Re: [PATCH] sysfs: clamp show() return value in sysfs_kf_read()
From: Rafael J. Wysocki
Date: Wed May 20 2026 - 09:39:30 EST
On Wed, May 20, 2026 at 3:06 PM Greg Kroah-Hartman
<gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> sysfs_kf_seq_show() defends against buggy show() callbacks that return
> larger than PAGE_SIZE by clamping the value and printing a warning.
> sysfs_kf_read(), the prealloc variant, has no such defense.
>
> The only current in-tree user of __ATTR_PREALLOC is drivers/md/md.c,
> whose show() callbacks are well-behaved, so this is hardening against
> future drivers doing foolish things and out-of-tree code doing even more
> foolish things.
>
> Cc: "Rafael J. Wysocki" <rafael@xxxxxxxxxx>
> Cc: Danilo Krummrich <dakr@xxxxxxxxxx>
> Cc: NeilBrown <neil@xxxxxxxxxx>
> Cc: Tejun Heo <tj@xxxxxxxxxx>
> Fixes: 2b75869bba67 ("sysfs/kernfs: allow attributes to request write buffer be pre-allocated.")
> Assisted-by: gregkh_clanker_t1000
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
No issues found, so
Reviewed-by: Rafael J. Wysocki (Intel) <rafael@xxxxxxxxxx>
> ---
> fs/sysfs/file.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
> index 5709cede1d75..25b44fe171a3 100644
> --- a/fs/sysfs/file.c
> +++ b/fs/sysfs/file.c
> @@ -120,6 +120,10 @@ static ssize_t sysfs_kf_read(struct kernfs_open_file *of, char *buf,
> len = ops->show(kobj, of->kn->priv, buf);
> if (len < 0)
> return len;
> + if (len >= (ssize_t)PAGE_SIZE) {
> + printk("fill_read_buffer: %pS returned bad count\n", ops->show);
> + len = PAGE_SIZE - 1;
> + }
> if (pos) {
> if (len <= pos)
> return 0;
> --
> 2.54.0
>