[PATCH v4 05/14] of: Fix available buffer size calculating error in API of_device_uevent_modalias()

From: Zijun Hu
Date: Thu Jan 09 2025 - 08:29:15 EST


From: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>

of_device_uevent_modalias() saves MODALIAS value from offset
(@env->buflen - 1), so the available buffer size should be
(sizeof(@env->buf) - @env->buflen + 1), but it uses the wrong
size (sizeof(@env->buf) - @env->buflen).

Fix by using size of space from char '\0' inclusive which ends "MODALIAS=".

Fixes: dd27dcda37f0 ("of/device: merge of_device_uevent")
Signed-off-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
---
drivers/of/device.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/drivers/of/device.c b/drivers/of/device.c
index edf3be1972658f6dc165f577da53b10c7eebc116..f24c19e7aba8e01656f503ae328a4e08aab5a5f3 100644
--- a/drivers/of/device.c
+++ b/drivers/of/device.c
@@ -257,6 +257,7 @@ EXPORT_SYMBOL_GPL(of_device_uevent);
int of_device_uevent_modalias(const struct device *dev, struct kobj_uevent_env *env)
{
int sl;
+ int pos;

if ((!dev) || (!dev->of_node) || dev->of_node_reused)
return -ENODEV;
@@ -265,13 +266,18 @@ int of_device_uevent_modalias(const struct device *dev, struct kobj_uevent_env *
if (add_uevent_var(env, "MODALIAS="))
return -ENOMEM;

- sl = of_modalias(dev->of_node, &env->buf[env->buflen-1],
- sizeof(env->buf) - env->buflen);
+ /*
+ * @env->buflen is pointing to the char after '\0' now
+ * override the '\0' to save MODALIAS value.
+ */
+ pos = env->buflen - 1;
+ sl = of_modalias(dev->of_node, &env->buf[pos],
+ sizeof(env->buf) - pos);
if (sl < 0)
return sl;
- if (sl >= (sizeof(env->buf) - env->buflen))
+ if (sl >= (sizeof(env->buf) - pos))
return -ENOMEM;
- env->buflen += sl;
+ env->buflen = pos + sl + 1;

return 0;
}

--
2.34.1