On Fri, Aug 04, 2023 at 12:22:09PM +0200, Greg Kroah-Hartman wrote:
> On Tue, Aug 01, 2023 at 02:30:44PM -0700, Brennan Lamoreaux wrote:
> > From: Joe Perches <joe@xxxxxxxxxxx>
> >
> > commit aa838896d87af561a33ecefea1caa4c15a68bc47 upstream
> >
> > Convert the various sprintf fmaily calls in sysfs device show functions
> > to sysfs_emit and sysfs_emit_at for PAGE_SIZE buffer safety.
> >
> > Done with:
> >
> > $ spatch -sp-file sysfs_emit_dev.cocci --in-place --max-width=80 .
> >
> > And cocci script:
> >
> > $ cat sysfs_emit_dev.cocci
> > @@
> > identifier d_show;
> > identifier dev, attr, buf;
> > @@
> >
> > ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
> > {
> > <...
> > return
> > - sprintf(buf,
> > + sysfs_emit(buf,
> > ...);
> > ...>
> > }
> >
> > @@
> > identifier d_show;
> > identifier dev, attr, buf;
> > @@
> >
> > ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
> > {
> > <...
> > return
> > - snprintf(buf, PAGE_SIZE,
> > + sysfs_emit(buf,
> > ...);
> > ...>
> > }
> >
> > @@
> > identifier d_show;
> > identifier dev, attr, buf;
> > @@
> >
> > ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
> > {
> > <...
> > return
> > - scnprintf(buf, PAGE_SIZE,
> > + sysfs_emit(buf,
> > ...);
> > ...>
> > }
> >
> > @@
> > identifier d_show;
> > identifier dev, attr, buf;
> > expression chr;
> > @@
> >
> > ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
> > {
> > <...
> > return
> > - strcpy(buf, chr);
> > + sysfs_emit(buf, chr);
> > ...>
> > }
> >
> > @@
> > identifier d_show;
> > identifier dev, attr, buf;
> > identifier len;
> > @@
> >
> > ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
> > {
> > <...
> > len =
> > - sprintf(buf,
> > + sysfs_emit(buf,
> > ...);
> > ...>
> > return len;
> > }
> >
> > @@
> > identifier d_show;
> > identifier dev, attr, buf;
> > identifier len;
> > @@
> >
> > ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
> > {
> > <...
> > len =
> > - snprintf(buf, PAGE_SIZE,
> > + sysfs_emit(buf,
> > ...);
> > ...>
> > return len;
> > }
> >
> > @@
> > identifier d_show;
> > identifier dev, attr, buf;
> > identifier len;
> > @@
> >
> > ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
> > {
> > <...
> > len =
> > - scnprintf(buf, PAGE_SIZE,
> > + sysfs_emit(buf,
> > ...);
> > ...>
> > return len;
> > }
> >
> > @@
> > identifier d_show;
> > identifier dev, attr, buf;
> > identifier len;
> > @@
> >
> > ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
> > {
> > <...
> > - len += scnprintf(buf + len, PAGE_SIZE - len,
> > + len += sysfs_emit_at(buf, len,
> > ...);
> > ...>
> > return len;
> > }
> >
> > @@
> > identifier d_show;
> > identifier dev, attr, buf;
> > expression chr;
> > @@
> >
> > ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
> > {
> > ...
> > - strcpy(buf, chr);
> > - return strlen(buf);
> > + return sysfs_emit(buf, chr);
> > }
> >
> > Signed-off-by: Joe Perches <joe@xxxxxxxxxxx>
> > Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.1600285923.git.joe@xxxxxxxxxxx
> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> > [ Brennan : Regenerated for 4.19 to fix CVE-2022-20166 ]
> > Signed-off-by: Brennan Lamoreaux <blamoreaux@xxxxxxxxxx>
>
> Thanks, now queued up.
Nope, now dropped, this didn't even build. How did you test this thing?
{sigh}
greg k-h
