Received: by 2002:ac2:5a04:0:0:0:0:0 with SMTP id q4csp948250lfn; Fri, 18 Feb 2022 01:22:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJz3WeX5igFu4vBL5f04pSIyAWjqdAXVZIAUMEQD+G3LUcxTROH4VPJ7Qd5B/qfreEddBNL9 X-Received: by 2002:a17:906:4ad6:b0:6ce:b97d:b624 with SMTP id u22-20020a1709064ad600b006ceb97db624mr5670924ejt.338.1645176134306; Fri, 18 Feb 2022 01:22:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645176134; cv=none; d=google.com; s=arc-20160816; b=KffeZ3uzRI8chzXs8mePToqUA68mEuRIQIHErv4jiUpF6xXVe0+bwXPzDE0l01mdZO b8n09Osl4rty+01O9HGzhEtu5kr9EZz8rsdlhuCuFrxhkR9FsZ1JIkeRXRXXL9CILUBe dGMdzKfd4JaC/0gRnuRJsjdnoUY9bYU7w8HqjrLmjQX+Y+rUV4WFHgGJ7Gkh7D1AAzij rVzVeMsTCw74Fbxt/DGWhv9UwQb8A0NCnkGvcIhMIrwImgae3zsr92iHqS0tht8J0cnu aP+kBRNfi+Ejekj9P0dwxum0Xur1keFqTttQ6iz+V0XEgagqIjCMeCdZ+4NRWfM2XyB0 n0YA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=t9b9rg6sUnB//OWPm/5/rLHFY80usrHJZeh5EGJPtRQ=; b=x8m4RsGdzNXMw+uPukEWxDl9swmRYIiE1feXMhf0YMjM5vS19gjh94KlmuVrVn4RR9 ljfuBcn5YKJdJ+beqsMPUqNZR3uq/76l+sIWwnIphcWUFA2XTN0RwJS0mMTOgwNOOTAM RkcspmhkHVjzeFdtRJcMx9YwG+0tsbBcUH912RX7As+MWWTjIA5x+CMpCuqs9dyP/pn4 TnE2OZ4fYPT0V6YzJQNyXrUUFNa+pOlAv/nvluqDoAlcch+K5eJH7+X585z9tx532VuP LJX8kSPVQDzLg9mNobog2pJS6CebgzudaYsTF4IA7WHfKU9ASU6AySt3B6Q4lHZBs12R j2Fw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=HKAiT1PD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gw26si3272825ejb.360.2022.02.18.01.21.50; Fri, 18 Feb 2022 01:22:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=HKAiT1PD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232847AbiBRIqf (ORCPT + 99 others); Fri, 18 Feb 2022 03:46:35 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:57610 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232823AbiBRIqc (ORCPT ); Fri, 18 Feb 2022 03:46:32 -0500 Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 191092B31BE for ; Fri, 18 Feb 2022 00:46:15 -0800 (PST) Received: by mail-lj1-x233.google.com with SMTP id t14so3232832ljh.8 for ; Fri, 18 Feb 2022 00:46:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=t9b9rg6sUnB//OWPm/5/rLHFY80usrHJZeh5EGJPtRQ=; b=HKAiT1PDXlsfJccd3bg55wPer6PXUHwnuD3nl4MzIj5IxpFIwAg6B2UJKCFMxsFvXn mo/3HiQZTPLm30wfCB9vOKNkWdRJmy6z56eicpfOW1tzrpJ9wjziBCFLSlbYDQVUcyw8 tJUKCIU4G9ZjzOjWu7qyhUUGZberMMDhG9Jc4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=t9b9rg6sUnB//OWPm/5/rLHFY80usrHJZeh5EGJPtRQ=; b=5uWimNMRp37MR4OaH8TNOW5+DEDa4Fsp2mQr5ZAlbE/w0gHAzPrz/lg7w/r6fZLuHe ZHfniJN7/N48jMGVV3ehYyn4lOZ7F+VGLKICd3DtK816t6i7PxCmfw0BACktIOrFuWkm PpCY9lR1/9OWKlg8BCADZDVOkCboRnQdr5XtVmnJgHQ/mXvg2ucItlhkEAOC/a2KlCKq aZbhTSDC8YZ9h6DL7B2pHA7h31vFvanA8LRgajfWYSvS8IWCFOpMmmphj5YTEKYfSc/n Q/3ypZxCx/roT6bbqUW26Mg3vqSFr52bAloIRMWjuQghAtwGUBNlp4D0FPyG5qGVP+8p azmQ== X-Gm-Message-State: AOAM5321/NLa+F+eg+grKAreKZYL+I7DpIBhljZxEVGdISwyLdg+c+iT 3RfdrKW13qBa1ifrz9GdxuU6ow== X-Received: by 2002:a2e:bf27:0:b0:244:beb1:72b4 with SMTP id c39-20020a2ebf27000000b00244beb172b4mr5032621ljr.109.1645173973413; Fri, 18 Feb 2022 00:46:13 -0800 (PST) Received: from [172.16.11.74] ([81.216.59.226]) by smtp.gmail.com with ESMTPSA id s10sm188953lfb.248.2022.02.18.00.46.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 18 Feb 2022 00:46:12 -0800 (PST) Message-ID: <1ac1e478-8f31-da78-0df7-d34305544aa6@rasmusvillemoes.dk> Date: Fri, 18 Feb 2022 09:46:11 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: PROBLEM: kasprintf WARN() seen during AMD XGBE debugfs creation on renaming race Content-Language: en-US To: "Pighin, Anthony (Nokia - CA/Ottawa)" , "thomas.lendacky@amd.com" Cc: "linux-kernel@vger.kernel.org" References: From: Rasmus Villemoes In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 17/02/2022 15.39, Pighin, Anthony (Nokia - CA/Ottawa) wrote: > PROBLEM: Commit 8e2a2bfdb86ecb2421e3dd18d0fbbb42f2d943ad is being > triggered during debugfs entry creation in > ./drivers/net/ethernet/amd/xgbe/xgbe-debugfs.c > >   > > Seen in 5.4.153, 5.15.22, and 5.17-rc3 (ie. this bug is still present). > Well, it's not really 8e2a2bfdb that is buggy, but the caller of kasprintf() that doesn't prevent a %s argument from changing midway through the call. In fact this simply shows that 8e2a2bfdb was justified. In this case, since IFNAMSIZ is just 16, it would probably be simplest and easiest just to avoid kasprintf() and use a small stack buffer - char *buf; + char buf[32]; - buf = kasprintf(GFP_KERNEL, "amd-xgbe-%s", pdata->netdev->name); - if (!buf) - return; + snprintf(buf, sizeof(buf), "amd-xgbe-%s", pdata->netdev->name); - kfree(buf); It's still possible to get garbage in the output (a mix of the old and new name), of course. But IIRC correctly, updating the netdev->name is done carefully in a way that there's always a nul-terminator, so snprintf() should not accidentally walk off the end of netdev->name [look at string() in vsprintf.c, it has been carefully rewritten to not walk the string twice]. And if not, there's really nothing snprintf() or kasprintf() could do about passing a racy netdev->name . And while in there, the use of kasprintf() in xgbe_common_read() might as well be avoided, a 16 byte stack buffer is plenty, and removes the need for the 'if (!buf)' check and multiple kfree(buf) on the various return paths. Rasmus