On Thu, Aug 27, 2020 at 09:49:04AM -0700, Kees Cook wrote:

On Tue, Aug 25, 2020 at 10:24:06AM +0200, Greg Kroah-Hartman wrote:

quoted

On Tue, Aug 25, 2020 at 08:12:05AM +0000, David Laight wrote:

quoted

From: Alex Dewar

quoted

Sent: 24 August 2020 23:23
kernel/cpu.c: don't use snprintf() for sysfs attrs

As per the documentation (Documentation/filesystems/sysfs.rst),
snprintf() should not be used for formatting values returned by sysfs.

In all of these cases, sprintf() suffices as we know that the formatted
strings will be less than PAGE_SIZE in length.

Hmmmm....
I much prefer to see bounded string ops.
sysfs really ought to be passing through the buffer length.

No.

It really should, though. I _just_ got burned by this due to having
a binattr sysfs reachable through splice[1]. Most sysfs things aren't
binattr, but I've always considered this to be a weird fragility in the
sysfs implementation.

binattr attributes do have the buffer size passed to it, for that very
reason :)

quoted

So this is designed this way on purpose, you shouldn't have to worry
about any of this, and that way, you don't have to "program
defensively", it all just works in a simple manner.

Later in this thread there's a suggestion to alter the API to avoid
individual calls to sprintf(), which seems like a reasonable first step.

I always review any patches submitted, so if someone feels like tackling
this, wonderful!

thanks,

greg k-h