Merge branch 'net-Use-scnprintf-for-avoiding-potential-buffer-overflow'

		return 0;

	/* Print out debug information. */

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "CAIF SPI debug information:\n");

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len), FLAVOR);

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len), FLAVOR);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "STATE: %d\n", cfspi->dbg_state);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Previous CMD: 0x%x\n", cfspi->pcmd);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Current CMD: 0x%x\n", cfspi->cmd);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Previous TX len: %d\n", cfspi->tx_ppck_len);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Previous RX len: %d\n", cfspi->rx_ppck_len);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Current TX len: %d\n", cfspi->tx_cpck_len);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Current RX len: %d\n", cfspi->rx_cpck_len);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Next TX len: %d\n", cfspi->tx_npck_len);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Next RX len: %d\n", cfspi->rx_npck_len);

	if (len > DEBUGFS_BUF_SIZE)

	int len = 0;

	int i;

	for (i = 0; i < count; i++) {

		len += snprintf((buf + len), (size - len),

		len += scnprintf((buf + len), (size - len),

					"[0x" BYTE_HEX_FMT "]",

					frm[i]);

		if ((i == cut) && (count > (cut * 2))) {

			/* Fast forward. */

			i = count - cut;

			len += snprintf((buf + len), (size - len),

			len += scnprintf((buf + len), (size - len),

					 "--- %zu bytes skipped ---\n",

					 count - (cut * 2));

		}

		if ((!(i % 10)) && i) {

			len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

					 "\n");

		}

	}

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len), "\n");

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len), "\n");

	return len;

}

		return 0;

	/* Print out debug information. */

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Current frame:\n");

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Tx data (Len: %d):\n", cfspi->tx_cpck_len);

	len += print_frame((buf + len), (DEBUGFS_BUF_SIZE - len),

			   cfspi->xfer.va_tx[0],

			   (cfspi->tx_cpck_len + SPI_CMD_SZ), 100);

	len += snprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

	len += scnprintf((buf + len), (DEBUGFS_BUF_SIZE - len),

			 "Rx data (Len: %d):\n", cfspi->rx_cpck_len);

	len += print_frame((buf + len), (DEBUGFS_BUF_SIZE - len),

	int len = 0;

	mlx4_err(dev, "%s", str);

	len += snprintf(buf + len, BUF_SIZE - len,

	len += scnprintf(buf + len, BUF_SIZE - len,

			 "port = %d prio = 0x%x qp = 0x%x ",

			 rule->port, rule->priority, rule->qpn);

	list_for_each_entry(cur, &rule->list, list) {

		switch (cur->id) {

		case MLX4_NET_TRANS_RULE_ID_ETH:

			len += snprintf(buf + len, BUF_SIZE - len,

			len += scnprintf(buf + len, BUF_SIZE - len,

					 "dmac = %pM ", &cur->eth.dst_mac);

			if (cur->eth.ether_type)

				len += snprintf(buf + len, BUF_SIZE - len,

				len += scnprintf(buf + len, BUF_SIZE - len,

						 "ethertype = 0x%x ",

						 be16_to_cpu(cur->eth.ether_type));

			if (cur->eth.vlan_id)

				len += snprintf(buf + len, BUF_SIZE - len,

				len += scnprintf(buf + len, BUF_SIZE - len,

						 "vlan-id = %d ",

						 be16_to_cpu(cur->eth.vlan_id));

			break;

		case MLX4_NET_TRANS_RULE_ID_IPV4:

			if (cur->ipv4.src_ip)

				len += snprintf(buf + len, BUF_SIZE - len,

				len += scnprintf(buf + len, BUF_SIZE - len,

						 "src-ip = %pI4 ",

						 &cur->ipv4.src_ip);

			if (cur->ipv4.dst_ip)

				len += snprintf(buf + len, BUF_SIZE - len,

				len += scnprintf(buf + len, BUF_SIZE - len,

						 "dst-ip = %pI4 ",

						 &cur->ipv4.dst_ip);

			break;

		case MLX4_NET_TRANS_RULE_ID_TCP:

		case MLX4_NET_TRANS_RULE_ID_UDP:

			if (cur->tcp_udp.src_port)

				len += snprintf(buf + len, BUF_SIZE - len,

				len += scnprintf(buf + len, BUF_SIZE - len,

						 "src-port = %d ",

						 be16_to_cpu(cur->tcp_udp.src_port));

			if (cur->tcp_udp.dst_port)

				len += snprintf(buf + len, BUF_SIZE - len,

				len += scnprintf(buf + len, BUF_SIZE - len,

						 "dst-port = %d ",

						 be16_to_cpu(cur->tcp_udp.dst_port));

			break;

		case MLX4_NET_TRANS_RULE_ID_IB:

			len += snprintf(buf + len, BUF_SIZE - len,

			len += scnprintf(buf + len, BUF_SIZE - len,

					 "dst-gid = %pI6\n", cur->ib.dst_gid);

			len += snprintf(buf + len, BUF_SIZE - len,

			len += scnprintf(buf + len, BUF_SIZE - len,

					 "dst-gid-mask = %pI6\n",

					 cur->ib.dst_gid_msk);

			break;

		case MLX4_NET_TRANS_RULE_ID_VXLAN:

			len += snprintf(buf + len, BUF_SIZE - len,

			len += scnprintf(buf + len, BUF_SIZE - len,

					 "VNID = %d ", be32_to_cpu(cur->vxlan.vni));

			break;

		case MLX4_NET_TRANS_RULE_ID_IPV6:

			break;

		}

	}

	len += snprintf(buf + len, BUF_SIZE - len, "\n");

	len += scnprintf(buf + len, BUF_SIZE - len, "\n");

	mlx4_err(dev, "%s", buf);

	if (len >= BUF_SIZE)

	if (bar->iomem) {

		int pf;

		msg += snprintf(msg, end - msg,	"0.0: General/MSI-X SRAM, ");

		msg += scnprintf(msg, end - msg, "0.0: General/MSI-X SRAM, ");

		atomic_inc(&bar->refcnt);

		bars_free--;

	/* Configure, and lock, BAR0.1 for PCIe XPB (MSI-X PBA) */

	bar = &nfp->bar[1];

	msg += snprintf(msg, end - msg, "0.1: PCIe XPB/MSI-X PBA, ");

	msg += scnprintf(msg, end - msg, "0.1: PCIe XPB/MSI-X PBA, ");

	atomic_inc(&bar->refcnt);

	bars_free--;

		bar->iomem = ioremap(nfp_bar_resource_start(bar),

					     nfp_bar_resource_len(bar));

		if (bar->iomem) {

			msg += snprintf(msg, end - msg,

			msg += scnprintf(msg, end - msg,

					 "0.%d: Explicit%d, ", 4 + i, i);

			atomic_inc(&bar->refcnt);

			bars_free--;

	int i;

#define REMAIN(__x) (sizeof(buf) - (__x))

	i = snprintf(buf, sizeof(buf), "rx_mode 0x%04x -> 0x%04x:",

	i = scnprintf(buf, sizeof(buf), "rx_mode 0x%04x -> 0x%04x:",

		      lif->rx_mode, rx_mode);

	if (rx_mode & IONIC_RX_MODE_F_UNICAST)

		i += snprintf(&buf[i], REMAIN(i), " RX_MODE_F_UNICAST");

		i += scnprintf(&buf[i], REMAIN(i), " RX_MODE_F_UNICAST");

	if (rx_mode & IONIC_RX_MODE_F_MULTICAST)

		i += snprintf(&buf[i], REMAIN(i), " RX_MODE_F_MULTICAST");

		i += scnprintf(&buf[i], REMAIN(i), " RX_MODE_F_MULTICAST");

	if (rx_mode & IONIC_RX_MODE_F_BROADCAST)

		i += snprintf(&buf[i], REMAIN(i), " RX_MODE_F_BROADCAST");

		i += scnprintf(&buf[i], REMAIN(i), " RX_MODE_F_BROADCAST");

	if (rx_mode & IONIC_RX_MODE_F_PROMISC)

		i += snprintf(&buf[i], REMAIN(i), " RX_MODE_F_PROMISC");

		i += scnprintf(&buf[i], REMAIN(i), " RX_MODE_F_PROMISC");

	if (rx_mode & IONIC_RX_MODE_F_ALLMULTI)

		i += snprintf(&buf[i], REMAIN(i), " RX_MODE_F_ALLMULTI");

		i += scnprintf(&buf[i], REMAIN(i), " RX_MODE_F_ALLMULTI");

	netdev_dbg(lif->netdev, "lif%d %s\n", lif->index, buf);

	err = ionic_adminq_post_wait(lif, &ctx);

		 * progress on a NIC at any one time.  So no need for locking.

		 */

		for (i = 0; i < hdr_len / 4 && bytes < PAGE_SIZE; i++)

			bytes += snprintf(buf + bytes, PAGE_SIZE - bytes,

					  " %08x", le32_to_cpu(hdr[i].u32[0]));

			bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes,

					   " %08x",

					   le32_to_cpu(hdr[i].u32[0]));

		for (i = 0; i < inlen / 4 && bytes < PAGE_SIZE; i++)

			bytes += snprintf(buf + bytes, PAGE_SIZE - bytes,

					  " %08x", le32_to_cpu(inbuf[i].u32[0]));

			bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes,

					   " %08x",

					   le32_to_cpu(inbuf[i].u32[0]));

		netif_info(efx, hw, efx->net_dev, "MCDI RPC REQ:%s\n", buf);

	}

		 */

		for (i = 0; i < hdr_len && bytes < PAGE_SIZE; i++) {

			efx->type->mcdi_read_response(efx, &hdr, (i * 4), 4);

			bytes += snprintf(buf + bytes, PAGE_SIZE - bytes,

			bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes,

					   " %08x", le32_to_cpu(hdr.u32[0]));

		}

		for (i = 0; i < data_len && bytes < PAGE_SIZE; i++) {

			efx->type->mcdi_read_response(efx, &hdr,

					mcdi->resp_hdr_len + (i * 4), 4);

			bytes += snprintf(buf + bytes, PAGE_SIZE - bytes,

			bytes += scnprintf(buf + bytes, PAGE_SIZE - bytes,

					   " %08x", le32_to_cpu(hdr.u32[0]));

		}

	}

	ver_words = (__le16 *)MCDI_PTR(outbuf, GET_VERSION_OUT_VERSION);

	offset = snprintf(buf, len, "%u.%u.%u.%u",

			  le16_to_cpu(ver_words[0]), le16_to_cpu(ver_words[1]),

			  le16_to_cpu(ver_words[2]), le16_to_cpu(ver_words[3]));

	offset = scnprintf(buf, len, "%u.%u.%u.%u",

			   le16_to_cpu(ver_words[0]),

			   le16_to_cpu(ver_words[1]),

			   le16_to_cpu(ver_words[2]),

			   le16_to_cpu(ver_words[3]));

	/* EF10 may have multiple datapath firmware variants within a

	 * single version.  Report which variants are running.

	if (efx_nic_rev(efx) >= EFX_REV_HUNT_A0) {

		struct efx_ef10_nic_data *nic_data = efx->nic_data;

		offset += snprintf(buf + offset, len - offset, " rx%x tx%x",

		offset += scnprintf(buf + offset, len - offset, " rx%x tx%x",

				    nic_data->rx_dpcpu_fw_id,

				    nic_data->tx_dpcpu_fw_id);