| Message ID | 20221122130453.730657-1-pkosyh@yandex.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2192349wrr;
Tue, 22 Nov 2022 05:14:58 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf5QTdn4I+88PYp63di5P8/UN4+RSoZuRHDJTe1XPz+zqeNlYQ9lqja7iuQ73KK/XUZ51Ady
X-Received: by 2002:a17:906:708d:b0:7ad:b45c:dbe7 with SMTP id
b13-20020a170906708d00b007adb45cdbe7mr19339731ejk.617.1669122898664;
Tue, 22 Nov 2022 05:14:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669122898; cv=none;
d=google.com; s=arc-20160816;
b=aumH4fCMuAzGsTpLgJ61JBy8FXno8jkH8B9Y3ILwlkok9OcahrC39eZTqI/z3Mdjxq
onBgaclC6vnl2z+JhEl8+1b0u5m8VBNiGclV4yla7dJX34MajkZYXm0qf4eNUJdoyNMy
bNt7FFEJ7gkvv1WzEyc3cBpaI8s7EdTjO3DE0Gu5P+Ac4XSPRafHnO/x0MJY8f0SsHIs
SNWbS5J4zaFFt5shov6vG9+dXYFx+QxJ73QVKYql7PhyK8mVf7/OnQYyik/N/vYVPHS8
n7WEpblvtraKbGTXLd6zUexDG25/d7zD1xPHd4BfT2xSh20hLUPLW1qUqgZRp2g2DGLt
V1kQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=1cRGGL/kLGljOEZTXyM0po699HUG3YBlqIEPDsuujzc=;
b=AAAWgmeEYeyUyBQ8BTMCjoDd4H0Gpm6cXRpij1RVQ5bzp89LQ5Ip+Bs4QOylHgNqHw
/7MIJvROCaqZuWxoJ5a7gKXEeOsgm7X1yWCNLJGQ6p4zVUpPRhQ0AkcQA2yzJ2B+6u25
nHkUYQ/677w6F4nJ0FKzCU4+yOQWT0956Mdvo3yx1AfYha6FW2CrBmsULJ3Gr/XbuYDC
Uil/G28OmqnmzUlOKTMdyXvFb5h1BQRBZ2NuLhdQ79I1XOsjiJJqzxb+FDnmVVaxizMO
wUUHn5opExfZz4eFjhA955rE91XyhDxntF3y91rTt7wqIZHjwVutJNx3bIh9QRw8uEts
GlWA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@yandex.ru header.s=mail header.b=b7JrSEpO;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
xg12-20020a170907320c00b007aeff3b0b17si12752124ejb.674.2022.11.22.05.14.34;
Tue, 22 Nov 2022 05:14:58 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@yandex.ru header.s=mail header.b=b7JrSEpO;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232993AbiKVNNb (ORCPT <rfc822;cjcooper78@gmail.com> + 99 others);
Tue, 22 Nov 2022 08:13:31 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43010 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233368AbiKVNNP (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 22 Nov 2022 08:13:15 -0500
Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net
[37.140.190.182])
by lindbergh.monkeyblade.net (Postfix) with ESMTP id 93022E43
for <linux-kernel@vger.kernel.org>;
Tue, 22 Nov 2022 05:13:13 -0800 (PST)
Received: from iva6-2d18925256a6.qloud-c.yandex.net
(iva6-2d18925256a6.qloud-c.yandex.net
[IPv6:2a02:6b8:c0c:7594:0:640:2d18:9252])
by forward102o.mail.yandex.net (Yandex) with ESMTP id 9B4E06FF8662;
Tue, 22 Nov 2022 16:04:58 +0300 (MSK)
Received: by iva6-2d18925256a6.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA
id geBn8MwPXD-4vVS71lp;
Tue, 22 Nov 2022 16:04:57 +0300
X-Yandex-Fwd: 1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
t=1669122297;
bh=1cRGGL/kLGljOEZTXyM0po699HUG3YBlqIEPDsuujzc=;
h=Message-Id:Date:Cc:Subject:To:From;
b=b7JrSEpOInh+WonMh4KYuKtr+RCXYQmr11SqVgF0VpX2x/dGpgTCFDLGp10MSR5rc
h7q6QqqatP/BqE3lMaKY8qwocVMs3AL0y8UdIqxZmRcEWnrJtqXhNQiJ7dTfaKCkTo
m1ZvuaoTl4GXAR1Ae+n3TFPyZT21flE9SJmCP8Wk=
Authentication-Results: iva6-2d18925256a6.qloud-c.yandex.net;
dkim=pass header.i=@yandex.ru
From: Peter Kosyh <pkosyh@yandex.ru>
To: Tariq Toukan <tariqt@nvidia.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>
Cc: Peter Kosyh <pkosyh@yandex.ru>, Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>, netdev@vger.kernel.org,
linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org,
lvc-project@linuxtesting.org
Subject: [PATCH] mlx4: use snprintf() instead of sprintf() for safety
Date: Tue, 22 Nov 2022 16:04:53 +0300
Message-Id: <20221122130453.730657-1-pkosyh@yandex.ru>
X-Mailer: git-send-email 2.38.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2,
SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1750202212837325618?=
X-GMAIL-MSGID: =?utf-8?q?1750202212837325618?=
|
| Series |
mlx4: use snprintf() instead of sprintf() for safety
|
|
Commit Message
Peter Kosyh
Nov. 22, 2022, 1:04 p.m. UTC
Use snprintf() to avoid the potential buffer overflow. Although in the
current code this is hardly possible, the safety is unclean.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Peter Kosyh <pkosyh@yandex.ru>
---
drivers/net/ethernet/mellanox/mlx4/main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Comments
On Tue, Nov 22, 2022 at 04:04:53PM +0300, Peter Kosyh wrote: > Use snprintf() to avoid the potential buffer overflow. Although in the > current code this is hardly possible, the safety is unclean. Let's fix the tools instead. The kernel code is correct. Thanks > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Peter Kosyh <pkosyh@yandex.ru> > --- > drivers/net/ethernet/mellanox/mlx4/main.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c > index d3fc86cd3c1d..0616d352451b 100644 > --- a/drivers/net/ethernet/mellanox/mlx4/main.c > +++ b/drivers/net/ethernet/mellanox/mlx4/main.c > @@ -3057,7 +3057,8 @@ static int mlx4_init_port_info(struct mlx4_dev *dev, int port) > info->base_qpn = mlx4_get_base_qpn(dev, port); > } > > - sprintf(info->dev_name, "mlx4_port%d", port); > + snprintf(info->dev_name, sizeof(info->dev_name), > + "mlx4_port%d", port); > info->port_attr.attr.name = info->dev_name; > if (mlx4_is_mfunc(dev)) { > info->port_attr.attr.mode = 0444; > @@ -3077,7 +3078,8 @@ static int mlx4_init_port_info(struct mlx4_dev *dev, int port) > return err; > } > > - sprintf(info->dev_mtu_name, "mlx4_port%d_mtu", port); > + snprintf(info->dev_mtu_name, sizeof(info->dev_mtu_name), > + "mlx4_port%d_mtu", port); > info->port_mtu_attr.attr.name = info->dev_mtu_name; > if (mlx4_is_mfunc(dev)) { > info->port_mtu_attr.attr.mode = 0444; > -- > 2.38.1 >
On Tue, 22 Nov 2022 16:48:15 +0200 Leon Romanovsky wrote: > On Tue, Nov 22, 2022 at 04:04:53PM +0300, Peter Kosyh wrote: > > Use snprintf() to avoid the potential buffer overflow. Although in the > > current code this is hardly possible, the safety is unclean. > > Let's fix the tools instead. The kernel code is correct. I'm guessing the code is correct because port can't be a high value? Otherwise, if I'm counting right, large enough port representation (e.g. 99999999) could overflow the string. If that's the case - how would they "fix the tool" to know the port is always a single digit?
On 22 Nov 12:12, Jakub Kicinski wrote: >On Tue, 22 Nov 2022 16:48:15 +0200 Leon Romanovsky wrote: >> On Tue, Nov 22, 2022 at 04:04:53PM +0300, Peter Kosyh wrote: >> > Use snprintf() to avoid the potential buffer overflow. Although in the >> > current code this is hardly possible, the safety is unclean. >> >> Let's fix the tools instead. The kernel code is correct. > >I'm guessing the code is correct because port can't be a high value? >Otherwise, if I'm counting right, large enough port representation >(e.g. 99999999) could overflow the string. If that's the case - how >would they "fix the tool" to know the port is always a single digit? +1 FWIW, Reviewed-by: Saeed Mahameed <saeed@kernel.org>
On Tue, Nov 22, 2022 at 12:12:23PM -0800, Jakub Kicinski wrote: > On Tue, 22 Nov 2022 16:48:15 +0200 Leon Romanovsky wrote: > > On Tue, Nov 22, 2022 at 04:04:53PM +0300, Peter Kosyh wrote: > > > Use snprintf() to avoid the potential buffer overflow. Although in the > > > current code this is hardly possible, the safety is unclean. > > > > Let's fix the tools instead. The kernel code is correct. > > I'm guessing the code is correct because port can't be a high value? Yes, port value is provided as input to mlx4_init_port_info() and it is capped by MLX4_MAX_PORTS, which is 2. > Otherwise, if I'm counting right, large enough port representation > (e.g. 99999999) could overflow the string. If that's the case - how > would they "fix the tool" to know the port is always a single digit? I may admit that I don't know how hard or easy to implement it, but it will be great if tool would be able to understand that dev->caps.num_ports are not really dynamic values, but constant ones. However, I don't mind if we merge it. Thanks, Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c index d3fc86cd3c1d..0616d352451b 100644 --- a/drivers/net/ethernet/mellanox/mlx4/main.c +++ b/drivers/net/ethernet/mellanox/mlx4/main.c @@ -3057,7 +3057,8 @@ static int mlx4_init_port_info(struct mlx4_dev *dev, int port) info->base_qpn = mlx4_get_base_qpn(dev, port); } - sprintf(info->dev_name, "mlx4_port%d", port); + snprintf(info->dev_name, sizeof(info->dev_name), + "mlx4_port%d", port); info->port_attr.attr.name = info->dev_name; if (mlx4_is_mfunc(dev)) { info->port_attr.attr.mode = 0444; @@ -3077,7 +3078,8 @@ static int mlx4_init_port_info(struct mlx4_dev *dev, int port) return err; } - sprintf(info->dev_mtu_name, "mlx4_port%d_mtu", port); + snprintf(info->dev_mtu_name, sizeof(info->dev_mtu_name), + "mlx4_port%d_mtu", port); info->port_mtu_attr.attr.name = info->dev_mtu_name; if (mlx4_is_mfunc(dev)) { info->port_mtu_attr.attr.mode = 0444;