On Mon, Aug 22, 2022 at 5:22 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> Hello Yu Zhao,
>
> The patch e02f70ddcaca: "mm: multi-gen LRU: debugfs interface" from
> Aug 15, 2022, leads to the following Smatch static checker warning:
>
> mm/vmscan.c:5706 lru_gen_seq_write()
> warn: uncapped user index 'cur[end]'
>
> mm/vmscan.c
> 5654 static ssize_t lru_gen_seq_write(struct file *file, const char __user *src,
> 5655 size_t len, loff_t *pos)
...
> 5704 n = sscanf(cur, "%c %u %u %lu %n %u %n %lu %n", &cmd, &memcg_id, &nid,
> 5705 &seq, &end, &swappiness, &end, &opt, &end);
> --> 5706 if (n < 4 || cur[end]) {
> ^^^^^^^^
> The static checker is correct that "end" comes from the user and it
> can be any unsigned int.
Thanks. No, %n is not a conversion -- sscanf() stores the number of
chars consumed so far upon seeing it.
What would be the recommended way to suppress this warning, if there is one?
> This is debugfs code so there is no security
> impact.
>
> 5707 err = -EINVAL;
> 5708 break;
> 5709 }
