diff options
| author | Chao Yu <[email protected]> | 2022-09-26 22:20:41 +0800 |
|---|---|---|
| committer | Vlastimil Babka <[email protected]> | 2022-09-26 16:25:40 +0200 |
| commit | d65360f224069a6de56eb18e0425973914a10fe8 (patch) | |
| tree | 6fc2e683fa630a2bec75b32deeb537d097a6f489 | |
| parent | 2bfbb0271a5b48c01c711d1509a422a7244c9eb8 (diff) | |
mm/slub: clean up create_unique_id()
As Christophe JAILLET suggested [1]
In create_unique_id(),
"looks that ID_STR_LENGTH could even be reduced to 32 or 16.
The 2nd BUG_ON at the end of the function could certainly be just
removed as well or remplaced by a:
if (p > name + ID_STR_LENGTH - 1) {
kfree(name);
return -E<something>;
}
"
According to above suggestion, let's do below cleanups:
1. reduce ID_STR_LENGTH to 32, as the buffer size should be enough;
2. use WARN_ON instead of BUG_ON() and return error if check condition
is true;
3. use snprintf instead of sprintf to avoid overflow.
[1] https://lore.kernel.org/linux-mm/[email protected]/
Suggested-by: Christophe JAILLET <[email protected]>
Reviewed-by: Hyeonggon Yoo <[email protected]>
Signed-off-by: Chao Yu <[email protected]>
Signed-off-by: Vlastimil Babka <[email protected]>
| -rw-r--r-- | mm/slub.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/mm/slub.c b/mm/slub.c index dc59b9e8c66f..8f80d9bc507f 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -5874,7 +5874,7 @@ static inline struct kset *cache_kset(struct kmem_cache *s) return slab_kset; } -#define ID_STR_LENGTH 64 +#define ID_STR_LENGTH 32 /* Create a unique string id for a slab cache: * @@ -5907,9 +5907,12 @@ static char *create_unique_id(struct kmem_cache *s) *p++ = 'A'; if (p != name + 1) *p++ = '-'; - p += sprintf(p, "%07u", s->size); + p += snprintf(p, ID_STR_LENGTH - (p - name), "%07u", s->size); - BUG_ON(p > name + ID_STR_LENGTH - 1); + if (WARN_ON(p > name + ID_STR_LENGTH - 1)) { + kfree(name); + return ERR_PTR(-EINVAL); + } return name; } |