[PATCH 0/2] scsi: myrb: Fix a potential string truncation

[PATCH 0/2] scsi: myrb: Fix a potential string truncation

[Christophe JAILLET]

Patch 1/2 fixes a potential string truncation issue in rebuild_show(). It is
intended to be minimal in order to ease potential backport.

Patch 2/2 is a bigger patch that turns some snprintf() usage in _show functions
into preferred sysfs_emit() calls.
This patch overrides the changes made in 1/2.


There is another warning when building with W=1:
    1051 |                 "%u.%02u-%c-%02u",
         |                 ^~~~~~~~~~~~~~~~~
   drivers/scsi/myrb.c:1050:9: note: ‘snprintf’ output between 10 and 14 bytes into a destination of size 12
but I think that it is a false positive because snprintf() in Linux does not
strickly folows the standard C behavior of snprintf(). If I understand correctly
Linux handles %02u when C ignores it.

Christophe JAILLET (2):
  scsi: myrb: Fix a potential string truncation in rebuild_show()
  scsi: myrb: Use sysfs_emit()

 drivers/scsi/myrb.c | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

-- 
2.34.1

[PATCH 1/2] scsi: myrb: Fix a potential string truncation in rebuild_show()

[Christophe JAILLET]

"physical device - not rebuilding\n" is 34 bytes long. When written in
'buf' with a limit of 32 bytes, it is truncated.

When building with W=1, it leads to:
   drivers/scsi/myrb.c: In function ‘rebuild_show’:
   drivers/scsi/myrb.c:1906:24: error: ‘physical device - not rebuil...’ directive output truncated writing 33 bytes into a region of size 32 [-Werror=format-truncation=]
    1906 |                 return snprintf(buf, 32, "physical device - not rebuilding\n");
         |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/scsi/myrb.c:1906:24: note: ‘snprintf’ output 34 bytes into a destination of size 32

Change the allowed size to 64 to fix the issue.

Fixes: 081ff398c56c ("scsi: myrb: Add Mylex RAID controller (block interface)")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
 drivers/scsi/myrb.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/scsi/myrb.c b/drivers/scsi/myrb.c
index ca2e932dd9b7..ca2380d2d6d3 100644
--- a/drivers/scsi/myrb.c
+++ b/drivers/scsi/myrb.c
@@ -1903,15 +1903,15 @@ static ssize_t rebuild_show(struct device *dev,
 	unsigned char status;
 
 	if (sdev->channel < myrb_logical_channel(sdev->host))
-		return snprintf(buf, 32, "physical device - not rebuilding\n");
+		return snprintf(buf, 64, "physical device - not rebuilding\n");
 
 	status = myrb_get_rbld_progress(cb, &rbld_buf);
 
 	if (rbld_buf.ldev_num != sdev->id ||
 	    status != MYRB_STATUS_SUCCESS)
-		return snprintf(buf, 32, "not rebuilding\n");
+		return snprintf(buf, 64, "not rebuilding\n");
 
-	return snprintf(buf, 32, "rebuilding block %u of %u\n",
+	return snprintf(buf, 64, "rebuilding block %u of %u\n",
 			rbld_buf.ldev_size - rbld_buf.blocks_left,
 			rbld_buf.ldev_size);
 }
-- 
2.34.1

Re: [PATCH 1/2] scsi: myrb: Fix a potential string truncation in rebuild_show()

[Bart Van Assche]

On 12/12/23 10:09, Christophe JAILLET wrote:
> "physical device - not rebuilding\n" is 34 bytes long. When written in
> 'buf' with a limit of 32 bytes, it is truncated.
> 
> When building with W=1, it leads to:
>     drivers/scsi/myrb.c: In function ‘rebuild_show’:
>     drivers/scsi/myrb.c:1906:24: error: ‘physical device - not rebuil...’ directive output truncated writing 33 bytes into a region of size 32 [-Werror=format-truncation=]
>      1906 |                 return snprintf(buf, 32, "physical device - not rebuilding\n");
>           |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     drivers/scsi/myrb.c:1906:24: note: ‘snprintf’ output 34 bytes into a destination of size 32
> 
> Change the allowed size to 64 to fix the issue.
> 
> Fixes: 081ff398c56c ("scsi: myrb: Add Mylex RAID controller (block interface)")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ---
>   drivers/scsi/myrb.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/scsi/myrb.c b/drivers/scsi/myrb.c
> index ca2e932dd9b7..ca2380d2d6d3 100644
> --- a/drivers/scsi/myrb.c
> +++ b/drivers/scsi/myrb.c
> @@ -1903,15 +1903,15 @@ static ssize_t rebuild_show(struct device *dev,
>   	unsigned char status;
>   
>   	if (sdev->channel < myrb_logical_channel(sdev->host))
> -		return snprintf(buf, 32, "physical device - not rebuilding\n");
> +		return snprintf(buf, 64, "physical device - not rebuilding\n");
>   
>   	status = myrb_get_rbld_progress(cb, &rbld_buf);
>   
>   	if (rbld_buf.ldev_num != sdev->id ||
>   	    status != MYRB_STATUS_SUCCESS)
> -		return snprintf(buf, 32, "not rebuilding\n");
> +		return snprintf(buf, 64, "not rebuilding\n");
>   
> -	return snprintf(buf, 32, "rebuilding block %u of %u\n",
> +	return snprintf(buf, 64, "rebuilding block %u of %u\n",
>   			rbld_buf.ldev_size - rbld_buf.blocks_left,
>   			rbld_buf.ldev_size);
>   }

Anyone who sees the resulting code without having seen the above patch will
wonder where the magic number '64' comes from. Please use sysfs_emit() instead
of snprintf(buf, 64, ...).

Thanks,

Bart.

Re: [PATCH 1/2] scsi: myrb: Fix a potential string truncation in rebuild_show()

[Christophe JAILLET]

Le 12/12/2023 à 21:14, Bart Van Assche a écrit :
> On 12/12/23 10:09, Christophe JAILLET wrote:
>> "physical device - not rebuilding\n" is 34 bytes long. When written in
>> 'buf' with a limit of 32 bytes, it is truncated.
>>
>> When building with W=1, it leads to:
>>     drivers/scsi/myrb.c: In function ‘rebuild_show’:
>>     drivers/scsi/myrb.c:1906:24: error: ‘physical device - not 
>> rebuil...’ directive output truncated writing 33 bytes into a region 
>> of size 32 [-Werror=format-truncation=]
>>      1906 |                 return snprintf(buf, 32, "physical device 
>> - not rebuilding\n");
>>           |                        
>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>     drivers/scsi/myrb.c:1906:24: note: ‘snprintf’ output 34 bytes into 
>> a destination of size 32
>>
>> Change the allowed size to 64 to fix the issue.
>>
>> Fixes: 081ff398c56c ("scsi: myrb: Add Mylex RAID controller (block 
>> interface)")
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
>> ---
>>   drivers/scsi/myrb.c | 6 +++---
>>   1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/scsi/myrb.c b/drivers/scsi/myrb.c
>> index ca2e932dd9b7..ca2380d2d6d3 100644
>> --- a/drivers/scsi/myrb.c
>> +++ b/drivers/scsi/myrb.c
>> @@ -1903,15 +1903,15 @@ static ssize_t rebuild_show(struct device *dev,
>>       unsigned char status;
>>       if (sdev->channel < myrb_logical_channel(sdev->host))
>> -        return snprintf(buf, 32, "physical device - not rebuilding\n");
>> +        return snprintf(buf, 64, "physical device - not rebuilding\n");
>>       status = myrb_get_rbld_progress(cb, &rbld_buf);
>>       if (rbld_buf.ldev_num != sdev->id ||
>>           status != MYRB_STATUS_SUCCESS)
>> -        return snprintf(buf, 32, "not rebuilding\n");
>> +        return snprintf(buf, 64, "not rebuilding\n");
>> -    return snprintf(buf, 32, "rebuilding block %u of %u\n",
>> +    return snprintf(buf, 64, "rebuilding block %u of %u\n",
>>               rbld_buf.ldev_size - rbld_buf.blocks_left,
>>               rbld_buf.ldev_size);
>>   }
> 
> Anyone who sees the resulting code without having seen the above patch will
> wonder where the magic number '64' comes from. Please use sysfs_emit() 
> instead
> of snprintf(buf, 64, ...).

Ok.

In this case, do you still prefer 2 patches (one to fix rebuild_show() 
and one for all the other _show function) or only 1 with everything in it?

CJ

> 
> Thanks,
> 
> Bart.
> 

Re: [PATCH 1/2] scsi: myrb: Fix a potential string truncation in rebuild_show()

[Bart Van Assche]

On 12/12/23 10:20, Christophe JAILLET wrote:
> In this case, do you still prefer 2 patches (one to fix
> rebuild_show() and one for all the other _show function) or only 1
> with everything in it?
One patch with all the changes is probably better.

Thanks,

Bart.

[PATCH 2/2] scsi: myrb: Use sysfs_emit()

[Christophe JAILLET]

In order to avoid hard-coded limits in _show() function, use the preferred
sysfs_emit() that knows better about it.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
 drivers/scsi/myrb.c | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/drivers/scsi/myrb.c b/drivers/scsi/myrb.c
index ca2380d2d6d3..06a5e6fb9f99 100644
--- a/drivers/scsi/myrb.c
+++ b/drivers/scsi/myrb.c
@@ -1767,7 +1767,7 @@ static ssize_t raid_state_show(struct device *dev,
 	int ret;
 
 	if (!sdev->hostdata)
-		return snprintf(buf, 16, "Unknown\n");
+		return sysfs_emit(buf, "Unknown\n");
 
 	if (sdev->channel == myrb_logical_channel(sdev->host)) {
 		struct myrb_ldev_info *ldev_info = sdev->hostdata;
@@ -1775,10 +1775,10 @@ static ssize_t raid_state_show(struct device *dev,
 
 		name = myrb_devstate_name(ldev_info->state);
 		if (name)
-			ret = snprintf(buf, 32, "%s\n", name);
+			ret = sysfs_emit(buf, "%s\n", name);
 		else
-			ret = snprintf(buf, 32, "Invalid (%02X)\n",
-				       ldev_info->state);
+			ret = sysfs_emit(buf, "Invalid (%02X)\n",
+					 ldev_info->state);
 	} else {
 		struct myrb_pdev_state *pdev_info = sdev->hostdata;
 		unsigned short status;
@@ -1796,10 +1796,10 @@ static ssize_t raid_state_show(struct device *dev,
 		else
 			name = myrb_devstate_name(pdev_info->state);
 		if (name)
-			ret = snprintf(buf, 32, "%s\n", name);
+			ret = sysfs_emit(buf, "%s\n", name);
 		else
-			ret = snprintf(buf, 32, "Invalid (%02X)\n",
-				       pdev_info->state);
+			ret = sysfs_emit(buf, "Invalid (%02X)\n",
+					 pdev_info->state);
 	}
 	return ret;
 }
@@ -1886,11 +1886,11 @@ static ssize_t raid_level_show(struct device *dev,
 
 		name = myrb_raidlevel_name(ldev_info->raid_level);
 		if (!name)
-			return snprintf(buf, 32, "Invalid (%02X)\n",
-					ldev_info->state);
-		return snprintf(buf, 32, "%s\n", name);
+			return sysfs_emit(buf, "Invalid (%02X)\n",
+					  ldev_info->state);
+		return sysfs_emit(buf, "%s\n", name);
 	}
-	return snprintf(buf, 32, "Physical Drive\n");
+	return sysfs_emit(buf, "Physical Drive\n");
 }
 static DEVICE_ATTR_RO(raid_level);
 
@@ -1903,17 +1903,17 @@ static ssize_t rebuild_show(struct device *dev,
 	unsigned char status;
 
 	if (sdev->channel < myrb_logical_channel(sdev->host))
-		return snprintf(buf, 64, "physical device - not rebuilding\n");
+		return sysfs_emit(buf, "physical device - not rebuilding\n");
 
 	status = myrb_get_rbld_progress(cb, &rbld_buf);
 
 	if (rbld_buf.ldev_num != sdev->id ||
 	    status != MYRB_STATUS_SUCCESS)
-		return snprintf(buf, 64, "not rebuilding\n");
+		return sysfs_emit(buf, "not rebuilding\n");
 
-	return snprintf(buf, 64, "rebuilding block %u of %u\n",
-			rbld_buf.ldev_size - rbld_buf.blocks_left,
-			rbld_buf.ldev_size);
+	return sysfs_emit(buf, "rebuilding block %u of %u\n",
+			  rbld_buf.ldev_size - rbld_buf.blocks_left,
+			  rbld_buf.ldev_size);
 }
 
 static ssize_t rebuild_store(struct device *dev,
@@ -2140,7 +2140,7 @@ static ssize_t ctlr_num_show(struct device *dev,
 	struct Scsi_Host *shost = class_to_shost(dev);
 	struct myrb_hba *cb = shost_priv(shost);
 
-	return snprintf(buf, 20, "%u\n", cb->ctlr_num);
+	return sysfs_emit(buf, "%u\n", cb->ctlr_num);
 }
 static DEVICE_ATTR_RO(ctlr_num);
 
@@ -2150,7 +2150,7 @@ static ssize_t firmware_show(struct device *dev,
 	struct Scsi_Host *shost = class_to_shost(dev);
 	struct myrb_hba *cb = shost_priv(shost);
 
-	return snprintf(buf, 16, "%s\n", cb->fw_version);
+	return sysfs_emit(buf, "%s\n", cb->fw_version);
 }
 static DEVICE_ATTR_RO(firmware);
 
@@ -2160,7 +2160,7 @@ static ssize_t model_show(struct device *dev,
 	struct Scsi_Host *shost = class_to_shost(dev);
 	struct myrb_hba *cb = shost_priv(shost);
 
-	return snprintf(buf, 16, "%s\n", cb->model_name);
+	return sysfs_emit(buf, "%s\n", cb->model_name);
 }
 static DEVICE_ATTR_RO(model);
 
-- 
2.34.1