sysfs: clamp show() return value in sysfs_kf_read()

sysfs_kf_seq_show() defends against buggy show() callbacks that return
larger than PAGE_SIZE by clamping the value and printing a warning.
sysfs_kf_read(), the prealloc variant, has no such defense.

The only current in-tree user of __ATTR_PREALLOC is drivers/md/md.c,
whose show() callbacks are well-behaved, so this is hardening against
future drivers doing foolish things and out-of-tree code doing even more
foolish things.

Cc: NeilBrown <neil@brown.name>
Cc: Tejun Heo <tj@kernel.org>
Fixes: 2b75869bba67 ("sysfs/kernfs: allow attributes to request write buffer be pre-allocated.")
Assisted-by: gregkh_clanker_t1000
Reviewed-by: Rafael J. Wysocki (Intel) <rafael@kernel.org>
Reviewed-by: Danilo Krummrich <dakr@kernel.org>
Link: https://patch.msgid.link/2026052000-drove-unicycle-d61b@gregkh
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
index 6b3a8f62fa89c590c30c09f14745e12351a9712a..cd5bb0f9fee6ddbcfe327bdfb545caf52b5ad0cc 100644 (file)
--- a/fs/sysfs/file.c
+++ b/fs/sysfs/file.c
@@ -119,6 +119,10 @@ static ssize_t sysfs_kf_read(struct kernfs_open_file *of, char *buf,
        len = ops->show(kobj, of->kn->priv, buf);
        if (len < 0)
                return len;
+       if (len >= (ssize_t)PAGE_SIZE) {
+               printk("fill_read_buffer: %pS returned bad count\n", ops->show);
+               len = PAGE_SIZE - 1;
+       }
        if (pos) {
                if (len <= pos)
                        return 0;