[SRU][F:linux-bluefield][PATCH v1 1/1] UBUNTU: SAUCE: Fix references to sprintf that may cause buffer overflow

Jitendra Lanka jlanka at nvidia.com
Wed Jan 26 17:43:36 UTC 2022 

Adding verification team.

-----Original Message-----
From: Jitendra Lanka <jlanka at nvidia.com> 
Sent: Wednesday, January 26, 2022 11:35 AM
To: kernel-team at lists.ubuntu.com
Cc: Jitendra Lanka <jlanka at nvidia.com>
Subject: [SRU][F:linux-bluefield][PATCH v1 1/1] UBUNTU: SAUCE: Fix references to sprintf that may cause buffer overflow

BugLink: https://bugs.launchpad.net/bugs/1959119

Replace sprintf with snprintf containing a defined boundary of PAGE_SIZE for sysfs store/show functions and max array size defined otherwise.

Signed-off-by: Jitendra Lanka <jlanka at nvidia.com>

---
 drivers/platform/mellanox/mlxbf-pmc.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/drivers/platform/mellanox/mlxbf-pmc.c b/drivers/platform/mellanox/mlxbf-pmc.c
index 493d72a53ee4..eb878b89169a 100644
--- a/drivers/platform/mellanox/mlxbf-pmc.c
+++ b/drivers/platform/mellanox/mlxbf-pmc.c
@@ -681,7 +681,7 @@ static ssize_t mlxbf_counter_read(struct kobject *ko,
 	} else
 		return -EINVAL;
 
-	return sprintf(buf, "0x%llx\n", value);
+	return snprintf(buf, PAGE_SIZE, "0x%llx\n", value);
 }
 
 /* Store function for "counter" sysfs files */ @@ -758,7 +758,7 @@ static ssize_t mlxbf_event_find(struct kobject *ko,
 
 	evt_name = mlxbf_pmc_get_event_name((char *)ko->name, evt_num);
 
-	return sprintf(buf, "0x%llx: %s\n", evt_num, evt_name);
+	return snprintf(buf, PAGE_SIZE, "0x%llx: %s\n", evt_num, evt_name);
 }
 
 /* Store function for "event" sysfs files */ @@ -811,8 +811,11 @@ static ssize_t mlxbf_print_event_list(struct kobject *ko,
 
 	buf[0] = '\0';
 	while (events[i].evt_name != NULL) {
-		size += sprintf(e_info, "%x: %s\n", events[i].evt_num,
-			events[i].evt_name);
+		size += snprintf(e_info,
+				 sizeof(e_info),
+				 "%x: %s\n",
+				 events[i].evt_num,
+				 events[i].evt_name);
 		if (size > PAGE_SIZE)
 			break;
 		strcat(buf, e_info);
@@ -840,7 +843,7 @@ static ssize_t mlxbf_show_counter_state(struct kobject *ko,
 
 	value = FIELD_GET(MLXBF_L3C_PERF_CNT_CFG__EN, perfcnt_cfg);
 
-	return sprintf(buf, "%d\n", value);
+	return snprintf(buf, PAGE_SIZE, "%d\n", value);
 }
 
 /* Store function for "enable" sysfs files - only for l3cache */ @@ -1250,4 +1253,4 @@ module_platform_driver(pmc_driver);
 MODULE_AUTHOR("Mellanox Technologies");  MODULE_DESCRIPTION("Mellanox PMC driver");  MODULE_LICENSE("Dual BSD/GPL"); -MODULE_VERSION(__stringify(DRIVER_VERSION));
\ No newline at end of file
+MODULE_VERSION(__stringify(DRIVER_VERSION));
--
2.30.1

More information about the kernel-team mailing list