Re: [PATCH] PCI/proc: check __get_user() return value in proc_bus_pci_write()

From: Deepanshu Kartikey

Date: Sun May 03 2026 - 21:23:48 EST


On Mon, May 4, 2026 at 12:16 AM Krzysztof Wilczyński <kw@xxxxxxxxx> wrote:
>
> Hello,
>
> > Check __get_user() and return -EFAULT on failure.
> [...]
> > @@ -136,7 +136,10 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
> >
> > if ((pos & 1) && cnt) {
> > unsigned char val;
> > - __get_user(val, buf);
> > + if (__get_user(val, buf)) {
> > + ret = -EFAULT;
> > + goto out;
> > + }
>
> We could move to get_user() here. This would allow you to drop
> the access_ok(), too, as get_user() would return -EFAULT on error.
>
> So, something simple, like:
>
> if (get_user(val, buf))
> goto err;
>
> > +out:
>
> Use "err" for a single goto label for the error path.
>
> > pci_config_pm_runtime_put(dev);
> > -
> > *ppos = pos;
> > - i_size_write(ino, dev->cfg_size);
> > - return nbytes;
> > + if (ret > 0)
> > + i_size_write(ino, dev->cfg_size);
> > + return ret;
>
> This can be kept simple:
>
> err:
> pci_config_pm_runtime_put(dev);
> return -EFAULT;
>
> The i_size_write() is such an unfortunate band-aid, but unless we have a
> way to set the size before the procfs entry is created/made visible, then
> the problem that this aims to fix is here to stay for now, see:
>
> ecb3908046ce ("pci: write file size to inode on proc bus file write")
>
> Having said all that, since you are looking at proc_bus_pci_write(),
> then perhaps an update to proc_bus_pci_read() to use put_user() would
> also be prudent.
>
> Thank you!
>
> Krzysztof

Thanks for the detailed feedback. I will send patch v2 shortly.

Thanks

Deepanshu Kartikey