On the safety of the sysfs interfaces
Posted Apr 6, 2006 6:54 UTC (Thu) by viro
Parent article: On the safety of the sysfs interfaces
Certain developers have asked that question, indeed. I'm not sure
if this variant of answer would be more or less diplomatic, but the
thing is, the very instance of ->store() that had prompted the
original raising of the size limit actually relies on NUL-termination.
In other words, they hadn't even fixed their own code, making the
assertions regarding the expected behaviour of huge pile of ->store()
instances all over the tree not only dumb, but rather hypocritical.
The first thing they do with buffer is sscanf(buf, "%02x", &start).
Calling that when buf consists of e.g. 4096 spaces will immediately
run off the end of array, since %x is a numeric conversion and as
such it skips the leading whitespace. Field width specifies the
maximum number of characters accepted past that point.
And as for the carelessly written code... There is no "if"; clear
majority of sysfs-related code in drivers (and higher than that) is
junk. See cfq/elevator/queue patch series right after 2.6.16 for
a lovely pile of examples - and that's not an obscure driver. And
unlike the majority of authors of sysfs-related code, Jens is not an
idiot. Didn't help - interface is misdesigned to the degree where
most of the interface users end up misusing it...
to post comments)