From patchwork Sun Dec 17 13:27:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 13495865 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7D7B8C3DA6E for ; Sun, 17 Dec 2023 13:29:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:From:To: Subject:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=W9aXuxsvIxD9jq9WczfNc4xLptN/8cdek3pt3CxxDpw=; b=Ddff5uU3Vn+eym YlEQ38Ncgdhw7CpVZTGzTWXfaf79i/0eZ4+uqQv3TuaQqqioSquPhM3VyOQh/wMzIVEfL3hpevtCm Zeupo2ePnwUtqfF559gdFmxPt45Z2okLG1pwsPpQ7DDGPPKux2qpcM30uZ81Fuzn+iYjJ7Y+KoR7w hVObDiXsGxAe1b9xOgxHIj0ks2LWnnyUlGzr4twO9Cb9w3yt895x9DFfyXQKaAXzGTkxrCrijSL6F KqgBDxIgU66dvTViYu4qArGoPQPERsvL5TRoF4B13Cpz2o0xPvSVWfn+cNSolG/mITEdG1Re2mCwo /E3R3K7e3y2Fd3hihYqw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rErCl-007sgS-21; Sun, 17 Dec 2023 13:29:15 +0000 Received: from sin.source.kernel.org ([2604:1380:40e1:4800::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rErCi-007sfp-0s for linux-arm-kernel@lists.infradead.org; Sun, 17 Dec 2023 13:29:13 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 2712FCE0B03; Sun, 17 Dec 2023 13:29:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 104A6C433C7; Sun, 17 Dec 2023 13:29:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1702819746; bh=KuS6aPazj1Bj5fPcXBp1dKSDthOCCntk7FWL8yJpR2c=; h=Subject:To:From:Date:From; b=2V7yBXh72nBodGCW06Vja0nzLsTWDZfLB73PUE1y0Q12POZs+O2u21sZNO0Ws9P8l 5BvrCZH5g/Ft9UGNhlulD2Lbv0u7mTCKP3sR80L1LwW/cy4SFrNxxUn06eKQ07JmUN NCKwu8MF4DnZPm/dCZikWUbGEtEhZEOsxb43ib2I= Subject: patch "usb: gadget: udc: atmel: Replace snprintf() with the safer" added to usb-next To: lee@kernel.org,alexandre.belloni@bootlin.com,claudiu.beznea@tuxon.dev,cristian.birsan@microchip.com,gregkh@linuxfoundation.org,linux-arm-kernel@lists.infradead.org,nicolas.ferre@microchip.com From: Date: Sun, 17 Dec 2023 14:27:32 +0100 Message-ID: <2023121732-bacteria-ladybug-c5c9@gregkh> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231217_052912_499163_FB58C1DC X-CRM114-Status: GOOD ( 15.58 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This is a note to let you know that I've just added the patch titled usb: gadget: udc: atmel: Replace snprintf() with the safer to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From d32dcb0659bcb3b68878a985280024ec92d0db5b Mon Sep 17 00:00:00 2001 From: Lee Jones Date: Wed, 13 Dec 2023 16:42:34 +0000 Subject: usb: gadget: udc: atmel: Replace snprintf() with the safer scnprintf() variant There is a general misunderstanding amongst engineers that {v}snprintf() returns the length of the data *actually* encoded into the destination array. However, as per the C99 standard {v}snprintf() really returns the length of the data that *would have been* written if there were enough space for it. This misunderstanding has led to buffer-overruns in the past. It's generally considered safer to use the {v}scnprintf() variants in their place (or even sprintf() in simple cases). So let's do that. Link: https://lwn.net/Articles/69419/ Link: https://github.com/KSPP/linux/issues/105 Cc: Cristian Birsan Cc: Nicolas Ferre Cc: Alexandre Belloni Cc: Claudiu Beznea Cc: Signed-off-by: Lee Jones Link: https://lore.kernel.org/r/20231213164246.1021885-6-lee@kernel.org Signed-off-by: Greg Kroah-Hartman --- drivers/usb/gadget/udc/atmel_usba_udc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/gadget/udc/atmel_usba_udc.c b/drivers/usb/gadget/udc/atmel_usba_udc.c index 02b1bef5e22e..b76885d78e8a 100644 --- a/drivers/usb/gadget/udc/atmel_usba_udc.c +++ b/drivers/usb/gadget/udc/atmel_usba_udc.c @@ -94,7 +94,7 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, inode_lock(file_inode(file)); list_for_each_entry_safe(req, tmp_req, queue, queue) { - len = snprintf(tmpbuf, sizeof(tmpbuf), + len = scnprintf(tmpbuf, sizeof(tmpbuf), "%8p %08x %c%c%c %5d %c%c%c\n", req->req.buf, req->req.length, req->req.no_interrupt ? 'i' : 'I', @@ -104,7 +104,6 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, req->submitted ? 'F' : 'f', req->using_dma ? 'D' : 'd', req->last_transaction ? 'L' : 'l'); - len = min(len, sizeof(tmpbuf)); if (len > nbytes) break;