| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <943bdb6ace1f4b92b9f26e78d7efbe30@huawei.com> Date: Wed, 21 May 2025 01:05:18 +0000 From: "yubowen (H)" <yubowen8@...wei.com> To: David Laight <david.laight.linux@...il.com> CC: "rafael@...nel.org" <rafael@...nel.org>, "viresh.kumar@...aro.org" <viresh.kumar@...aro.org>, "linux-pm@...r.kernel.org" <linux-pm@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Linuxarm <linuxarm@...wei.com>, Zhanjie <zhanjie9@...ilicon.com>, Jonathan Cameron <jonathan.cameron@...wei.com>, "lihuisong (C)" <lihuisong@...wei.com>, "zhenglifeng (A)" <zhenglifeng1@...wei.com>, cenxinghai <cenxinghai@...artners.com> Subject: 回复: [PATCH] cpufreq: Update sscanf() to kstrtouint() Hi David, Thanks for reviewing. I think since reading the frequency value gives only value and not unit, the input should stay coherent and only take numbers as valid input instead of accepting all user input with numbers at the beginning. In addition, previous patches have changed other places that used sscanf() in this file and it is better to stay consistent. Would you say that this makes sense? Best regards, Bowen Yu -----邮件原件----- 发件人: David Laight <david.laight.linux@...il.com> 发送时间: 2025年5月20日 5:47 收件人: yubowen (H) <yubowen8@...wei.com> 抄送: rafael@...nel.org; viresh.kumar@...aro.org; linux-pm@...r.kernel.org; linux-kernel@...r.kernel.org; Linuxarm <linuxarm@...wei.com>; Zhanjie <zhanjie9@...ilicon.com>; Jonathan Cameron <jonathan.cameron@...wei.com>; lihuisong (C) <lihuisong@...wei.com>; zhenglifeng (A) <zhenglifeng1@...wei.com>; cenxinghai <cenxinghai@...artners.com> 主题: Re: [PATCH] cpufreq: Update sscanf() to kstrtouint() On Mon, 19 May 2025 15:09:38 +0800 Bowen Yu <yubowen8@...wei.com> wrote: > In store_scaling_setspeed(), sscanf is still used to read to sysfs. > Newer kstrtox provide more features including overflow protection, > better errorhandling and allows for other systems of numeration. It is > therefore better to update sscanf() to kstrtouint(). This is a UAPI change. Since the value is a frequency there could easily be scripts that append Hz to the value. You're making them fail. David > > Signed-off-by: Bowen Yu <yubowen8@...wei.com> > --- > drivers/cpufreq/cpufreq.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c > index be727da0be4d..0c842edd1a76 100644 > --- a/drivers/cpufreq/cpufreq.c > +++ b/drivers/cpufreq/cpufreq.c > @@ -920,9 +920,9 @@ static ssize_t store_scaling_setspeed(struct cpufreq_policy *policy, > if (!policy->governor || !policy->governor->store_setspeed) > return -EINVAL; > > - ret = sscanf(buf, "%u", &freq); > - if (ret != 1) > - return -EINVAL; > + ret = kstrtouint(buf, 0, &freq); > + if (ret) > + return ret; > > policy->governor->store_setspeed(policy, freq); >
Powered by blists - more mailing lists