa-increase-size-of-gcc-stack-frame-check.patch
queue-5.4/afs-fix-fileserver-probe-rtt-handling.patch
queue-5.4/epoll-check-for-events-when-removing-a-timed-out-thread-from-the-wait-queue.patch
queue-5.4/proc-avoid-integer-type-confusion-in-get_proc_long.patch
queue-5.4/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
queue-5.4/epoll-call-final-ep_events_available-check-under-the-lock.patch
queue-5.4/char-tpm-protect-tpm_pm_suspend-with-locks.patch
