From patchwork Wed Dec 13 16:42:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lee Jones X-Patchwork-Id: 13491640 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 68D7FC4167D for ; Wed, 13 Dec 2023 16:43:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=qahZdIW7Ah1IKXnkUD1Z2ZQo2wp18pGfSradA71ne0s=; b=24PTdWUuS6B29y G9qSl+6yZsUIHuOFE/x9+YMfAIRJ4+wdpwZaom0P22I2wJXNR0E2L8AqMxrXQb4zMV1+VmfP1MYzc Ylorxjv+kqpgEUhVlcFSfJnQwh7BJOH04ZYCsq+yF0IM76bp3yyTg0uVvvgKIYPvWtG/UG4MLSR44 68Z87Wmx6dPRp0/EwLhqatNuFw62fb5rDkDGlgOk2TsGc0/RYR4+y4+tN9rcYaGlahdXZ3MeKNmk9 5XD4iK91cRUnRT0sE+rmDYOBRp90r9iyHwnjBPYQO+0FUhFiUcVJVR+rLURp/UnrRNZJTrCRduuM+ 06h/F9ul2pxbHHv2WS9A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rDSKG-00FUVS-2a; Wed, 13 Dec 2023 16:43:12 +0000 Received: from sin.source.kernel.org ([145.40.73.55]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rDSKD-00FUU3-2Z for linux-arm-kernel@lists.infradead.org; Wed, 13 Dec 2023 16:43:11 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id C0122CE2019; Wed, 13 Dec 2023 16:43:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7E5E0C433C8; Wed, 13 Dec 2023 16:43:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1702485787; bh=9MqdC0Lzr8nJH/eweGgenOuSKTiqYwlElEoxJCh++2Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=syOCzR1pFzH6D78Dms52k+7u8KamuzCVKnFQiO5Xo26CVrAFAO2+yMZ+w38Uo7IH3 Nl8bBxSJkTZ7cXOnuEhB0qQRuqJCUwul3a+s68hHqAVWntZ7ty0z2vPUgkM8YzyX/p 3+segpEX4C+XG5uJNn6EVnR2s4jWMjGl2mUPfLLr61dUw1idHZcHnCML4f1sW8Z9MB +jRGViIAwsHHD4PQs297yiEESHK7GKem8ZDn6hs6Fnyw79k02glVgxON0VgLIFlUSq En4wZ6/hxapsnOQOnlVhNfEvp6/7D+9nlZrxzfEbApLtlKdHCkAIgW8pDA69nX2za0 +hEiemazLugsw== From: Lee Jones To: lee@kernel.org, gregkh@linuxfoundation.org Subject: [PATCH 05/12] usb: gadget: udc: atmel: Replace snprintf() with the safer scnprintf() variant Date: Wed, 13 Dec 2023 16:42:34 +0000 Message-ID: <20231213164246.1021885-6-lee@kernel.org> X-Mailer: git-send-email 2.43.0.472.g3155946c3a-goog In-Reply-To: <20231213164246.1021885-1-lee@kernel.org> References: <20231213164246.1021885-1-lee@kernel.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231213_084310_057745_DEC5248E X-CRM114-Status: GOOD ( 10.88 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alexandre Belloni , linux-usb@vger.kernel.org, Claudiu Beznea , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Cristian Birsan Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org There is a general misunderstanding amongst engineers that {v}snprintf() returns the length of the data *actually* encoded into the destination array. However, as per the C99 standard {v}snprintf() really returns the length of the data that *would have been* written if there were enough space for it. This misunderstanding has led to buffer-overruns in the past. It's generally considered safer to use the {v}scnprintf() variants in their place (or even sprintf() in simple cases). So let's do that. Link: https://lwn.net/Articles/69419/ Link: https://github.com/KSPP/linux/issues/105 Cc: Cristian Birsan Cc: Nicolas Ferre Cc: Alexandre Belloni Cc: Claudiu Beznea Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Lee Jones --- drivers/usb/gadget/udc/atmel_usba_udc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/gadget/udc/atmel_usba_udc.c b/drivers/usb/gadget/udc/atmel_usba_udc.c index 02b1bef5e22e2..b76885d78e8a7 100644 --- a/drivers/usb/gadget/udc/atmel_usba_udc.c +++ b/drivers/usb/gadget/udc/atmel_usba_udc.c @@ -94,7 +94,7 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, inode_lock(file_inode(file)); list_for_each_entry_safe(req, tmp_req, queue, queue) { - len = snprintf(tmpbuf, sizeof(tmpbuf), + len = scnprintf(tmpbuf, sizeof(tmpbuf), "%8p %08x %c%c%c %5d %c%c%c\n", req->req.buf, req->req.length, req->req.no_interrupt ? 'i' : 'I', @@ -104,7 +104,6 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, req->submitted ? 'F' : 'f', req->using_dma ? 'D' : 'd', req->last_transaction ? 'L' : 'l'); - len = min(len, sizeof(tmpbuf)); if (len > nbytes) break; From patchwork Wed Dec 13 16:42:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lee Jones X-Patchwork-Id: 13491641 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 92F7AC4332F for ; Wed, 13 Dec 2023 16:43:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=jlNXm1iOTNyy0PgNfNb73WEs6+BQN8k7Rw6EK11ujcU=; b=3EmlwR3/0qZk+q GOlshvpn3B+bFLoGCUdLVGPQhR1R3P7yR+1jl7RLA6EX9lB+DMl75+Itv9SK9nw6sPbM/sETSueGU HdxJxBTR90GoxB5ZLCOJOorbH4GjQDOGWxUlABMo4NvKVul1mNjHHjOniI4eTo6AZEFrEC3UTvnSh N4HfPqbADlaMkrR4VRgtXDLMlp/ySUpZ3UfVH/oQMgHAB4kHSeZUr3uuiZ+AUn0/lPXOnxjcgCEk2 7mY+Ky5oy7/fr4pYCkSw1m74OunudAqbImgvfgenphQNylnZlYOQBzC3q2RR8Nrf7+3HaXz+vF1XW rlbIvca5GpMtdEBXGIqQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rDSKN-00FUXa-1f; Wed, 13 Dec 2023 16:43:19 +0000 Received: from sin.source.kernel.org ([145.40.73.55]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rDSKI-00FUVR-0S for linux-arm-kernel@lists.infradead.org; Wed, 13 Dec 2023 16:43:15 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 2964FCE2005; Wed, 13 Dec 2023 16:43:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 83C16C433C9; Wed, 13 Dec 2023 16:43:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1702485791; bh=wYZoxRzv7f2lUWGVcUrdQYjqojzH2JSBWrtkL9KlpB4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OikvGNj6sd0jUETMSWlDSLI5ZF/U+uXbQ8cVDaFNlkARUf5qtCOPFz/y3XWqThSt8 cEuyEzZacvtERUMB5wriCrNSxDOFQtiDQjRRTxmdNqT4jo0SCEsVbcIY82OKRdZhoH HM3VYJzdSXnumn5UpTJomk69ro5yyp6jl7AOUaWDuuP+JqilQ2Ux4CVJ6q9s2iGbFC Mztob5uy85eoJrWtcOrBgI8hOAMk+iahwGDNv38hzfGSXFeILsO2PIfr1PGFEoWQ6o 8k9KL+WzlfxAxmaxUjYswgOY4eP+iOTNwsQj6Sn+XvHB0Id3BUw94U00TfCDWIDGN6 DcKnJuEBEW5tQ== From: Lee Jones To: lee@kernel.org, gregkh@linuxfoundation.org Subject: [PATCH 07/12] usb: host: max3421-hcd: Replace snprintf() with the safer scnprintf() variant Date: Wed, 13 Dec 2023 16:42:36 +0000 Message-ID: <20231213164246.1021885-8-lee@kernel.org> X-Mailer: git-send-email 2.43.0.472.g3155946c3a-goog In-Reply-To: <20231213164246.1021885-1-lee@kernel.org> References: <20231213164246.1021885-1-lee@kernel.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231213_084314_411882_77605503 X-CRM114-Status: GOOD ( 11.03 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alexandre Belloni , linux-usb@vger.kernel.org, Claudiu Beznea , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Cristian Birsan Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org There is a general misunderstanding amongst engineers that {v}snprintf() returns the length of the data *actually* encoded into the destination array. However, as per the C99 standard {v}snprintf() really returns the length of the data that *would have been* written if there were enough space for it. This misunderstanding has led to buffer-overruns in the past. It's generally considered safer to use the {v}scnprintf() variants in their place (or even sprintf() in simple cases). So let's do that. Link: https://lwn.net/Articles/69419/ Link: https://github.com/KSPP/linux/issues/105 Cc: Cristian Birsan Cc: Nicolas Ferre Cc: Alexandre Belloni Cc: Claudiu Beznea Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Lee Jones --- drivers/usb/host/max3421-hcd.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/usb/host/max3421-hcd.c b/drivers/usb/host/max3421-hcd.c index d152d72de1269..9fe4f48b18980 100644 --- a/drivers/usb/host/max3421-hcd.c +++ b/drivers/usb/host/max3421-hcd.c @@ -1158,12 +1158,12 @@ dump_eps(struct usb_hcd *hcd) end = dp + sizeof(ubuf); *dp = '\0'; list_for_each_entry(urb, &ep->urb_list, urb_list) { - ret = snprintf(dp, end - dp, " %p(%d.%s %d/%d)", urb, - usb_pipetype(urb->pipe), - usb_urb_dir_in(urb) ? "IN" : "OUT", - urb->actual_length, - urb->transfer_buffer_length); - if (ret < 0 || ret >= end - dp) + ret = scnprintf(dp, end - dp, " %p(%d.%s %d/%d)", urb, + usb_pipetype(urb->pipe), + usb_urb_dir_in(urb) ? "IN" : "OUT", + urb->actual_length, + urb->transfer_buffer_length); + if (ret == end - dp - 1) break; /* error or buffer full */ dp += ret; } @@ -1255,9 +1255,9 @@ max3421_handle_irqs(struct usb_hcd *hcd) end = sbuf + sizeof(sbuf); *dp = '\0'; for (i = 0; i < 16; ++i) { - int ret = snprintf(dp, end - dp, " %lu", - max3421_hcd->err_stat[i]); - if (ret < 0 || ret >= end - dp) + int ret = scnprintf(dp, end - dp, " %lu", + max3421_hcd->err_stat[i]); + if (ret == end - dp - 1) break; /* error or buffer full */ dp += ret; }