| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 30 Aug 2020 00:37:17 +0100
From: Alex Dewar <alex.dewar90@...il.com>
To: unlisted-recipients:; (no To-header on input)
Cc: Alex Dewar <alex.dewar90@...il.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Rafael J. Wysocki" <rafael@...nel.org>,
Christian Brauner <christian.brauner@...ntu.com>,
"David S. Miller" <davem@...emloft.net>,
Nayna Jain <nayna@...ux.ibm.com>,
Dan Williams <dan.j.williams@...el.com>,
Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
Sourabh Jain <sourabhjain@...ux.ibm.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH RFC 2/2] sysfs: add helper macro for showing simple integer values
sysfs attributes are supposed to be only single values, which are
printed into a buffer of PAGE_SIZE. Accordingly, for many simple
attributes, sprintf() can be used like so:
static ssize_t my_show(..., char *buf)
{
...
return sprintf("%d\n", my_integer);
}
The problem is that whilst this use of sprintf() is memory safe, other
cases where e.g. a possibly unterminated string is passed as input, are
not and so use of sprintf() here might make it more difficult to
identify these problematic cases.
Define a macro, sysfs_sprinti(), which outputs the value of a single
integer to a buffer (with terminating "\n\0") and returns the size written.
This way, we can convert over the some of the trivially correct users of
sprintf() and decrease its usage in the kernel source tree.
Another advantage of this approach is that we can now statically check
the type of the integer so that e.g. an unsigned long long will be
formatted as %llu. This will fix cases where the wrong format string has
been passed to sprintf().
Signed-off-by: Alex Dewar <alex.dewar90@...il.com>
---
include/linux/sysfs.h | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
index 26e7d9f69dfd..763316788153 100644
--- a/include/linux/sysfs.h
+++ b/include/linux/sysfs.h
@@ -197,6 +197,37 @@ sysfs_strscpy((dest), (src), \
) \
)
+/**
+ * sysfs_sprinti - emit an integer-type value from a sysfs show method
+ * @buf: destination buffer
+ * @x: the variable whose value is to be shown
+ *
+ * The appropriate format is passed to sprintf() according to the type of
+ * x, preventing accidental misuse of format strings.
+ */
+#define sysfs_sprinti(buf, x) \
+({ \
+ BUILD_BUG_ON(!__builtin_types_compatible_p(typeof(x), unsigned int) && \
+ !__builtin_types_compatible_p(typeof(x), unsigned long) && \
+ !__builtin_types_compatible_p(typeof(x), unsigned long long) && \
+ !__builtin_types_compatible_p(typeof(x), int) && \
+ !__builtin_types_compatible_p(typeof(x), short) && \
+ !__builtin_types_compatible_p(typeof(x), unsigned short)); \
+ __builtin_choose_expr( \
+ __builtin_types_compatible_p(typeof(x), unsigned int), \
+ sprintf(buf, "%u\n", (unsigned int)(x)), \
+ __builtin_choose_expr( \
+ __builtin_types_compatible_p(typeof(x), unsigned long), \
+ sprintf(buf, "%lu\n", (unsigned long)(x)), \
+ __builtin_choose_expr( \
+ __builtin_types_compatible_p(typeof(x), unsigned long long), \
+ sprintf(buf, "%llu\n", (unsigned long long)(x)), \
+ sprintf(buf, "%d\n", (int)(x)) \
+ ) \
+ ) \
+ ); \
+})
+
struct file;
struct vm_area_struct;
--
2.28.0
Powered by blists - more mailing lists