From: Hannes Reinecke <hare@suse.de>
To: Christoph Hellwig <hch@lst.de>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>,
Sagi Grimberg <sagi@grimberg.me>,
linux-nvme@lists.infradead.org
Subject: Re: [PATCH] nvmet: fixup buffer overrun in nvmet_subsys_attr_serial()
Date: Mon, 6 Sep 2021 08:59:03 +0200 [thread overview]
Message-ID: <f06240ed-5fd4-b8fa-a8cc-be10b9f62bcf@suse.de> (raw)
In-Reply-To: <20210901122247.GA10562@lst.de>
On 9/1/21 2:22 PM, Christoph Hellwig wrote:
> On Fri, Aug 27, 2021 at 06:26:36PM +0200, Christoph Hellwig wrote:
>> On Fri, Aug 27, 2021 at 11:29:26AM +0200, Hannes Reinecke wrote:
>>> The serial number is copied into the buffer via memcpy_and_pad()
>>> with the length NVMET_SN_MAX_SIZE. So when printing out we also
>>> need to take just that length as anything beyond that will be
>>> uninitialized.
>>>
>>> Signed-off-by: Hannes Reinecke <hare@suse.de>
>>
>> The normal way to print a potentially unterminated fixed length string
>> would be something like:
>
> Does this version still look ok to you?
>
>>
>> diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
>> index f74485c705ff2..d784f3c200b4c 100644
>> --- a/drivers/nvme/target/configfs.c
>> +++ b/drivers/nvme/target/configfs.c
>> @@ -1067,7 +1067,8 @@ static ssize_t nvmet_subsys_attr_serial_show(struct config_item *item,
>> {
>> struct nvmet_subsys *subsys = to_subsys(item);
>>
>> - return snprintf(page, PAGE_SIZE, "%s\n", subsys->serial);
>> + return snprintf(page, PAGE_SIZE, "%*s\n",
>> + NVMET_SN_MAX_SIZE, subsys->serial);
>> }
>>
>> static ssize_t
> ---end quoted text---
>
Yes, it does; will be sending an updated patch.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Felix Imendörffer
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
prev parent reply other threads:[~2021-09-06 6:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-27 9:29 [PATCH] nvmet: fixup buffer overrun in nvmet_subsys_attr_serial() Hannes Reinecke
2021-08-27 16:26 ` Christoph Hellwig
2021-09-01 12:22 ` Christoph Hellwig
2021-09-06 6:59 ` Hannes Reinecke [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f06240ed-5fd4-b8fa-a8cc-be10b9f62bcf@suse.de \
--to=hare@suse.de \
--cc=hch@lst.de \
--cc=linux-nvme@lists.infradead.org \
--cc=martin.petersen@oracle.com \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.