Patch "kdb: address -Wformat-security warnings" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 28 Jul 2024 21:10:39 -0400

This is a note to let you know that I've just added the patch titled

    kdb: address -Wformat-security warnings

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kdb-address-wformat-security-warnings.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 10dbbf747da305f0f60ef8940d274f5d3db1c7a7
Author: Arnd Bergmann <arnd@xxxxxxxx>
Date:   Tue May 28 14:11:48 2024 +0200

    kdb: address -Wformat-security warnings
    
    [ Upstream commit 70867efacf4370b6c7cdfc7a5b11300e9ef7de64 ]
    
    When -Wformat-security is not disabled, using a string pointer
    as a format causes a warning:
    
    kernel/debug/kdb/kdb_io.c: In function 'kdb_read':
    kernel/debug/kdb/kdb_io.c:365:36: error: format not a string literal and no format arguments [-Werror=format-security]
      365 |                         kdb_printf(kdb_prompt_str);
          |                                    ^~~~~~~~~~~~~~
    kernel/debug/kdb/kdb_io.c: In function 'kdb_getstr':
    kernel/debug/kdb/kdb_io.c:456:20: error: format not a string literal and no format arguments [-Werror=format-security]
      456 |         kdb_printf(kdb_prompt_str);
          |                    ^~~~~~~~~~~~~~
    
    Use an explcit "%s" format instead.
    
    Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
    Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)")
    Reviewed-by: Douglas Anderson <dianders@xxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240528121154.3662553-1-arnd@xxxxxxxxxx
    Signed-off-by: Daniel Thompson <daniel.thompson@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
index 2aeaf9765b248..2d65da509f699 100644
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -371,7 +371,7 @@ static char *kdb_read(char *buffer, size_t bufsize)
 			if (i >= dtab_count)
 				kdb_printf("...");
 			kdb_printf("\n");
-			kdb_printf(kdb_prompt_str);
+			kdb_printf("%s",  kdb_prompt_str);
 			kdb_printf("%s", buffer);
 			if (cp != lastchar)
 				kdb_position_cursor(kdb_prompt_str, buffer, cp);
@@ -463,7 +463,7 @@ char *kdb_getstr(char *buffer, size_t bufsize, const char *prompt)
 {
 	if (prompt && kdb_prompt_str != prompt)
 		strscpy(kdb_prompt_str, prompt, CMD_BUFLEN);
-	kdb_printf(kdb_prompt_str);
+	kdb_printf("%s", kdb_prompt_str);
 	kdb_nextline = 1;	/* Prompt and input resets line number */
 	return kdb_read(buffer, bufsize);
 }







