From: Josh Law <objecting@objecting.org>
To: Masami Hiramatsu <mhiramat@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>
Cc: Steven Rostedt <rostedt@goodmis.org>,
linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: [PATCH v3] lib/bootconfig: guard xbc_node_compose_key_after() buffer size
Date: Tue, 17 Mar 2026 18:15:56 +0000 [thread overview]
Message-ID: <20260317181556.53417-1-objecting@objecting.org> (raw)
xbc_node_compose_key_after() passes a size_t buffer length to
snprintf(), but snprintf() returns int. Guard against size values above
INT_MAX before the loop so the existing truncation check can continue to
compare ret against (int)size safely.
Add a small WARN_ON_ONCE shim for the tools/bootconfig userspace build
so the same source continues to build there.
Changes since v2:
- Added a comment explaining the INT_MAX guard.
Changes since v1:
- Removed casting ret to size_t; with the INT_MAX guard, the existing
ret >= (int)size check is sufficient, per Steven Rostedt.
- Link to v1:
https://lore.kernel.org/all/20260317173703.46092-1-objecting@objecting.org/
Signed-off-by: Josh Law <objecting@objecting.org>
---
lib/bootconfig.c | 8 ++++++++
tools/bootconfig/include/linux/bootconfig.h | 5 +++++
2 files changed, 13 insertions(+)
diff --git a/lib/bootconfig.c b/lib/bootconfig.c
index 96cbe6738ffe..2a54b51dec5c 100644
--- a/lib/bootconfig.c
+++ b/lib/bootconfig.c
@@ -313,6 +313,14 @@ int __init xbc_node_compose_key_after(struct xbc_node *root,
if (!node && root)
return -EINVAL;
+ /*
+ * Bootconfig strings never need multi-GB buffers. Reject sizes
+ * above INT_MAX so snprintf()'s int return value cannot overflow
+ * the truncation check below.
+ */
+ if (WARN_ON_ONCE(size > INT_MAX))
+ return -EINVAL;
+
while (--depth >= 0) {
node = xbc_nodes + keys[depth];
ret = snprintf(buf, size, "%s%s", xbc_node_get_data(node),
diff --git a/tools/bootconfig/include/linux/bootconfig.h b/tools/bootconfig/include/linux/bootconfig.h
index 6784296a0692..48383c10e036 100644
--- a/tools/bootconfig/include/linux/bootconfig.h
+++ b/tools/bootconfig/include/linux/bootconfig.h
@@ -8,6 +8,7 @@
#include <stdbool.h>
#include <ctype.h>
#include <errno.h>
+#include <limits.h>
#include <string.h>
@@ -19,6 +20,10 @@
((cond) ? printf("Internal warning(%s:%d, %s): %s\n", \
__FILE__, __LINE__, __func__, #cond) : 0)
+#ifndef WARN_ON_ONCE
+#define WARN_ON_ONCE(cond) WARN_ON(cond)
+#endif
+
#define unlikely(cond) (cond)
/* Copied from lib/string.c */
--
2.34.1
next reply other threads:[~2026-03-17 18:16 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-17 18:15 Josh Law [this message]
2026-03-17 20:37 ` [PATCH v3] lib/bootconfig: guard xbc_node_compose_key_after() buffer size Steven Rostedt
2026-03-17 20:43 ` Josh Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260317181556.53417-1-objecting@objecting.org \
--to=objecting@objecting.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.