[Kernel-packages] [Bug 1993315] Re: md: Replace snprintf with scnprintf

Thu, 10 Nov 2022 08:16:31 -0800 

** Changed in: linux (Ubuntu Kinetic)
       Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Jammy)
       Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Focal)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1993315

Title:
  md: Replace snprintf with scnprintf

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed

Bug description:
  SRU Justification

  [Impact]
  Current code produces a warning as shown below when total characters
  in the constituent block device names plus the slashes exceeds 200.
  snprintf() returns the number of characters generated from the given
  input, which could cause the expression “200 – len” to wrap around
  to a large positive number. Fix this by using scnprintf() instead,
  which returns the actual number of characters written into the buffer.

  [ 1513.267938] ------------[ cut here ]------------
  [ 1513.267943] WARNING: CPU: 15 PID: 37247 at <snip>/lib/vsprintf.c:2509 
vsnprintf+0x2c8/0x510
  [ 1513.267944] Modules linked in:  <snip>
  [ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure 
#90~18.04.1-Ubuntu
  [ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual 
Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022
  [ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510
  <-snip->
  [ 1513.267982] Call Trace:
  [ 1513.267986]  snprintf+0x45/0x70
  [ 1513.267990]  ? disk_name+0x71/0xa0
  [ 1513.267993]  dump_zones+0x114/0x240 [raid0]
  [ 1513.267996]  ? _cond_resched+0x19/0x40
  [ 1513.267998]  raid0_run+0x19e/0x270 [raid0]
  [ 1513.268000]  md_run+0x5e0/0xc50
  [ 1513.268003]  ? security_capable+0x3f/0x60
  [ 1513.268005]  do_md_run+0x19/0x110
  [ 1513.268006]  md_ioctl+0x195e/0x1f90
  [ 1513.268007]  blkdev_ioctl+0x91f/0x9f0
  [ 1513.268010]  block_ioctl+0x3d/0x50
  [ 1513.268012]  do_vfs_ioctl+0xa9/0x640
  [ 1513.268014]  ? __fput+0x162/0x260
  [ 1513.268016]  ksys_ioctl+0x75/0x80
  [ 1513.268017]  __x64_sys_ioctl+0x1a/0x20
  [ 1513.268019]  do_syscall_64+0x5e/0x200
  [ 1513.268021]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

  [Fix]

  https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-
  next.git/commit/?id=1727fd5015d8f93474148f94e34cda5aa6ad4a43

  [Where things could go wrong]

  This seems unlikely to cause a regression

  [Other Info]

  SF: #00346036

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1993315/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to