From: Jason Gunthorpe <jgg@ziepe.ca>
To: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: selvin.xavier@broadcom.com, devesh.sharma@broadcom.com,
dledford@redhat.com, leon@kernel.org, colin.king@canonical.com,
roland@purestorage.com, linux-rdma@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] RDMA/ocrdma: Fix an off-by-one issue in 'ocrdma_add_stat'
Date: Tue, 14 Apr 2020 18:34:41 +0000 [thread overview]
Message-ID: <20200414183441.GA28870@ziepe.ca> (raw)
In-Reply-To: <20200328073040.24429-1-christophe.jaillet@wanadoo.fr>
On Sat, Mar 28, 2020 at 08:30:40AM +0100, Christophe JAILLET wrote:
> There is an off-by-one issue when checking if there is enough space in the
> output buffer, because we must keep some place for a final '\0'.
>
> While at it:
> - Use 'scnprintf' instead of 'snprintf' in order to avoid a superfluous
> 'strlen'
> - avoid some useless initializations
> - avoida hard coded buffer size that can be computed at built time.
>
> Fixes: a51f06e1679e ("RDMA/ocrdma: Query controller information")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ---
> The '\0' comes from memset(..., 0, ...) in all callers.
> This could be also avoided if needed.
> ---
> drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_stats.c b/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
> index 5f831e3bdbad..614a449e6b87 100644
> --- a/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
> +++ b/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
> @@ -49,13 +49,12 @@ static struct dentry *ocrdma_dbgfs_dir;
> static int ocrdma_add_stat(char *start, char *pcur,
> char *name, u64 count)
> {
> - char buff[128] = {0};
> - int cpy_len = 0;
> + char buff[128];
> + int cpy_len;
>
> - snprintf(buff, 128, "%s: %llu\n", name, count);
> - cpy_len = strlen(buff);
> + cpy_len = scnprintf(buff, sizeof(buff), "%s: %llu\n", name, count);
>
> - if (pcur + cpy_len > start + OCRDMA_MAX_DBGFS_MEM) {
> + if (pcur + cpy_len >= start + OCRDMA_MAX_DBGFS_MEM) {
> pr_err("%s: No space in stats buff\n", __func__);
> return 0;
> }
The memcpy is still kind of silly right? What about this:
static int ocrdma_add_stat(char *start, char *pcur, char *name, u64 count)
{
size_t len = (start + OCRDMA_MAX_DBGFS_MEM) - pcur;
int cpy_len;
cpy_len = snprintf(pcur, len, "%s: %llu\n", name, count);
if (cpy_len >= len || cpy_len < 0) {
pr_err("%s: No space in stats buff\n", __func__);
return 0;
}
return cpy_len;
}
Jason
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgg@ziepe.ca>
To: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: selvin.xavier@broadcom.com, devesh.sharma@broadcom.com,
dledford@redhat.com, leon@kernel.org, colin.king@canonical.com,
roland@purestorage.com, linux-rdma@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] RDMA/ocrdma: Fix an off-by-one issue in 'ocrdma_add_stat'
Date: Tue, 14 Apr 2020 15:34:41 -0300 [thread overview]
Message-ID: <20200414183441.GA28870@ziepe.ca> (raw)
In-Reply-To: <20200328073040.24429-1-christophe.jaillet@wanadoo.fr>
On Sat, Mar 28, 2020 at 08:30:40AM +0100, Christophe JAILLET wrote:
> There is an off-by-one issue when checking if there is enough space in the
> output buffer, because we must keep some place for a final '\0'.
>
> While at it:
> - Use 'scnprintf' instead of 'snprintf' in order to avoid a superfluous
> 'strlen'
> - avoid some useless initializations
> - avoida hard coded buffer size that can be computed at built time.
>
> Fixes: a51f06e1679e ("RDMA/ocrdma: Query controller information")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ---
> The '\0' comes from memset(..., 0, ...) in all callers.
> This could be also avoided if needed.
> ---
> drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_stats.c b/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
> index 5f831e3bdbad..614a449e6b87 100644
> --- a/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
> +++ b/drivers/infiniband/hw/ocrdma/ocrdma_stats.c
> @@ -49,13 +49,12 @@ static struct dentry *ocrdma_dbgfs_dir;
> static int ocrdma_add_stat(char *start, char *pcur,
> char *name, u64 count)
> {
> - char buff[128] = {0};
> - int cpy_len = 0;
> + char buff[128];
> + int cpy_len;
>
> - snprintf(buff, 128, "%s: %llu\n", name, count);
> - cpy_len = strlen(buff);
> + cpy_len = scnprintf(buff, sizeof(buff), "%s: %llu\n", name, count);
>
> - if (pcur + cpy_len > start + OCRDMA_MAX_DBGFS_MEM) {
> + if (pcur + cpy_len >= start + OCRDMA_MAX_DBGFS_MEM) {
> pr_err("%s: No space in stats buff\n", __func__);
> return 0;
> }
The memcpy is still kind of silly right? What about this:
static int ocrdma_add_stat(char *start, char *pcur, char *name, u64 count)
{
size_t len = (start + OCRDMA_MAX_DBGFS_MEM) - pcur;
int cpy_len;
cpy_len = snprintf(pcur, len, "%s: %llu\n", name, count);
if (cpy_len >= len || cpy_len < 0) {
pr_err("%s: No space in stats buff\n", __func__);
return 0;
}
return cpy_len;
}
Jason
next prev parent reply other threads:[~2020-04-14 18:34 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-28 7:30 [PATCH] RDMA/ocrdma: Fix an off-by-one issue in 'ocrdma_add_stat' Christophe JAILLET
2020-03-28 7:30 ` Christophe JAILLET
2020-04-14 18:34 ` Jason Gunthorpe [this message]
2020-04-14 18:34 ` Jason Gunthorpe
2020-04-16 13:08 ` Dan Carpenter
2020-04-16 13:08 ` Dan Carpenter
2020-04-16 18:47 ` Jason Gunthorpe
2020-04-16 18:47 ` Jason Gunthorpe
2020-04-17 11:26 ` Dan Carpenter
2020-04-17 11:26 ` Dan Carpenter
2020-04-17 12:25 ` Jason Gunthorpe
2020-04-17 12:25 ` Jason Gunthorpe
2020-04-17 13:09 ` Dan Carpenter
2020-04-17 13:09 ` Dan Carpenter
2020-04-17 13:48 ` Jason Gunthorpe
2020-04-17 13:48 ` Jason Gunthorpe
2020-04-17 15:13 ` Dan Carpenter
2020-04-17 15:13 ` Dan Carpenter
2020-04-17 15:56 ` Jason Gunthorpe
2020-04-17 15:56 ` Jason Gunthorpe
2020-04-17 13:28 ` Marion & Christophe JAILLET
2020-04-17 13:28 ` Marion & Christophe JAILLET
2020-04-17 13:50 ` Jason Gunthorpe
2020-04-17 13:50 ` Jason Gunthorpe
2020-04-17 14:39 ` Christophe JAILLET
2020-04-17 14:39 ` Christophe JAILLET
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200414183441.GA28870@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=christophe.jaillet@wanadoo.fr \
--cc=colin.king@canonical.com \
--cc=devesh.sharma@broadcom.com \
--cc=dledford@redhat.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=roland@purestorage.com \
--cc=selvin.xavier@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.