From patchwork Fri Dec 15 12:56:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 13494425 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 618C5C41535 for ; Fri, 15 Dec 2023 12:57:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:From:To: Subject:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=a7PhZbI6iRZgX8LFovqmYEVRM7V/u/jwBAdUtFuKRm0=; b=hThOydcQtAXvr6 SH8OOEicnd13X1NMzrR5J3rqixbpD2YoRZit86iYMQJukfnptrkUsTgaZTfAlpXDnE/wzmLavNLXc QVfShdO4qHknA+b+/jgdWZXZjriDVa7Vc++VyFZZq9aagu3Ut40Sa9AisfAnsamVzrMtHcN50oq+D Bem2FD82kfy8CSSt8POHY2wQ95ozkIUg3uyk1QwIVjgURAdCWUUhMFFRNVkvU10Da15Br/hM1LaDH I2sljcOjpGDsWgQLIet8qsd8Bw0DkQlb4JEW3QsqLQfrGggwqwizSRrYjkdsKFWBVw8ajhsJ/t3Os FUKxtA5x1ltRp6HRHJWQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rE7kw-003J44-2p; Fri, 15 Dec 2023 12:57:30 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rE7kp-003Izg-1Z for linux-arm-kernel@lists.infradead.org; Fri, 15 Dec 2023 12:57:25 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 2045BB82641; Fri, 15 Dec 2023 12:57:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 258CCC433C8; Fri, 15 Dec 2023 12:57:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1702645037; bh=y8Y0IMQr4tygajMprq+oexTUCRJDrkyZLYUIZJuYBVs=; h=Subject:To:From:Date:From; b=2NridpX8YRX8t98EeJukc7tuajIyrJfiWaQXASHUb+iW01Oe6LLqsMIptiBqZzQgY GeNxx+zGqOC/emxivILoXwCsyJAKqa/enqAuoZ2SwaMfxpak8FhrA5i2vWqcg3EmYz 3n1xDVjNmHfKn11lBwPeKH6JntVZTw4iPe8MK2+A= Subject: patch "usb: gadget: udc: atmel: Replace snprintf() with the safer" added to usb-testing To: lee@kernel.org,alexandre.belloni@bootlin.com,claudiu.beznea@tuxon.dev,cristian.birsan@microchip.com,gregkh@linuxfoundation.org,linux-arm-kernel@lists.infradead.org,nicolas.ferre@microchip.com From: Date: Fri, 15 Dec 2023 13:56:38 +0100 Message-ID: <2023121538-polka-speller-f225@gregkh> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231215_045723_668292_0B97B2A0 X-CRM114-Status: GOOD ( 16.23 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This is a note to let you know that I've just added the patch titled usb: gadget: udc: atmel: Replace snprintf() with the safer to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From d32dcb0659bcb3b68878a985280024ec92d0db5b Mon Sep 17 00:00:00 2001 From: Lee Jones Date: Wed, 13 Dec 2023 16:42:34 +0000 Subject: usb: gadget: udc: atmel: Replace snprintf() with the safer scnprintf() variant There is a general misunderstanding amongst engineers that {v}snprintf() returns the length of the data *actually* encoded into the destination array. However, as per the C99 standard {v}snprintf() really returns the length of the data that *would have been* written if there were enough space for it. This misunderstanding has led to buffer-overruns in the past. It's generally considered safer to use the {v}scnprintf() variants in their place (or even sprintf() in simple cases). So let's do that. Link: https://lwn.net/Articles/69419/ Link: https://github.com/KSPP/linux/issues/105 Cc: Cristian Birsan Cc: Nicolas Ferre Cc: Alexandre Belloni Cc: Claudiu Beznea Cc: Signed-off-by: Lee Jones Link: https://lore.kernel.org/r/20231213164246.1021885-6-lee@kernel.org Signed-off-by: Greg Kroah-Hartman --- drivers/usb/gadget/udc/atmel_usba_udc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/gadget/udc/atmel_usba_udc.c b/drivers/usb/gadget/udc/atmel_usba_udc.c index 02b1bef5e22e..b76885d78e8a 100644 --- a/drivers/usb/gadget/udc/atmel_usba_udc.c +++ b/drivers/usb/gadget/udc/atmel_usba_udc.c @@ -94,7 +94,7 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, inode_lock(file_inode(file)); list_for_each_entry_safe(req, tmp_req, queue, queue) { - len = snprintf(tmpbuf, sizeof(tmpbuf), + len = scnprintf(tmpbuf, sizeof(tmpbuf), "%8p %08x %c%c%c %5d %c%c%c\n", req->req.buf, req->req.length, req->req.no_interrupt ? 'i' : 'I', @@ -104,7 +104,6 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, req->submitted ? 'F' : 'f', req->using_dma ? 'D' : 'd', req->last_transaction ? 'L' : 'l'); - len = min(len, sizeof(tmpbuf)); if (len > nbytes) break;