Commit 6020d534 authored by Shayne Chen's avatar Shayne Chen Committed by Johannes Berg

mac80211: fix incorrect strlen of .write in debugfs

This fixes strlen mismatch problems happening in some .write callbacks
of debugfs.

When trying to configure airtime_flags in debugfs, an error appeared:
ash: write error: Invalid argument

The error is returned from kstrtou16() since a wrong length makes it
miss the real end of input string.  To fix this, use count as the string
length, and set proper end of string for a char buffer.

The debug print is shown - airtime_flags_write: count = 2, len = 8,
where the actual length is 2, but "len = strlen(buf)" gets 8.

Also cleanup the other similar cases for the sake of consistency.
Signed-off-by: default avatarSujuan Chen <sujuan.chen@mediatek.com>
Signed-off-by: default avatarRyder Lee <ryder.lee@mediatek.com>
Signed-off-by: default avatarShayne Chen <shayne.chen@mediatek.com>
Link: https://lore.kernel.org/r/20210112032028.7482-1-shayne.chen@mediatek.comSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent c2083e28
...@@ -120,18 +120,17 @@ static ssize_t aqm_write(struct file *file, ...@@ -120,18 +120,17 @@ static ssize_t aqm_write(struct file *file,
{ {
struct ieee80211_local *local = file->private_data; struct ieee80211_local *local = file->private_data;
char buf[100]; char buf[100];
size_t len;
if (count > sizeof(buf)) if (count >= sizeof(buf))
return -EINVAL; return -EINVAL;
if (copy_from_user(buf, user_buf, count)) if (copy_from_user(buf, user_buf, count))
return -EFAULT; return -EFAULT;
buf[sizeof(buf) - 1] = '\0'; if (count && buf[count - 1] == '\n')
len = strlen(buf); buf[count - 1] = '\0';
if (len > 0 && buf[len-1] == '\n') else
buf[len-1] = 0; buf[count] = '\0';
if (sscanf(buf, "fq_limit %u", &local->fq.limit) == 1) if (sscanf(buf, "fq_limit %u", &local->fq.limit) == 1)
return count; return count;
...@@ -177,18 +176,17 @@ static ssize_t airtime_flags_write(struct file *file, ...@@ -177,18 +176,17 @@ static ssize_t airtime_flags_write(struct file *file,
{ {
struct ieee80211_local *local = file->private_data; struct ieee80211_local *local = file->private_data;
char buf[16]; char buf[16];
size_t len;
if (count > sizeof(buf)) if (count >= sizeof(buf))
return -EINVAL; return -EINVAL;
if (copy_from_user(buf, user_buf, count)) if (copy_from_user(buf, user_buf, count))
return -EFAULT; return -EFAULT;
buf[sizeof(buf) - 1] = 0; if (count && buf[count - 1] == '\n')
len = strlen(buf); buf[count - 1] = '\0';
if (len > 0 && buf[len - 1] == '\n') else
buf[len - 1] = 0; buf[count] = '\0';
if (kstrtou16(buf, 0, &local->airtime_flags)) if (kstrtou16(buf, 0, &local->airtime_flags))
return -EINVAL; return -EINVAL;
...@@ -237,20 +235,19 @@ static ssize_t aql_txq_limit_write(struct file *file, ...@@ -237,20 +235,19 @@ static ssize_t aql_txq_limit_write(struct file *file,
{ {
struct ieee80211_local *local = file->private_data; struct ieee80211_local *local = file->private_data;
char buf[100]; char buf[100];
size_t len;
u32 ac, q_limit_low, q_limit_high, q_limit_low_old, q_limit_high_old; u32 ac, q_limit_low, q_limit_high, q_limit_low_old, q_limit_high_old;
struct sta_info *sta; struct sta_info *sta;
if (count > sizeof(buf)) if (count >= sizeof(buf))
return -EINVAL; return -EINVAL;
if (copy_from_user(buf, user_buf, count)) if (copy_from_user(buf, user_buf, count))
return -EFAULT; return -EFAULT;
buf[sizeof(buf) - 1] = 0; if (count && buf[count - 1] == '\n')
len = strlen(buf); buf[count - 1] = '\0';
if (len > 0 && buf[len - 1] == '\n') else
buf[len - 1] = 0; buf[count] = '\0';
if (sscanf(buf, "%u %u %u", &ac, &q_limit_low, &q_limit_high) != 3) if (sscanf(buf, "%u %u %u", &ac, &q_limit_low, &q_limit_high) != 3)
return -EINVAL; return -EINVAL;
...@@ -306,18 +303,17 @@ static ssize_t force_tx_status_write(struct file *file, ...@@ -306,18 +303,17 @@ static ssize_t force_tx_status_write(struct file *file,
{ {
struct ieee80211_local *local = file->private_data; struct ieee80211_local *local = file->private_data;
char buf[3]; char buf[3];
size_t len;
if (count > sizeof(buf)) if (count >= sizeof(buf))
return -EINVAL; return -EINVAL;
if (copy_from_user(buf, user_buf, count)) if (copy_from_user(buf, user_buf, count))
return -EFAULT; return -EFAULT;
buf[sizeof(buf) - 1] = '\0'; if (count && buf[count - 1] == '\n')
len = strlen(buf); buf[count - 1] = '\0';
if (len > 0 && buf[len - 1] == '\n') else
buf[len - 1] = 0; buf[count] = '\0';
if (buf[0] == '0' && buf[1] == '\0') if (buf[0] == '0' && buf[1] == '\0')
local->force_tx_status = 0; local->force_tx_status = 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment