| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87wmfxfg8b.fsf@prevas.dk>
Date: Wed, 18 Dec 2024 11:16:52 +0100
From: Rasmus Villemoes <linux@...musvillemoes.dk>
To: "Rob Herring (Arm)" <robh@...nel.org>
Cc: Petr Mladek <pmladek@...e.com>, Steven Rostedt <rostedt@...dmis.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, Sergey Senozhatsky
<senozhatsky@...omium.org>, Jonathan Corbet <corbet@....net>, Saravana
Kannan <saravanak@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>,
Zijun Hu <quic_zijuhu@...cinc.com>, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, devicetree@...r.kernel.org
Subject: Re: [PATCH] of: Add printf '%pOFm' for generating modalias
On Tue, Dec 17 2024, "Rob Herring (Arm)" <robh@...nel.org> wrote:
> The callers for of_modalias() generally need the module alias as part of
> some larger string. That results in some error prone manipulation of the
> buffer prepend/append the module alias string. In fact,
> of_device_uevent_modalias() has several issues. First, it's off by one
> too few characters in utilization of the full buffer. Second, the error
> paths leave OF_MODALIAS with a truncated value when in the end nothing
> should be added to the buffer. It is also fragile because it needs
> internal details of struct kobj_uevent_env. add_uevent_var() really
> wants to write the env variable and value in one shot which would need
> either a temporary buffer for value or a format specifier.
>
> Fix these issues by adding a new printf format specifier, "%pOFm". With
> the format specifier in place, simplify all the callers of
> of_modalias(). of_modalias() can also be simplified with vsprintf()
> being the only caller as it avoids the error conditions.
>
> Cc: Zijun Hu <quic_zijuhu@...cinc.com>
> Signed-off-by: Rob Herring (Arm) <robh@...nel.org>
> ---
> Documentation/core-api/printk-formats.rst | 1 +
> drivers/of/device.c | 25 ++--------------
> drivers/of/module.c | 35 +++++------------------
> drivers/of/unittest.c | 2 ++
> include/linux/of.h | 8 +++---
> lib/vsprintf.c | 7 +++--
> 6 files changed, 22 insertions(+), 56 deletions(-)
This diffstat lacks a lib/test_printf.c line. Please do add test cases
when extending vsnprintf().
>
> diff --git a/drivers/of/module.c b/drivers/of/module.c
> index 1e735fc130ad..80879d2abea8 100644
> --- a/drivers/of/module.c
> +++ b/drivers/of/module.c
> @@ -8,21 +8,14 @@
> #include <linux/slab.h>
> #include <linux/string.h>
>
> -ssize_t of_modalias(const struct device_node *np, char *str, ssize_t len)
> +/* Do not use directly, use %pOFm format specifier instead */
> +size_t of_modalias(const struct device_node *np, char *str, size_t len)
> {
> const char *compat;
> char *c;
> struct property *p;
> - ssize_t csize;
> - ssize_t tsize;
> -
> - /*
> - * Prevent a kernel oops in vsnprintf() -- it only allows passing a
> - * NULL ptr when the length is also 0. Also filter out the negative
> - * lengths...
> - */
> - if ((len > 0 && !str) || len < 0)
> - return -EINVAL;
> + size_t csize;
> + size_t tsize;
>
> /* Name & Type */
> /* %p eats all alphanum characters, so %c must be used here */
I took a look at of_modalias() with that change applied. While it does
seem to end up returning the required "total size had the buffer been
big enough", this part
csize = snprintf(str, len, "C%s", compat);
tsize += csize;
if (csize >= len)
continue;
seems that it will overwrite/replace a longer compat string with a
shorter, later one, if we happen to be close to the end of the available
space. That's _probably_ not a problem for vsnprintf() itself, or
callers such as kasprintf() that do need the exact size but don't care
about what might have been produced on the first call to determine that
size, but the printf test suite does expect the result of a truncated
vsnprintf() to match the full string up to the truncation point. We can
probably allow certain test cases to opt out of certain sanity checks if
absolutely needed, but perhaps it's simpler to fix of_modalias().
Unrelated, I think the space replacement could be simplified to
if (len > 0)
strreplace(str, ' ', '_');
> static inline int of_request_module(const struct device_node *np)
> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> index 9d3dac38a3f4..6a4f99b39de0 100644
> --- a/lib/vsprintf.c
> +++ b/lib/vsprintf.c
> @@ -2169,10 +2169,10 @@ char *device_node_string(char *buf, char *end, struct device_node *dn,
>
> /* simple case without anything any more format specifiers */
> fmt++;
> - if (fmt[0] == '\0' || strcspn(fmt,"fnpPFcC") > 0)
> + if (fmt[0] == '\0' || strcspn(fmt,"fnpPFcCm") > 0)
> fmt = "f";
>
> - for (pass = false; strspn(fmt,"fnpPFcC"); fmt++, pass = true) {
> + for (pass = false; strspn(fmt,"fnpPFcCm"); fmt++, pass = true) {
> int precision;
> if (pass) {
> if (buf < end)
> @@ -2226,6 +2226,9 @@ char *device_node_string(char *buf, char *end, struct device_node *dn,
> has_mult = true;
> }
> break;
> + case 'm':
> + buf += of_modalias(dn, buf, end - buf);
> + break;
This is definitely wrong. I think it's fixable by using
buf < end ? end - buf : 0
Rasmus
Powered by blists - more mailing lists