FROMLIST: ARM: amba: Don't read past the end of sysfs "driver_override" buffer

When printing the driver_override parameter when it is 4095 and 4094
bytes long, the printing code would access invalid memory because we
need count + 1 bytes for printing.

Cfr. commits 4efe874aace57dba ("PCI: Don't read past the end of sysfs
"driver_override" buffer") and bf563b01c2895a4b ("driver core: platform:
Don't read past the end of "driver_override" buffer").

Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
(cherry picked from: https://patchwork.kernel.org/patch/10175611/)
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I7a9fffc8e3cc775fcf693edae7b42d57c0a375c5

diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c
index f009936..42086ad 100644 (file)
--- a/drivers/amba/bus.c
+++ b/drivers/amba/bus.c
@@ -82,7 +82,8 @@ static ssize_t driver_override_store(struct device *_dev,
        struct amba_device *dev = to_amba_device(_dev);
        char *driver_override, *old = dev->driver_override, *cp;
 
-       if (count > PATH_MAX)
+       /* We need to keep extra room for a newline */
+       if (count >= (PAGE_SIZE - 1))
                return -EINVAL;
 
        driver_override = kstrndup(buf, count, GFP_KERNEL);