From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D29CC10DCE for ; Thu, 12 Mar 2020 11:38:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DF8EE2071B for ; Thu, 12 Mar 2020 11:38:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726390AbgCLLiR (ORCPT ); Thu, 12 Mar 2020 07:38:17 -0400 Received: from mx2.suse.de ([195.135.220.15]:45926 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725978AbgCLLiR (ORCPT ); Thu, 12 Mar 2020 07:38:17 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 798ADACB1; Thu, 12 Mar 2020 11:38:14 +0000 (UTC) Date: Thu, 12 Mar 2020 12:38:14 +0100 Message-ID: From: Takashi Iwai To: Martin Habets Cc: Takashi Iwai , , "David S . Miller" , Solarflare linux maintainers , Edward Cree Subject: Re: [PATCH 6/7] sfc: Use scnprintf() for avoiding potential buffer overflow In-Reply-To: <92ac1339-892c-20de-1547-02a8eee85f12@solarflare.com> References: <20200311083745.17328-1-tiwai@suse.de> <20200311083745.17328-7-tiwai@suse.de> <92ac1339-892c-20de-1547-02a8eee85f12@solarflare.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Thu, 12 Mar 2020 10:53:05 +0100, Martin Habets wrote: > > Hi Takashi, > > Fix looks ok, but could you please fix the alignment of the subsequent lines as well? Yes, I'll respin with that in v2, as other people also asked for it. thanks, Takashi > > Thanks, > Martin > > On 11/03/2020 08:37, Takashi Iwai wrote: > > Since snprintf() returns the would-be-output size instead of the > > actual output size, the succeeding calls may go beyond the given > > buffer limit. Fix it by replacing with scnprintf(). > > > > Cc: Solarflare linux maintainers > > Cc: Edward Cree > > Cc: Martin Habets > > Signed-off-by: Takashi Iwai > > --- > > drivers/net/ethernet/sfc/mcdi.c | 12 ++++++------ > > 1 file changed, 6 insertions(+), 6 deletions(-) > > > > diff --git a/drivers/net/ethernet/sfc/mcdi.c b/drivers/net/ethernet/sfc/mcdi.c > > index 2713300343c7..ac978e24644f 100644 > > --- a/drivers/net/ethernet/sfc/mcdi.c > > +++ b/drivers/net/ethernet/sfc/mcdi.c > > @@ -212,11 +212,11 @@ static void efx_mcdi_send_request(struct efx_nic *efx, unsigned cmd, > > * progress on a NIC at any one time. So no need for locking. > > */ > > for (i = 0; i < hdr_len / 4 && bytes < PAGE_SIZE; i++) > > - bytes += snprintf(buf + bytes, PAGE_SIZE - bytes, > > + bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes, > > " %08x", le32_to_cpu(hdr[i].u32[0])); > > > > for (i = 0; i < inlen / 4 && bytes < PAGE_SIZE; i++) > > - bytes += snprintf(buf + bytes, PAGE_SIZE - bytes, > > + bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes, > > " %08x", le32_to_cpu(inbuf[i].u32[0])); > > > > netif_info(efx, hw, efx->net_dev, "MCDI RPC REQ:%s\n", buf); > > @@ -302,14 +302,14 @@ static void efx_mcdi_read_response_header(struct efx_nic *efx) > > */ > > for (i = 0; i < hdr_len && bytes < PAGE_SIZE; i++) { > > efx->type->mcdi_read_response(efx, &hdr, (i * 4), 4); > > - bytes += snprintf(buf + bytes, PAGE_SIZE - bytes, > > + bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes, > > " %08x", le32_to_cpu(hdr.u32[0])); > > } > > > > for (i = 0; i < data_len && bytes < PAGE_SIZE; i++) { > > efx->type->mcdi_read_response(efx, &hdr, > > mcdi->resp_hdr_len + (i * 4), 4); > > - bytes += snprintf(buf + bytes, PAGE_SIZE - bytes, > > + bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes, > > " %08x", le32_to_cpu(hdr.u32[0])); > > } > > > > @@ -1417,7 +1417,7 @@ void efx_mcdi_print_fwver(struct efx_nic *efx, char *buf, size_t len) > > } > > > > ver_words = (__le16 *)MCDI_PTR(outbuf, GET_VERSION_OUT_VERSION); > > - offset = snprintf(buf, len, "%u.%u.%u.%u", > > + offset = scnprintf(buf, len, "%u.%u.%u.%u", > > le16_to_cpu(ver_words[0]), le16_to_cpu(ver_words[1]), > > le16_to_cpu(ver_words[2]), le16_to_cpu(ver_words[3])); > > > > @@ -1427,7 +1427,7 @@ void efx_mcdi_print_fwver(struct efx_nic *efx, char *buf, size_t len) > > if (efx_nic_rev(efx) >= EFX_REV_HUNT_A0) { > > struct efx_ef10_nic_data *nic_data = efx->nic_data; > > > > - offset += snprintf(buf + offset, len - offset, " rx%x tx%x", > > + offset += scnprintf(buf + offset, len - offset, " rx%x tx%x", > > nic_data->rx_dpcpu_fw_id, > > nic_data->tx_dpcpu_fw_id); > > > > >