Commit 06236821 authored by Takashi Iwai's avatar Takashi Iwai Committed by Will Deacon
Browse files

perf: arm-ccn: Use scnprintf() for robustness 



snprintf() is a hard-to-use function, it's especially difficult to use
it for concatenating substrings in a buffer with a limited size.
Since snprintf() returns the would-be-output size, not the actual
size, the subsequent use of snprintf() may point to the incorrect
position easily.  Although the current code doesn't actually overflow
the buffer, it's an incorrect usage.

This patch replaces such snprintf() calls with a safer version,
scnprintf().

Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarWill Deacon <will@kernel.org>
parent 29cc4cee

drivers/perf/arm-ccn.c

+10 −10
Original line number Diff line number Diff line
@@ -328,15 +328,15 @@ static ssize_t arm_ccn_pmu_event_show(struct device *dev, 
			struct arm_ccn_pmu_event, attr);

	ssize_t res;



	res = snprintf(buf, PAGE_SIZE, "type=0x%x", event->type);

	res = scnprintf(buf, PAGE_SIZE, "type=0x%x", event->type);

	if (event->event)

		res += snprintf(buf + res, PAGE_SIZE - res, ",event=0x%x",

		res += scnprintf(buf + res, PAGE_SIZE - res, ",event=0x%x",

				event->event);

	if (event->def)

		res += snprintf(buf + res, PAGE_SIZE - res, ",%s",

		res += scnprintf(buf + res, PAGE_SIZE - res, ",%s",

				event->def);

	if (event->mask)

		res += snprintf(buf + res, PAGE_SIZE - res, ",mask=0x%x",

		res += scnprintf(buf + res, PAGE_SIZE - res, ",mask=0x%x",

				event->mask);



	/* Arguments required by an event */
@@ -344,25 +344,25 @@ static ssize_t arm_ccn_pmu_event_show(struct device *dev, 
	case CCN_TYPE_CYCLES:

		break;

	case CCN_TYPE_XP:

		res += snprintf(buf + res, PAGE_SIZE - res,

		res += scnprintf(buf + res, PAGE_SIZE - res,

				",xp=?,vc=?");

		if (event->event == CCN_EVENT_WATCHPOINT)

			res += snprintf(buf + res, PAGE_SIZE - res,

			res += scnprintf(buf + res, PAGE_SIZE - res,

					",port=?,dir=?,cmp_l=?,cmp_h=?,mask=?");

		else

			res += snprintf(buf + res, PAGE_SIZE - res,

			res += scnprintf(buf + res, PAGE_SIZE - res,

					",bus=?");



		break;

	case CCN_TYPE_MN:

		res += snprintf(buf + res, PAGE_SIZE - res, ",node=%d", ccn->mn_id);

		res += scnprintf(buf + res, PAGE_SIZE - res, ",node=%d", ccn->mn_id);

		break;

	default:

		res += snprintf(buf + res, PAGE_SIZE - res, ",node=?");

		res += scnprintf(buf + res, PAGE_SIZE - res, ",node=?");

		break;

	}



	res += snprintf(buf + res, PAGE_SIZE - res, "\n");

	res += scnprintf(buf + res, PAGE_SIZE - res, "\n");



	return res;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE