Commit 7fe8e483 authored by Takashi Iwai's avatar Takashi Iwai Committed by Herbert Xu

crypto: bcm - Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 2638268f
...@@ -366,88 +366,88 @@ static ssize_t spu_debugfs_read(struct file *filp, char __user *ubuf, ...@@ -366,88 +366,88 @@ static ssize_t spu_debugfs_read(struct file *filp, char __user *ubuf,
ipriv = filp->private_data; ipriv = filp->private_data;
out_offset = 0; out_offset = 0;
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Number of SPUs.........%u\n", "Number of SPUs.........%u\n",
ipriv->spu.num_spu); ipriv->spu.num_spu);
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Current sessions.......%u\n", "Current sessions.......%u\n",
atomic_read(&ipriv->session_count)); atomic_read(&ipriv->session_count));
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Session count..........%u\n", "Session count..........%u\n",
atomic_read(&ipriv->stream_count)); atomic_read(&ipriv->stream_count));
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Cipher setkey..........%u\n", "Cipher setkey..........%u\n",
atomic_read(&ipriv->setkey_cnt[SPU_OP_CIPHER])); atomic_read(&ipriv->setkey_cnt[SPU_OP_CIPHER]));
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Cipher Ops.............%u\n", "Cipher Ops.............%u\n",
atomic_read(&ipriv->op_counts[SPU_OP_CIPHER])); atomic_read(&ipriv->op_counts[SPU_OP_CIPHER]));
for (alg = 0; alg < CIPHER_ALG_LAST; alg++) { for (alg = 0; alg < CIPHER_ALG_LAST; alg++) {
for (mode = 0; mode < CIPHER_MODE_LAST; mode++) { for (mode = 0; mode < CIPHER_MODE_LAST; mode++) {
op_cnt = atomic_read(&ipriv->cipher_cnt[alg][mode]); op_cnt = atomic_read(&ipriv->cipher_cnt[alg][mode]);
if (op_cnt) { if (op_cnt) {
out_offset += snprintf(buf + out_offset, out_offset += scnprintf(buf + out_offset,
out_count - out_offset, out_count - out_offset,
" %-13s%11u\n", " %-13s%11u\n",
spu_alg_name(alg, mode), op_cnt); spu_alg_name(alg, mode), op_cnt);
} }
} }
} }
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Hash Ops...............%u\n", "Hash Ops...............%u\n",
atomic_read(&ipriv->op_counts[SPU_OP_HASH])); atomic_read(&ipriv->op_counts[SPU_OP_HASH]));
for (alg = 0; alg < HASH_ALG_LAST; alg++) { for (alg = 0; alg < HASH_ALG_LAST; alg++) {
op_cnt = atomic_read(&ipriv->hash_cnt[alg]); op_cnt = atomic_read(&ipriv->hash_cnt[alg]);
if (op_cnt) { if (op_cnt) {
out_offset += snprintf(buf + out_offset, out_offset += scnprintf(buf + out_offset,
out_count - out_offset, out_count - out_offset,
" %-13s%11u\n", " %-13s%11u\n",
hash_alg_name[alg], op_cnt); hash_alg_name[alg], op_cnt);
} }
} }
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"HMAC setkey............%u\n", "HMAC setkey............%u\n",
atomic_read(&ipriv->setkey_cnt[SPU_OP_HMAC])); atomic_read(&ipriv->setkey_cnt[SPU_OP_HMAC]));
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"HMAC Ops...............%u\n", "HMAC Ops...............%u\n",
atomic_read(&ipriv->op_counts[SPU_OP_HMAC])); atomic_read(&ipriv->op_counts[SPU_OP_HMAC]));
for (alg = 0; alg < HASH_ALG_LAST; alg++) { for (alg = 0; alg < HASH_ALG_LAST; alg++) {
op_cnt = atomic_read(&ipriv->hmac_cnt[alg]); op_cnt = atomic_read(&ipriv->hmac_cnt[alg]);
if (op_cnt) { if (op_cnt) {
out_offset += snprintf(buf + out_offset, out_offset += scnprintf(buf + out_offset,
out_count - out_offset, out_count - out_offset,
" %-13s%11u\n", " %-13s%11u\n",
hash_alg_name[alg], op_cnt); hash_alg_name[alg], op_cnt);
} }
} }
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"AEAD setkey............%u\n", "AEAD setkey............%u\n",
atomic_read(&ipriv->setkey_cnt[SPU_OP_AEAD])); atomic_read(&ipriv->setkey_cnt[SPU_OP_AEAD]));
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"AEAD Ops...............%u\n", "AEAD Ops...............%u\n",
atomic_read(&ipriv->op_counts[SPU_OP_AEAD])); atomic_read(&ipriv->op_counts[SPU_OP_AEAD]));
for (alg = 0; alg < AEAD_TYPE_LAST; alg++) { for (alg = 0; alg < AEAD_TYPE_LAST; alg++) {
op_cnt = atomic_read(&ipriv->aead_cnt[alg]); op_cnt = atomic_read(&ipriv->aead_cnt[alg]);
if (op_cnt) { if (op_cnt) {
out_offset += snprintf(buf + out_offset, out_offset += scnprintf(buf + out_offset,
out_count - out_offset, out_count - out_offset,
" %-13s%11u\n", " %-13s%11u\n",
aead_alg_name[alg], op_cnt); aead_alg_name[alg], op_cnt);
} }
} }
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Bytes of req data......%llu\n", "Bytes of req data......%llu\n",
(u64)atomic64_read(&ipriv->bytes_out)); (u64)atomic64_read(&ipriv->bytes_out));
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Bytes of resp data.....%llu\n", "Bytes of resp data.....%llu\n",
(u64)atomic64_read(&ipriv->bytes_in)); (u64)atomic64_read(&ipriv->bytes_in));
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Mailbox full...........%u\n", "Mailbox full...........%u\n",
atomic_read(&ipriv->mb_no_spc)); atomic_read(&ipriv->mb_no_spc));
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Mailbox send failures..%u\n", "Mailbox send failures..%u\n",
atomic_read(&ipriv->mb_send_fail)); atomic_read(&ipriv->mb_send_fail));
out_offset += snprintf(buf + out_offset, out_count - out_offset, out_offset += scnprintf(buf + out_offset, out_count - out_offset,
"Check ICV errors.......%u\n", "Check ICV errors.......%u\n",
atomic_read(&ipriv->bad_icv)); atomic_read(&ipriv->bad_icv));
if (ipriv->spu.spu_type == SPU_TYPE_SPUM) if (ipriv->spu.spu_type == SPU_TYPE_SPUM)
...@@ -455,7 +455,7 @@ static ssize_t spu_debugfs_read(struct file *filp, char __user *ubuf, ...@@ -455,7 +455,7 @@ static ssize_t spu_debugfs_read(struct file *filp, char __user *ubuf,
spu_ofifo_ctrl = ioread32(ipriv->spu.reg_vbase[i] + spu_ofifo_ctrl = ioread32(ipriv->spu.reg_vbase[i] +
SPU_OFIFO_CTRL); SPU_OFIFO_CTRL);
fifo_len = spu_ofifo_ctrl & SPU_FIFO_WATERMARK; fifo_len = spu_ofifo_ctrl & SPU_FIFO_WATERMARK;
out_offset += snprintf(buf + out_offset, out_offset += scnprintf(buf + out_offset,
out_count - out_offset, out_count - out_offset,
"SPU %d output FIFO high water.....%u\n", "SPU %d output FIFO high water.....%u\n",
i, fifo_len); i, fifo_len);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment