RE: [PATCH] EDAC/xilinx: Fix stack off-by-one in debugfs UE injection handlers

Next message: Tanmay Shah: "[PATCH] remoteproc: xlnx: check remote node state"
Previous message: Yu Kuai: "Re: [PATCH v13 0/3] md/md-bitmap: restore bitmap grow through sysfs"
In reply to: Shengzhuo Wei: "[PATCH] EDAC/xilinx: Fix stack off-by-one in debugfs UE injection handlers"
Next in thread: Datta, Shubhrajyoti: "Re: [PATCH] EDAC/xilinx: Fix stack off-by-one in debugfs UE injection handlers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Zhuo, Qiuxu

Date: Fri Apr 24 2026 - 22:53:08 EST

> From: Shengzhuo Wei <me@xxxxxxxx>
> Sent: Saturday, April 25, 2026 2:49 AM
> To: Shubhrajyoti Datta <shubhrajyoti.datta@xxxxxxx>; Sai Krishna Potthuri
> <sai.krishna.potthuri@xxxxxxx>; Borislav Petkov <bp@xxxxxxxxx>; Luck,
> Tony <tony.luck@xxxxxxxxx>; Michal Simek <michal.simek@xxxxxxx>
> Cc: linux-edac@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; linux-arm-
> kernel@xxxxxxxxxxxxxxxxxxx; Shengzhuo Wei <me@xxxxxxxx>
> Subject: [PATCH] EDAC/xilinx: Fix stack off-by-one in debugfs UE injection
> handlers
>
> Two EDAC debugfs write handlers copy up to sizeof(buf) bytes into a fixed-size
> stack buffer and then unconditionally NUL-terminate it via buf[len] = '\0'.
> When userspace writes >= sizeof(buf) bytes, len becomes sizeof(buf) and the
> NUL write lands 1 byte past the end of the stack buffer.
>
> Fix by clamping the copy length to sizeof(buf) - 1 so that the NUL terminator is
> always in-bounds.
>
> Fixes: 3bd2706c910f ("EDAC/zynqmp: Add EDAC support for Xilinx ZynqMP
> OCM")
> Fixes: 83bf24051a60 ("EDAC/versal: Make the bit position of injected errors
> configurable")
> Signed-off-by: Shengzhuo Wei <me@xxxxxxxx>

LGTM,

Reviewed-by: Qiuxu Zhuo <qiuxu.zhuo@xxxxxxxxx>