From patchwork Tue Nov 29 11:51:04 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 101445 Delivered-To: patch@linaro.org Received: by 10.140.20.101 with SMTP id 92csp1559028qgi; Tue, 29 Nov 2016 03:51:44 -0800 (PST) X-Received: by 10.84.216.80 with SMTP id f16mr61701226plj.25.1480420304512; Tue, 29 Nov 2016 03:51:44 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 63si30954563plf.32.2016.11.29.03.51.44; Tue, 29 Nov 2016 03:51:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-serial-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-serial-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-serial-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756553AbcK2Lvn (ORCPT + 2 others); Tue, 29 Nov 2016 06:51:43 -0500 Received: from mout.kundenserver.de ([212.227.17.24]:51208 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755099AbcK2Lvl (ORCPT ); Tue, 29 Nov 2016 06:51:41 -0500 Received: from wuerfel.lan ([78.43.21.235]) by mrelayeu.kundenserver.de (mreue103 [212.227.15.145]) with ESMTPA (Nemesis) id 0MRRcG-1cIBCM0uIi-00SjNJ; Tue, 29 Nov 2016 12:51:14 +0100 From: Arnd Bergmann To: Jiri Slaby , Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, Peter Hurley , linux-serial@vger.kernel.org, Arnd Bergmann Subject: [PATCH v2, variant B] tty: nozomi: avoid sprintf buffer overflow Date: Tue, 29 Nov 2016 12:51:04 +0100 Message-Id: <20161129115104.1755786-2-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20161129115104.1755786-1-arnd@arndb.de> References: <20161129115104.1755786-1-arnd@arndb.de> X-Provags-ID: V03:K0:GF1+WCsw8upDwzRAlHFV2upEnMms1/Kj5MPagrYnttUiAFhVVIO 81Nii0A3OCL/Ito4eI8xBh80sM6JXjfMzmTF/h0FcYI8FLQcLdN8Uq8ENvgsVnWgsD0jQdw OC+VPJDarZA6/IS2BUsFDP7V/HNh/EgB9hTY41N/J9j/GggBj5IO3T4tLnTd3Rz2dBXkF4h o3OH2Jp8nSDOzgsApWdmw== X-UI-Out-Filterresults: notjunk:1; V01:K0:/+eLWhD2tDM=:HUfxZaQ6HYgj+UTEphTAgy thoMwMKa7y6SrwPY/8b6irnE4VO4gGVa6JsLYwxpvBwg0vE97pGQ0IknFUbq+/B/wDDljPc5F dO+7+GR40d5XmH/LGv1M78/aXYmzGLtVgbHUU/E3zus3WVkJhNeFmz+axqwhE+8YlN+Km+JeU CBTsUd+09YnaFKvQ0cXQpejckNPGZSzTWtmHjLIjpWK/a9hNG4biKc/OVYQreE819Iyf+3Cg7 lM6A3bh9Hv+fJ6haafqC+WrGGatVQVpI6DVxxJGIkpDxO2s5q63hm1v/NcFZTtMQ8Qzi8u5rD EcMxqMVAaDq0TShpVPH9uADEBjIuRpUVp9Yh/w2lEsm4lku5G1cF/VnNCNLrFAadEEf0N+pcj cQpUlVxuCOkvfK3HLa91PHdupC3+6FNV7iEsE4B+dJONKT4eos61W7r5Uz+Tqj7H4SDfzeZc4 1qYoi4rdESDPiabc1EROPPGQAym6LfxBpJnUjzRmnJCt0QA397FMCn5UbELxyS9ueDs0HxL3V niuB8dJgI8BbVuvpoqS7ceaskNIzZi5LB9lDBjIUQbXCdgvSB1eRn87YkACa/r2mWuRtAZelf kfZD2OFP+vgra6YBOBlB1toVdumWED6yv/jUtgmxcaPgi4B8Z1+/DOP3YBZhw3GzQxF496tWp SY9NavwU4/Yr13k6fcb609E/7BRnKvgGO4j0uHEHXwd9yJ/Ybe0NR02GPGXCjW2JiZG0= Sender: linux-serial-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-serial@vger.kernel.org Testing with a gcc-7 snapshot produced an internal compiler error for this file: drivers/tty/nozomi.c: In function 'receive_flow_control': drivers/tty/nozomi.c:919:12: internal compiler error: in get_substring_ranges_for_loc, at input.c:1388 static int receive_flow_control(struct nozomi *dc) I've reported this at https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78569 but also noticed that the code line contains a stack overflow, as it prints a string into a slightly shorter fixed-length 'tmp' variable. A lot of the code here is unnecessary and can be expressed in a simpler way, relying on the fact that removing the 'DEBUG' macro will also get rid of all pr_debug() calls. This change should not change any of the output but avoids both the stack overflow and the gcc crash. The stack overflow will not happen unless a module load parameter is also set to enable the debug messages. Signed-off-by: Arnd Bergmann --- drivers/tty/nozomi.c | 47 ++++++++++++----------------------------------- 1 file changed, 12 insertions(+), 35 deletions(-) -- 2.9.0 -- To unsubscribe from this list: send the line "unsubscribe linux-serial" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/tty/nozomi.c b/drivers/tty/nozomi.c index e2020a691058..39b3723a32a6 100644 --- a/drivers/tty/nozomi.c +++ b/drivers/tty/nozomi.c @@ -63,44 +63,23 @@ #define VERSION_STRING DRIVER_DESC " 2.1d" -/* Macros definitions */ - /* Default debug printout level */ #define NOZOMI_DEBUG_LEVEL 0x00 - -#define P_BUF_SIZE 128 -#define NFO(_err_flag_, args...) \ -do { \ - char tmp[P_BUF_SIZE]; \ - snprintf(tmp, sizeof(tmp), ##args); \ - printk(_err_flag_ "[%d] %s(): %s\n", __LINE__, \ - __func__, tmp); \ -} while (0) - -#define DBG1(args...) D_(0x01, ##args) -#define DBG2(args...) D_(0x02, ##args) -#define DBG3(args...) D_(0x04, ##args) -#define DBG4(args...) D_(0x08, ##args) -#define DBG5(args...) D_(0x10, ##args) -#define DBG6(args...) D_(0x20, ##args) -#define DBG7(args...) D_(0x40, ##args) -#define DBG8(args...) D_(0x80, ##args) - -#ifdef DEBUG -/* Do we need this settable at runtime? */ static int debug = NOZOMI_DEBUG_LEVEL; +module_param(debug, int, S_IRUGO | S_IWUSR); -#define D(lvl, args...) do \ - {if (lvl & debug) NFO(KERN_DEBUG, ##args); } \ - while (0) -#define D_(lvl, args...) D(lvl, ##args) - -/* These printouts are always printed */ +/* Macros definitions */ +#define DBG_(lvl, fmt, args...) \ +do { \ + if (lvl & debug) \ + pr_debug("[%d] %s(): " fmt "\n", \ + __LINE__, __func__, ##args); \ +} while (0) -#else -static int debug; -#define D_(lvl, args...) -#endif +#define DBG1(args...) DBG_(0x01, ##args) +#define DBG2(args...) DBG_(0x02, ##args) +#define DBG3(args...) DBG_(0x04, ##args) +#define DBG4(args...) DBG_(0x08, ##args) /* TODO: rewrite to optimize macros... */ @@ -1943,7 +1922,5 @@ static __exit void nozomi_exit(void) module_init(nozomi_init); module_exit(nozomi_exit); -module_param(debug, int, S_IRUGO | S_IWUSR); - MODULE_LICENSE("Dual BSD/GPL"); MODULE_DESCRIPTION(DRIVER_DESC);