Re: [Openipmi-developer] [PATCH 01/11] params: bound array element output to the caller's page buff
Brought to you by:
cminyard
Menu
▾
▴
Re: [Openipmi-developer] [PATCH 01/11] params: bound array element output to the caller's page buffer
|
From: Jason G. <jg...@zi...> - 2026-06-02 13:35:20
|
On Tue, Jun 02, 2026 at 02:26:46PM +0300, Andy Shevchenko wrote: > On Thu, May 21, 2026 at 06:33:14AM -0700, Kees Cook wrote: > > > > param_array_get() appends each element's string representation into the > > shared sysfs page buffer by passing buffer + off to the element getter. > > > > That works for getters that only write a small bounded string, but > > param_get_charp() and similar helpers format against PAGE_SIZE from the > > pointer they receive. Once off is non-zero, an element getter can > > therefore write past the end of the original sysfs page buffer. > > > > Collect each element into a temporary PAGE_SIZE buffer first and then > > copy only the remaining space into the caller's page buffer. > > ... > > > + elem_buf = kmalloc(PAGE_SIZE, GFP_KERNEL); > > get_free_page() (or how it is called)? I thought modern mm guidance was to use kmalloc whenever possible and not use get_free_page() unless you intend to use the struct page bits? Jason |
