From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Kees Cook <keescook@chromium.org>
Cc: David Laight <David.Laight@aculab.com>,
'Alex Dewar' <alex.dewar90@gmail.com>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
"accessrunner-general@lists.sourceforge.net"
<accessrunner-general@lists.sourceforge.net>,
"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] usb: atm: don't use snprintf() for sysfs attrs
Date: Thu, 27 Aug 2020 19:45:06 +0200 [thread overview]
Message-ID: <20200827174506.GA705950@kroah.com> (raw)
In-Reply-To: <202008270936.6FF344336@keescook>
On Thu, Aug 27, 2020 at 09:49:04AM -0700, Kees Cook wrote:
> On Tue, Aug 25, 2020 at 10:24:06AM +0200, Greg Kroah-Hartman wrote:
> > On Tue, Aug 25, 2020 at 08:12:05AM +0000, David Laight wrote:
> > > From: Alex Dewar
> > > > Sent: 24 August 2020 23:23
> > > > kernel/cpu.c: don't use snprintf() for sysfs attrs
> > > >
> > > > As per the documentation (Documentation/filesystems/sysfs.rst),
> > > > snprintf() should not be used for formatting values returned by sysfs.
> > > >
> > > > In all of these cases, sprintf() suffices as we know that the formatted
> > > > strings will be less than PAGE_SIZE in length.
> > >
> > > Hmmmm....
> > > I much prefer to see bounded string ops.
> > > sysfs really ought to be passing through the buffer length.
> >
> > No.
>
> It really should, though. I _just_ got burned by this due to having
> a binattr sysfs reachable through splice[1]. Most sysfs things aren't
> binattr, but I've always considered this to be a weird fragility in the
> sysfs implementation.
binattr attributes do have the buffer size passed to it, for that very
reason :)
> > So this is designed this way on purpose, you shouldn't have to worry
> > about any of this, and that way, you don't have to "program
> > defensively", it all just works in a simple manner.
>
> Later in this thread there's a suggestion to alter the API to avoid
> individual calls to sprintf(), which seems like a reasonable first step.
I always review any patches submitted, so if someone feels like tackling
this, wonderful!
thanks,
greg k-h
next prev parent reply other threads:[~2020-08-27 17:45 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-24 22:23 [PATCH] usb: atm: don't use snprintf() for sysfs attrs Alex Dewar
2020-08-25 8:12 ` David Laight
2020-08-25 8:17 ` Alex Dewar
2020-08-25 9:07 ` David Laight
2020-08-25 8:24 ` Greg Kroah-Hartman
2020-08-27 16:49 ` Kees Cook
2020-08-27 17:45 ` Greg Kroah-Hartman [this message]
2020-08-27 6:42 ` Rasmus Villemoes
2020-08-27 7:15 ` Greg Kroah-Hartman
2020-08-27 13:18 ` Alex Dewar
2020-08-27 13:41 ` Rasmus Villemoes
2020-08-27 14:48 ` Alex Dewar
2020-08-27 16:58 ` [Cocci] " Joe Perches
2020-08-27 16:58 ` Joe Perches
2020-08-27 19:42 ` [Cocci] " Julia Lawall
2020-08-27 19:42 ` Julia Lawall
2020-08-27 20:29 ` Joe Perches
2020-08-27 20:29 ` Joe Perches
2020-08-27 21:00 ` Joe Perches
2020-08-27 21:00 ` Joe Perches
2020-08-27 21:29 ` Julia Lawall
2020-08-27 21:29 ` Julia Lawall
2020-08-27 22:03 ` David Laight
2020-08-27 22:03 ` David Laight
2020-08-27 22:11 ` Joe Perches
2020-08-27 22:11 ` Joe Perches
2020-08-27 22:16 ` Kees Cook
2020-08-27 22:16 ` Kees Cook
2020-08-27 21:01 ` Denis Efremov
2020-08-27 21:01 ` Denis Efremov
2020-08-27 21:36 ` Julia Lawall
2020-08-27 21:36 ` Julia Lawall
2020-08-27 21:44 ` Joe Perches
2020-08-27 21:44 ` Joe Perches
2020-08-27 22:38 ` Denis Efremov
2020-08-27 22:38 ` Denis Efremov
2020-08-27 22:48 ` Joe Perches
2020-08-27 22:48 ` Joe Perches
2020-08-27 22:20 ` Kees Cook
2020-08-27 22:20 ` Kees Cook
2020-08-27 22:45 ` Joe Perches
2020-08-27 22:45 ` Joe Perches
2020-08-28 4:12 ` Joe Perches
2020-08-28 4:12 ` Joe Perches
2020-08-28 7:58 ` Kees Cook
2020-08-28 7:58 ` Kees Cook
2020-08-28 8:10 ` Joe Perches
2020-08-28 8:10 ` Joe Perches
2020-08-28 8:22 ` Joe Perches
2020-08-28 8:22 ` Joe Perches
2020-08-28 7:39 ` David Laight
2020-08-28 7:39 ` David Laight
2020-08-27 21:54 ` David Laight
2020-08-27 21:54 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200827174506.GA705950@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=David.Laight@aculab.com \
--cc=accessrunner-general@lists.sourceforge.net \
--cc=alex.dewar90@gmail.com \
--cc=gustavoars@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.