diff options
| author | Kees Cook <keescook@chromium.org> | 2013-07-03 15:04:58 -0700 |
|---|---|---|
| committer | Chanho Park <chanho61.park@samsung.com> | 2014-11-18 11:51:23 +0900 |
| commit | 0a62b8507fa2b9d277d50eb415dc1c3c21320e53 (patch) | |
| tree | 82d83d66b8f01a9eae7f66db66a32d41453218c0 /fs | |
| parent | 9e6d533d0c4d4ae271b87cb81219ac3e2f89f9e0 (diff) | |
| download | linux-3.10-0a62b8507fa2b9d277d50eb415dc1c3c21320e53.tar.gz linux-3.10-0a62b8507fa2b9d277d50eb415dc1c3c21320e53.tar.bz2 linux-3.10-0a62b8507fa2b9d277d50eb415dc1c3c21320e53.zip | |
upstream: drivers: avoid parsing names as kthread_run() format strings
Calling kthread_run with a single name parameter causes it to be handled
as a format string. Many callers are passing potentially dynamic string
content, so use "%s" in those cases to avoid any potential accidents.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/lockd/svc.c | 2 | ||||
| -rw-r--r-- | fs/nfs/callback.c | 5 | ||||
| -rw-r--r-- | fs/nfs/nfs4state.c | 2 |
3 files changed, 4 insertions, 5 deletions
diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c index 9c8a5a6d33d..223e1cb1434 100644 --- a/fs/lockd/svc.c +++ b/fs/lockd/svc.c @@ -304,7 +304,7 @@ static int lockd_start_svc(struct svc_serv *serv) svc_sock_update_bufs(serv); serv->sv_maxconn = nlm_max_connections; - nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, serv->sv_name); + nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name); if (IS_ERR(nlmsvc_task)) { error = PTR_ERR(nlmsvc_task); printk(KERN_WARNING diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index cff089a412c..da6a43d19aa 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -211,7 +211,6 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, struct svc_rqst *rqstp; int (*callback_svc)(void *vrqstp); struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; - char svc_name[12]; int ret; nfs_callback_bc_serv(minorversion, xprt, serv); @@ -235,10 +234,10 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, svc_sock_update_bufs(serv); - sprintf(svc_name, "nfsv4.%u-svc", minorversion); cb_info->serv = serv; cb_info->rqst = rqstp; - cb_info->task = kthread_run(callback_svc, cb_info->rqst, svc_name); + cb_info->task = kthread_run(callback_svc, cb_info->rqst, + "nfsv4.%u-svc", minorversion); if (IS_ERR(cb_info->task)) { ret = PTR_ERR(cb_info->task); svc_exit_thread(cb_info->rqst); diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c index d482b86d0e0..dc2d4d6516d 100644 --- a/fs/nfs/nfs4state.c +++ b/fs/nfs/nfs4state.c @@ -1193,7 +1193,7 @@ void nfs4_schedule_state_manager(struct nfs_client *clp) snprintf(buf, sizeof(buf), "%s-manager", rpc_peeraddr2str(clp->cl_rpcclient, RPC_DISPLAY_ADDR)); rcu_read_unlock(); - task = kthread_run(nfs4_run_state_manager, clp, buf); + task = kthread_run(nfs4_run_state_manager, clp, "%s", buf); if (IS_ERR(task)) { printk(KERN_ERR "%s: kthread_run: %ld\n", __func__, PTR_ERR(task)); |