Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp4814782pxu;
        Tue, 22 Dec 2020 01:14:09 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwotJ9Ix1J3oayVs2hKS9GX0MTM/bu1ceNuWhV3wnuissmnIU2YogKBXSViHS9NbtwUBc2m
X-Received: by 2002:a17:906:718b:: with SMTP id h11mr18896095ejk.241.1608628448914;
        Tue, 22 Dec 2020 01:14:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1608628448; cv=none;
        d=google.com; s=arc-20160816;
        b=vYH6+D8lV5wGhBzHy7PPCWyShb8xReyiGAqn6QPJPWiCpGJtCI0wb7P+iwydHgJ89t
         fz7houKOOI81oy3209ceBeuvYbzVpYxDMgHfQpReWXeFZZSGapHGmPFaBPHbhOaxKsk5
         KDzIeebMOzC1mDTOtAj+MkafYwoJXoL8wEBmhJ3xGIH3HW3Px/tdoUKrLAsAFT2A33u/
         K39QpHAN15fpDxEj4HiLylgh6IkU7NW4JzU7S7AxvUaoCfqTYcCdSQ1pRt2s3g+12Kmt
         6zDkCP5zguhGqMCnjjA6IQviEuLTYx3YgKKbEvj5NxFP15z0dxGHExKv2PHc6JvdVGfw
         Ua5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:message-id:date:subject:cc:to:from;
        bh=jiSeaB7RIh+2qmsV/v9XaBRUg6YcB+3CzQvN670yzA8=;
        b=O+ny8wmAz7yXte6omJ9Ixd+EgkeNfannv1dOBzge6Cso32swV/qW5REkeO4PZwCROQ
         IFeaPwNlDQkRmDhVWvS4+NSu/YOgMysIufIqovWTO7//oJRTgS4snig/fqvkQUdmol0Z
         vE3so9BLzFdGaIoaR2qhRewvPuKmm60rWMv+H3VQJ8zKmkPmSGKdDhXf6+3TwrQOuhKG
         cNHZ/ZV2PlWCbry+tRTI+rxCb7TfudCdNCZStAXHJt2bYjBjTm/3QxuWi6ERl4cjRKJu
         gAAzQE2r3fbh8P3A7nkdf9uyrfgJm+Bvrn6g/YtZSfBaD6ZBiWV45T1fLHF7TiBE2WYk
         hATg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id p9si11145057edq.97.2020.12.22.01.13.44;
        Tue, 22 Dec 2020 01:14:08 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725897AbgLVJMm (ORCPT <rfc822;lonelydragon1988@gmail.com>
        + 99 others); Tue, 22 Dec 2020 04:12:42 -0500
Received: from out30-54.freemail.mail.aliyun.com ([115.124.30.54]:56881 "EHLO
        out30-54.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1725785AbgLVJMm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 22 Dec 2020 04:12:42 -0500
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R951e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04407;MF=abaci-bugfix@linux.alibaba.com;NM=1;PH=DS;RN=10;SR=0;TI=SMTPD_---0UJR9VX._1608628301;
Received: from j63c13417.sqa.eu95.tbsite.net(mailfrom:abaci-bugfix@linux.alibaba.com fp:SMTPD_---0UJR9VX._1608628301)
          by smtp.aliyun-inc.com(127.0.0.1);
          Tue, 22 Dec 2020 17:11:58 +0800
From:   YANG LI <abaci-bugfix@linux.alibaba.com>
To:     tglx@linutronix.de
Cc:     qais.yousef@arm.com, peterz@infradead.org, mpe@ellerman.id.au,
        bristot@redhat.com, ethp@qq.co, npiggin@gmail.com, arnd@arndb.de,
        linux-kernel@vger.kernel.org,
        YANG LI <abaci-bugfix@linux.alibaba.com>
Subject: [PATCH] kernel/cpu: fix: use scnprintf or sprintf.
Date:   Tue, 22 Dec 2020 17:11:39 +0800
Message-Id: <1608628299-124339-1-git-send-email-abaci-bugfix@linux.alibaba.com>
X-Mailer: git-send-email 1.8.3.1
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The snprintf() function returns the number of characters which would
have been printed if there were enough space, but the scnprintf()
returns the number of characters which were actually printed. If the
buffer is not large enough, then using snprintf() would result in a
read overflow and an information leak.

Signed-off-by: YANG LI <abaci-bugfix@linux.alibaba.com>
Reported-by: Abaci <abaci@linux.alibaba.com>
---
 kernel/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/cpu.c b/kernel/cpu.c
index 4e11e91..c123741 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2345,7 +2345,7 @@ static ssize_t show_cpuhp_states(struct device *dev,
 {
 	const char *state = smt_states[cpu_smt_control];
 
-	return snprintf(buf, PAGE_SIZE - 2, "%s\n", state);
+	return scnprintf(buf, PAGE_SIZE - 2, "%s\n", state);
 }
 
 static ssize_t
-- 
1.8.3.1