From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
To: Josh Law <objecting@objecting.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Steven Rostedt <rostedt@goodmis.org>,
linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: Re: [PATCH v4] lib/bootconfig: guard xbc_node_compose_key_after() buffer size
Date: Wed, 18 Mar 2026 08:03:51 +0900 [thread overview]
Message-ID: <20260318080351.dae637f4b5909bd9f81b27d2@kernel.org> (raw)
In-Reply-To: <20260317204403.72375-1-objecting@objecting.org>
On Tue, 17 Mar 2026 20:44:03 +0000
Josh Law <objecting@objecting.org> wrote:
> xbc_node_compose_key_after() passes a size_t buffer length to
> snprintf(), but snprintf() returns int. Guard against size values above
> INT_MAX before the loop so the existing truncation check can continue to
> compare ret against (int)size safely.
>
> Add a small WARN_ON_ONCE shim for the tools/bootconfig userspace build
> so the same source continues to build there.
NACK.
Don't do such over engineering effort.
Thanks,
>
> Signed-off-by: Josh Law <objecting@objecting.org>
> Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
> ---
> Changes since v3:
> - Moved the revision history below the --- separator so it does not
> become part of the git commit.
> - Added Reviewed-by from Steven Rostedt.
>
> Changes since v2:
> - Added a comment explaining the INT_MAX guard.
>
> Changes since v1:
> - Removed casting ret to size_t; with the INT_MAX guard, the existing
> ret >= (int)size check is sufficient, per Steven Rostedt.
> - Link to v1:
> https://lore.kernel.org/all/20260317173703.46092-1-objecting@objecting.org/
>
> lib/bootconfig.c | 8 ++++++++
> tools/bootconfig/include/linux/bootconfig.h | 5 +++++
> 2 files changed, 13 insertions(+)
>
> diff --git a/lib/bootconfig.c b/lib/bootconfig.c
> index 96cbe6738ffe..2a54b51dec5c 100644
> --- a/lib/bootconfig.c
> +++ b/lib/bootconfig.c
> @@ -313,6 +313,14 @@ int __init xbc_node_compose_key_after(struct xbc_node *root,
> if (!node && root)
> return -EINVAL;
>
> + /*
> + * Bootconfig strings never need multi-GB buffers. Reject sizes
> + * above INT_MAX so snprintf()'s int return value cannot overflow
> + * the truncation check below.
> + */
> + if (WARN_ON_ONCE(size > INT_MAX))
> + return -EINVAL;
> +
> while (--depth >= 0) {
> node = xbc_nodes + keys[depth];
> ret = snprintf(buf, size, "%s%s", xbc_node_get_data(node),
> diff --git a/tools/bootconfig/include/linux/bootconfig.h b/tools/bootconfig/include/linux/bootconfig.h
> index 6784296a0692..48383c10e036 100644
> --- a/tools/bootconfig/include/linux/bootconfig.h
> +++ b/tools/bootconfig/include/linux/bootconfig.h
> @@ -8,6 +8,7 @@
> #include <stdbool.h>
> #include <ctype.h>
> #include <errno.h>
> +#include <limits.h>
> #include <string.h>
>
>
> @@ -19,6 +20,10 @@
> ((cond) ? printf("Internal warning(%s:%d, %s): %s\n", \
> __FILE__, __LINE__, __func__, #cond) : 0)
>
> +#ifndef WARN_ON_ONCE
> +#define WARN_ON_ONCE(cond) WARN_ON(cond)
> +#endif
> +
> #define unlikely(cond) (cond)
>
> /* Copied from lib/string.c */
> --
> 2.34.1
>
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
next prev parent reply other threads:[~2026-03-17 23:03 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-17 20:44 [PATCH v4] lib/bootconfig: guard xbc_node_compose_key_after() buffer size Josh Law
2026-03-17 23:03 ` Masami Hiramatsu [this message]
2026-03-17 23:16 ` Steven Rostedt
2026-03-18 0:02 ` Masami Hiramatsu
2026-03-18 0:43 ` Steven Rostedt
2026-03-18 3:07 ` Masami Hiramatsu
2026-03-18 13:45 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260318080351.dae637f4b5909bd9f81b27d2@kernel.org \
--to=mhiramat@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=objecting@objecting.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox