* [PATCH] kernel/cpu: fix: use scnprintf or sprintf.
@ 2020-12-22 9:11 YANG LI
2020-12-23 13:28 ` Qais Yousef
0 siblings, 1 reply; 2+ messages in thread
From: YANG LI @ 2020-12-22 9:11 UTC (permalink / raw)
To: tglx
Cc: qais.yousef, peterz, mpe, bristot, ethp, npiggin, arnd,
linux-kernel, YANG LI
The snprintf() function returns the number of characters which would
have been printed if there were enough space, but the scnprintf()
returns the number of characters which were actually printed. If the
buffer is not large enough, then using snprintf() would result in a
read overflow and an information leak.
Signed-off-by: YANG LI <abaci-bugfix@linux.alibaba.com>
Reported-by: Abaci <abaci@linux.alibaba.com>
---
kernel/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 4e11e91..c123741 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2345,7 +2345,7 @@ static ssize_t show_cpuhp_states(struct device *dev,
{
const char *state = smt_states[cpu_smt_control];
- return snprintf(buf, PAGE_SIZE - 2, "%s\n", state);
+ return scnprintf(buf, PAGE_SIZE - 2, "%s\n", state);
}
static ssize_t
--
1.8.3.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] kernel/cpu: fix: use scnprintf or sprintf.
2020-12-22 9:11 [PATCH] kernel/cpu: fix: use scnprintf or sprintf YANG LI
@ 2020-12-23 13:28 ` Qais Yousef
0 siblings, 0 replies; 2+ messages in thread
From: Qais Yousef @ 2020-12-23 13:28 UTC (permalink / raw)
To: YANG LI; +Cc: tglx, peterz, mpe, bristot, ethp, npiggin, arnd, linux-kernel
Hi Yang
'or sprintf' in the subject line doesn't make much sense for what's done in
this patch. Perhaps you meant "Use scnprintf instead of snprintf"?
On 12/22/20 17:11, YANG LI wrote:
> The snprintf() function returns the number of characters which would
> have been printed if there were enough space, but the scnprintf()
> returns the number of characters which were actually printed. If the
> buffer is not large enough, then using snprintf() would result in a
> read overflow and an information leak.
>
> Signed-off-by: YANG LI <abaci-bugfix@linux.alibaba.com>
> Reported-by: Abaci <abaci@linux.alibaba.com>
Two different yet very similar email addresses, it seems both are you? The
Reported-by is unnecessary.
> ---
> kernel/cpu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/cpu.c b/kernel/cpu.c
> index 4e11e91..c123741 100644
> --- a/kernel/cpu.c
> +++ b/kernel/cpu.c
> @@ -2345,7 +2345,7 @@ static ssize_t show_cpuhp_states(struct device *dev,
> {
> const char *state = smt_states[cpu_smt_control];
>
> - return snprintf(buf, PAGE_SIZE - 2, "%s\n", state);
> + return scnprintf(buf, PAGE_SIZE - 2, "%s\n", state);
show_cpuhp_states() doesn't have snprintf() in Linus' master. Which tree is
this based on?
I can see two snprintf() in cpu.c, show_smt_active/control().
Mind resend to fix them both?
Thanks
--
Qais Yousef
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-12-23 13:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-22 9:11 [PATCH] kernel/cpu: fix: use scnprintf or sprintf YANG LI
2020-12-23 13:28 ` Qais Yousef
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).