Message ID | 20200311083745.17328-5-tiwai@suse.de |
---|---|
State | Changes Requested |
Delegated to: | David Miller |
Headers | show |
Series | net: Use scnprintf() for avoiding potential buffer overflow | expand |
On Wed, Mar 11, 2020 at 09:37:42AM +0100, Takashi Iwai wrote: > Since snprintf() returns the would-be-output size instead of the > actual output size, the succeeding calls may go beyond the given > buffer limit. Fix it by replacing with scnprintf(). > > Cc: Jakub Kicinski <kuba@kernel.org> > Cc: oss-drivers@netronome.com > Signed-off-by: Takashi Iwai <tiwai@suse.de> Reviewed-by: Simon Horman <simon.horman@netronome.com>
On Wed, 11 Mar 2020 09:37:42 +0100 Takashi Iwai wrote: > @@ -680,7 +680,7 @@ static int enable_bars(struct nfp6000_pcie *nfp, u16 interface) > bar->iomem = ioremap(nfp_bar_resource_start(bar), > nfp_bar_resource_len(bar)); > if (bar->iomem) { > - msg += snprintf(msg, end - msg, > + msg += scnprintf(msg, end - msg, > "0.%d: Explicit%d, ", 4 + i, i); Thanks for the patches! One nit pick - please adjust the continuation lines so it starts on the column after the opening bracket (other patches have the same problem). You can try running scripts/checkpatch --strict on your patches, it should catch these.
diff --git a/drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c b/drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c index 8fde6c1f681b..cc311989e3d7 100644 --- a/drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c +++ b/drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c @@ -616,7 +616,7 @@ static int enable_bars(struct nfp6000_pcie *nfp, u16 interface) if (bar->iomem) { int pf; - msg += snprintf(msg, end - msg, "0.0: General/MSI-X SRAM, "); + msg += scnprintf(msg, end - msg, "0.0: General/MSI-X SRAM, "); atomic_inc(&bar->refcnt); bars_free--; @@ -661,7 +661,7 @@ static int enable_bars(struct nfp6000_pcie *nfp, u16 interface) /* Configure, and lock, BAR0.1 for PCIe XPB (MSI-X PBA) */ bar = &nfp->bar[1]; - msg += snprintf(msg, end - msg, "0.1: PCIe XPB/MSI-X PBA, "); + msg += scnprintf(msg, end - msg, "0.1: PCIe XPB/MSI-X PBA, "); atomic_inc(&bar->refcnt); bars_free--; @@ -680,7 +680,7 @@ static int enable_bars(struct nfp6000_pcie *nfp, u16 interface) bar->iomem = ioremap(nfp_bar_resource_start(bar), nfp_bar_resource_len(bar)); if (bar->iomem) { - msg += snprintf(msg, end - msg, + msg += scnprintf(msg, end - msg, "0.%d: Explicit%d, ", 4 + i, i); atomic_inc(&bar->refcnt); bars_free--;
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Cc: Jakub Kicinski <kuba@kernel.org> Cc: oss-drivers@netronome.com Signed-off-by: Takashi Iwai <tiwai@suse.de> --- drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)