On Tue, Jan 13, 2015 at 05:30:20PM +0000, James Bottomley wrote: > Just for everyone's sake the problem is printk format strings (and all > the things that indirect there, like pr_xxx and dev_printk). We must > never pass a mutable string directly to printk because of the mayhem > that would result if its contents were altered by the user (because some > of the things we do in string format parsing are very dangerous), making > this a potential security issue. Only ever pass static strings (in the > ro section) to printk formats. > > So this is wrong: > > dev_printk(KERN_INFO, dev, logbuf); > > This is correct: > > dev_printk(KERN_INFO, dev, "%s", logbuf); In this case the logbug comes from actually doing just that string formatting earlier in the function, so it practice it's harmles. It would be useful to have a dev_puts to avoid that reinterpretation again, though. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
