kthread_create_on_node takes format+args, so there's no need to do the
pretty-printing in advance. Moreover, "mtip_svc_thd_99" (including its
'\0') only just fits in 16 bytes, so if index could ever go above 99
we'd have a stack buffer overflow.
Signed-off-by: Rasmus Villemoes <[email protected]>
---
drivers/block/mtip32xx/mtip32xx.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
index a28a562f7b7f..3457ac8c03e2 100644
--- a/drivers/block/mtip32xx/mtip32xx.c
+++ b/drivers/block/mtip32xx/mtip32xx.c
@@ -3810,7 +3810,6 @@ static int mtip_block_initialize(struct driver_data *dd)
sector_t capacity;
unsigned int index = 0;
struct kobject *kobj;
- unsigned char thd_name[16];
if (dd->disk)
goto skip_create_disk; /* hw init done, before rebuild */
@@ -3958,10 +3957,9 @@ skip_create_disk:
}
start_service_thread:
- sprintf(thd_name, "mtip_svc_thd_%02d", index);
dd->mtip_svc_handler = kthread_create_on_node(mtip_service_thread,
- dd, dd->numa_node, "%s",
- thd_name);
+ dd, dd->numa_node,
+ "mtip_svc_thd_%02d", index);
if (IS_ERR(dd->mtip_svc_handler)) {
dev_err(&dd->pdev->dev, "service thread failed to start\n");
--
2.6.1
Rasmus Villemoes <[email protected]> writes:
> kthread_create_on_node takes format+args, so there's no need to do the
> pretty-printing in advance. Moreover, "mtip_svc_thd_99" (including its
> '\0') only just fits in 16 bytes, so if index could ever go above 99
> we'd have a stack buffer overflow.
I don't know of any systems with enough pci slots to expand index
beyond 99. However, the patch looks like a good cleanup to me.
Reviewed-by: Jeff Moyer <[email protected]>
> Signed-off-by: Rasmus Villemoes <[email protected]>
> ---
> drivers/block/mtip32xx/mtip32xx.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
> index a28a562f7b7f..3457ac8c03e2 100644
> --- a/drivers/block/mtip32xx/mtip32xx.c
> +++ b/drivers/block/mtip32xx/mtip32xx.c
> @@ -3810,7 +3810,6 @@ static int mtip_block_initialize(struct driver_data *dd)
> sector_t capacity;
> unsigned int index = 0;
> struct kobject *kobj;
> - unsigned char thd_name[16];
>
> if (dd->disk)
> goto skip_create_disk; /* hw init done, before rebuild */
> @@ -3958,10 +3957,9 @@ skip_create_disk:
> }
>
> start_service_thread:
> - sprintf(thd_name, "mtip_svc_thd_%02d", index);
> dd->mtip_svc_handler = kthread_create_on_node(mtip_service_thread,
> - dd, dd->numa_node, "%s",
> - thd_name);
> + dd, dd->numa_node,
> + "mtip_svc_thd_%02d", index);
>
> if (IS_ERR(dd->mtip_svc_handler)) {
> dev_err(&dd->pdev->dev, "service thread failed to start\n");
On 11/20/2015 02:46 AM, Rasmus Villemoes wrote:
> kthread_create_on_node takes format+args, so there's no need to do the
> pretty-printing in advance. Moreover, "mtip_svc_thd_99" (including its
> '\0') only just fits in 16 bytes, so if index could ever go above 99
> we'd have a stack buffer overflow.
Applied, thanks.
--
Jens Axboe