| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Aug 2022 11:07:24 -0700
From: Song Liu <song@...nel.org>
To: Guoqing Jiang <guoqing.jiang@...ux.dev>
Cc: Saurabh Sengar <ssengar@...ux.microsoft.com>,
Shaohua Li <shli@...com>, NeilBrown <neilb@...e.com>,
linux-raid <linux-raid@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
ssengar@...rosoft.com, mikelley@...rosoft.com
Subject: Re: [PATCH] md : Replace snprintf with scnprintf
On Thu, Aug 4, 2022 at 6:10 PM Guoqing Jiang <guoqing.jiang@...ux.dev> wrote:
>
>
>
> On 8/5/22 1:25 AM, Saurabh Sengar wrote:
> > Current code produces a warning as shown below when total characters
> > in the constituent block device names plus the slashes exceeds 200.
> > snprintf() returns the number of characters generated from the given
> > input, which could cause the expression “200 – len” to wrap around
> > to a large positive number. Fix this by using scnprintf() instead,
> > which returns the actual number of characters written into the buffer.
> >
> > [ 1513.267938] ------------[ cut here ]------------
> > [ 1513.267943] WARNING: CPU: 15 PID: 37247 at <snip>/lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510
> > [ 1513.267944] Modules linked in: <snip>
> > [ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure #90~18.04.1-Ubuntu
> > [ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022
> > [ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510
> > <-snip->
> > [ 1513.267982] Call Trace:
> > [ 1513.267986] snprintf+0x45/0x70
> > [ 1513.267990] ? disk_name+0x71/0xa0
> > [ 1513.267993] dump_zones+0x114/0x240 [raid0]
> > [ 1513.267996] ? _cond_resched+0x19/0x40
> > [ 1513.267998] raid0_run+0x19e/0x270 [raid0]
> > [ 1513.268000] md_run+0x5e0/0xc50
> > [ 1513.268003] ? security_capable+0x3f/0x60
> > [ 1513.268005] do_md_run+0x19/0x110
> > [ 1513.268006] md_ioctl+0x195e/0x1f90
> > [ 1513.268007] blkdev_ioctl+0x91f/0x9f0
> > [ 1513.268010] block_ioctl+0x3d/0x50
> > [ 1513.268012] do_vfs_ioctl+0xa9/0x640
> > [ 1513.268014] ? __fput+0x162/0x260
> > [ 1513.268016] ksys_ioctl+0x75/0x80
> > [ 1513.268017] __x64_sys_ioctl+0x1a/0x20
> > [ 1513.268019] do_syscall_64+0x5e/0x200
> > [ 1513.268021] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> >
> > Fixes: 766038846e875 ("md/raid0: replace printk() with pr_*()")
> > Signed-off-by: Saurabh Sengar <ssengar@...ux.microsoft.com>
The patch doesn't apply. Could you please rebase and resend?
Thanks,
Song
> > ---
> > drivers/md/raid0.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
> > index b21e101..b6f0fc1 100644
> > --- a/drivers/md/raid0.c
> > +++ b/drivers/md/raid0.c
> > @@ -48,7 +48,7 @@ static void dump_zones(struct mddev *mddev)
> > int len = 0;
> >
> > for (k = 0; k < conf->strip_zone[j].nb_dev; k++)
> > - len += snprintf(line+len, 200-len, "%s%s", k?"/":"",
> > + len += scnprintf(line+len, 200-len, "%s%s", k?"/":"",
> > bdevname(conf->devlist[j*raid_disks
> > + k]->bdev, b));
> > pr_debug("md: zone%d=[%s]\n", j, line);
>
> Acked-by: Guoqing Jiang <guoqing.jiang@...ux.dev>
>
> Thanks,
> Guoqing
Powered by blists - more mailing lists