Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp5782652pxu; Wed, 23 Dec 2020 05:30:49 -0800 (PST) X-Google-Smtp-Source: ABdhPJwI6KEX/3tp7334/WjK7j65aPCL1HTFqjG7mtlT3RwMPcQeQi4f3/kGC6ZsOXPU5YGDXqGc X-Received: by 2002:a50:a6c2:: with SMTP id f2mr24666582edc.7.1608730249564; Wed, 23 Dec 2020 05:30:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608730249; cv=none; d=google.com; s=arc-20160816; b=ljWDjx2+HpWBqG/KWhMveADi+inU5xU1RxHE1/75NzK3nPIkx73mJPoZB9yUROzQ/A AKYiJzqFd73hipJWZ+IqBrH8PuB/7mgUKakDfczIXqakeecwACKooI3oMchfL8KeJqSB r4hRXeTI9Vk47dAqvkdR1aGJ2Tjem5khdCcw4RbrVCmKGkxDDp1skFWerCShadvVrnc6 PGDh5Q6q+xkP46y3FiRfBpfIWPIdYX3b3xHawVMixZUY612wLSX3cyd5cNS5o8md5IBn sErPaaQCLou8MxG3FAIq5FnmwqyZmcTQI4V+XnrH/VjRhTkLPIwWuyhCHfI3yaq5GzZI sESA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=KPD0kkwR+gW7bH4+M7e88SIPBCo1v5mwmpJ0hc9wgOE=; b=bnX7dRVsHy+zkZCRTywHSViZFLfFHVFo2Z6v5hlsK2jHEydnvDkMwdcAERLacyU7P5 8SsWj67nJafyMa7hpSJjtdzcAsZfeksYiLKugNnOgjmXHaFby/9kmUZLuFPtBLjNoxG+ p4VNgVxllsZFgYyXlN3YFUGNN4tg5ROcnWgH1A/AzDNnfU5jTB/XXc9lIWRQsFmmtsgO mtn43XYPWkyYqR8pzmqQmfPkAoyjw0btsfkCYJ/eU27kKUIgFHWO7cVFDAeELx8dTRiY 8oZ9WQVIHRpEZ5kv8werwZiGahMixCmljrPmA8xdWxUUDMO4hCeCb/zQcp+9MptRgwVH a9zQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z7si14514270edm.477.2020.12.23.05.30.25; Wed, 23 Dec 2020 05:30:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728491AbgLWN3d (ORCPT + 99 others); Wed, 23 Dec 2020 08:29:33 -0500 Received: from foss.arm.com ([217.140.110.172]:50120 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727422AbgLWN3d (ORCPT ); Wed, 23 Dec 2020 08:29:33 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 97FAE30E; Wed, 23 Dec 2020 05:28:47 -0800 (PST) Received: from e107158-lin (unknown [10.1.194.78]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 626B33F66E; Wed, 23 Dec 2020 05:28:46 -0800 (PST) Date: Wed, 23 Dec 2020 13:28:43 +0000 From: Qais Yousef To: YANG LI Cc: tglx@linutronix.de, peterz@infradead.org, mpe@ellerman.id.au, bristot@redhat.com, ethp@qq.co, npiggin@gmail.com, arnd@arndb.de, linux-kernel@vger.kernel.org Subject: Re: [PATCH] kernel/cpu: fix: use scnprintf or sprintf. Message-ID: <20201223132843.5xqiwm6che3nbndd@e107158-lin> References: <1608628299-124339-1-git-send-email-abaci-bugfix@linux.alibaba.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1608628299-124339-1-git-send-email-abaci-bugfix@linux.alibaba.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Yang 'or sprintf' in the subject line doesn't make much sense for what's done in this patch. Perhaps you meant "Use scnprintf instead of snprintf"? On 12/22/20 17:11, YANG LI wrote: > The snprintf() function returns the number of characters which would > have been printed if there were enough space, but the scnprintf() > returns the number of characters which were actually printed. If the > buffer is not large enough, then using snprintf() would result in a > read overflow and an information leak. > > Signed-off-by: YANG LI > Reported-by: Abaci Two different yet very similar email addresses, it seems both are you? The Reported-by is unnecessary. > --- > kernel/cpu.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/cpu.c b/kernel/cpu.c > index 4e11e91..c123741 100644 > --- a/kernel/cpu.c > +++ b/kernel/cpu.c > @@ -2345,7 +2345,7 @@ static ssize_t show_cpuhp_states(struct device *dev, > { > const char *state = smt_states[cpu_smt_control]; > > - return snprintf(buf, PAGE_SIZE - 2, "%s\n", state); > + return scnprintf(buf, PAGE_SIZE - 2, "%s\n", state); show_cpuhp_states() doesn't have snprintf() in Linus' master. Which tree is this based on? I can see two snprintf() in cpu.c, show_smt_active/control(). Mind resend to fix them both? Thanks -- Qais Yousef