lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <076bd8aa-e06c-4b0f-a659-d35de0319b55@blackwall.org>
Date: Sun, 1 Feb 2026 10:29:14 +0200
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: David Corvaglia <david@...vaglia.dev>, idosch@...dia.com
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
 pabeni@...hat.com, horms@...nel.org, bridge@...ts.linux.dev,
 netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] net: bridge: use sysfs_emit instead of sprintf

On 31/01/2026 18:53, David Corvaglia wrote:
> Replace sprintf with sysfs_emit in sysfs show() methods as outlined in
> Documentation/filesystems/sysfs.rst. sysfs_emit is preferred to sprintf
> in sysfs show() methods as it is safer with buffer handling.
> 
> Signed-off-by: David Corvaglia <david@...vaglia.dev>
> ---
> This is my first patch to the kernel! I've been able to build and boot
> with the patch. I also tested the sysfs reads and they seem to be
> correct. Any feedback is appreciated.
> 
>   net/bridge/br_stp_if.c   |  2 +-
>   net/bridge/br_sysfs_br.c | 84 ++++++++++++++++++++--------------------
>   net/bridge/br_sysfs_if.c | 32 +++++++--------
>   3 files changed, 59 insertions(+), 59 deletions(-)
> 

Hi,
IIUC it is safer because it takes into account the provided buffer's size (PAGE_SIZE).
I'm saying it for the curious as  I only found in Documentation/filesystems/sysfs.rst:
"- New implementations of show() methods should only use sysfs_emit() or
   sysfs_emit_at() when formatting the value to be returned to user space."

Which does say "new implementations", also most of these are numbers
and cannot really fill the provided buffer, there is one instance of a string
but it is an interface name, so that is limited as well.

That being said, I'm ok with switching to sysfs_emit() and the patch looks good
to me so:

Acked-by: Nikolay Aleksandrov <razor@...ckwall.org>

Thanks,
  Nik

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ