From: Takashi Iwai <tiwai@suse.de>
Date: Sun, 15 Mar 2020 10:42:39 +0100
Subject: scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer
overflow
Patch-mainline: v5.7-rc1
Git-commit: ff33d0e2b9d10ba8a0ccb09261f5f9adb1ab32cb
References: jsc#SLE-15391
Since snprintf() returns the would-be-output size instead of the actual
output size, the succeeding calls may go beyond the given buffer limit.
Fix it by replacing with scnprintf().
Also corrected the wrongly passed limit size. The remaining buffer size
must be decremented.
Link: https://lore.kernel.org/r/20200315094241.9086-7-tiwai@suse.de
Cc: "James E . J . Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K . Petersen" <martin.petersen@oracle.com>
Cc: Kashyap Desai <kashyap.desai@broadcom.com>
Cc: Sumit Saxena <sumit.saxena@broadcom.com>
Cc: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Cc: linux-scsi@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Martin Wilck <mwilck@suse.com>
---
drivers/scsi/megaraid/megaraid_sas_base.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -2987,9 +2987,10 @@ megasas_dump_sys_regs(void __iomem *reg_
u32 __iomem *reg = (u32 __iomem *)reg_set;
for (i = 0; i < sz / sizeof(u32); i++) {
- bytes_wrote += snprintf(loc + bytes_wrote, PAGE_SIZE,
- "%08x: %08x\n", (i * 4),
- readl(®[i]));
+ bytes_wrote += scnprintf(loc + bytes_wrote,
+ PAGE_SIZE - bytes_wrote,
+ "%08x: %08x\n", (i * 4),
+ readl(®[i]));
}
return bytes_wrote;
}