Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751961AbbLHX2b (ORCPT <rfc822;w@1wt.eu>);
	Tue, 8 Dec 2015 18:28:31 -0500
Received: from mail-ig0-f169.google.com ([209.85.213.169]:38170 "EHLO
	mail-ig0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751132AbbLHX21 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 8 Dec 2015 18:28:27 -0500
MIME-Version: 1.0
In-Reply-To: <1449612732-32438-1-git-send-email-nicolas.iooss_linux@m4x.org>
References: <1449612732-32438-1-git-send-email-nicolas.iooss_linux@m4x.org>
Date: Tue, 8 Dec 2015 23:28:27 +0000
Message-ID: <CACvgo51hU5L5wDeViyR2AW5J1HYOc_rKRUQoEh9_u1qOx7vPXA@mail.gmail.com>
Subject: Re: [PATCH 1/2] drm: make drm_dev_set_unique() not use a format string
From: Emil Velikov <emil.l.velikov@gmail.com>
To: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Cc: Boris Brezillon <boris.brezillon@free-electrons.com>,
        David Airlie <airlied@linux.ie>,
        Jianwei Wang <jianwei.wang.chn@gmail.com>,
        Alison Wang <alison.wang@freescale.com>,
        Mark Yao <mark.yao@rock-chips.com>,
        Thierry Reding <thierry.reding@gmail.com>,
        =?UTF-8?Q?Terje_Bergstr=C3=B6m?= <tbergstrom@nvidia.com>,
        Stephen Warren <swarren@wwwdotorg.org>,
        ML dri-devel <dri-devel@lists.freedesktop.org>,
        linux-tegra@vger.kernel.org,
        "Linux-Kernel@Vger. Kernel. Org" <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2166
Lines: 46

On 8 December 2015 at 22:12, Nicolas Iooss <nicolas.iooss_linux@m4x.org> wrote:
> drm_dev_set_unique() uses a format string to define the unique name of a
> device.  This feature is not used as currently all the calls to this
> function either use "%s" as a format string or directly use
> dev_name().
>
> Even though this second kind of call does not introduce security
> problems, because there cannot be "%" characters in dev_name() results,
> gcc issues a warning when building with -Wformat-security flag
> ("warning: format string is not a string literal (potentially
> insecure)").  This warning is useful to find real bugs like the one
> fixed by commit 3958b79266b1 ("configfs: fix kernel infoleak through
> user-controlled format string").  False positives which do not bring
> an extra value make the work of finding real bugs harder.
>
> Therefore remove the format-string feature from drm_dev_set_unique().
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
> ---
>  drivers/gpu/drm/drm_drv.c                   | 11 +++--------
>  drivers/gpu/drm/nouveau/nouveau_drm.c       |  2 +-
>  drivers/gpu/drm/rockchip/rockchip_drm_drv.c |  2 +-
>  include/drm/drmP.h                          |  2 +-
>  4 files changed, 6 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
> index 7dd6728dd092..20eaa0aae205 100644
> --- a/drivers/gpu/drm/drm_drv.c
> +++ b/drivers/gpu/drm/drm_drv.c
> @@ -797,7 +797,7 @@ EXPORT_SYMBOL(drm_dev_unregister);
>  /**
>   * drm_dev_set_unique - Set the unique name of a DRM device
>   * @dev: device of which to set the unique name
> - * @fmt: format string for unique name
> + * @name: unique name
>   *
>   * Sets the unique name of a DRM device using the specified format string and
>   * a variable list of arguments. Drivers can use this at driver probe time if
You might want to also update the above hunk :-)

-Emil
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/