Re: [PATCH] zram: fix bug storing backing_dev
From: Minchan Kim
Date: Mon Aug 13 2018 - 02:16:36 EST
On Wed, Aug 08, 2018 at 03:31:00PM -0700, Peter Kalauskas wrote:
> The call to strlcpy in backing_dev_store is incorrect. It should take
> the size of the destination buffer instead of the size of the source
> buffer. Additionally, ignore the newline character (\n) when reading
> the new file_name buffer. This makes it possible to set the backing_dev
> as follows:
>
> echo /dev/sdX > /sys/block/zram0/backing_dev
>
> Signed-off-by: Peter Kalauskas <peskal@xxxxxxxxxx>
Acked-by: Minchan Kim <minchan@xxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@xxxxxxxxx>
CC: LKML <linux-kernel@xxxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> [4.14+]
> ---
> drivers/block/zram/zram_drv.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
> index 7436b2d27fa3..3137faea1493 100644
> --- a/drivers/block/zram/zram_drv.c
> +++ b/drivers/block/zram/zram_drv.c
> @@ -336,6 +336,7 @@ static ssize_t backing_dev_store(struct device *dev,
> struct device_attribute *attr, const char *buf, size_t len)
> {
> char *file_name;
> + size_t sz;
> struct file *backing_dev = NULL;
> struct inode *inode;
> struct address_space *mapping;
> @@ -356,7 +357,11 @@ static ssize_t backing_dev_store(struct device *dev,
> goto out;
> }
>
> - strlcpy(file_name, buf, len);
> + strlcpy(file_name, buf, PATH_MAX);
> + /* ignore trailing newline */
> + sz = strlen(file_name);
> + if (sz > 0 && file_name[sz - 1] == '\n')
> + file_name[sz - 1] = 0x00;
>
> backing_dev = filp_open(file_name, O_RDWR|O_LARGEFILE, 0);
> if (IS_ERR(backing_dev)) {
> --
> 2.18.0.597.ga71716f1ad-goog
>