drm: make drm_dev_set_unique() not use a format string

drm_dev_set_unique() uses a format string to define the unique name of a
device.  This feature is not used as currently all the calls to this
function either use "%s" as a format string or directly use
dev_name().

Even though this second kind of call does not introduce security
problems, because there cannot be "%" characters in dev_name() results,
gcc issues a warning when building with -Wformat-security flag
("warning: format string is not a string literal (potentially
insecure)").  This warning is useful to find real bugs like the one
fixed by commit 3958b79266 ("configfs: fix kernel infoleak through
user-controlled format string").  False positives which do not bring
an extra value make the work of finding real bugs harder.

Therefore remove the format-string feature from drm_dev_set_unique().

Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Link: http://patchwork.freedesktop.org/patch/msgid/1449829228-4425-1-git-send-email-nicolas.iooss_linux@m4x.org
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
This commit is contained in:
Nicolas Iooss 2015-12-11 11:20:27 +01:00 committed by Daniel Vetter
parent d7955fcff8
commit 399368aab3
4 changed files with 9 additions and 14 deletions

View File

@ -797,23 +797,18 @@ EXPORT_SYMBOL(drm_dev_unregister);
/** /**
* drm_dev_set_unique - Set the unique name of a DRM device * drm_dev_set_unique - Set the unique name of a DRM device
* @dev: device of which to set the unique name * @dev: device of which to set the unique name
* @fmt: format string for unique name * @name: unique name
* *
* Sets the unique name of a DRM device using the specified format string and * Sets the unique name of a DRM device using the specified string. Drivers
* a variable list of arguments. Drivers can use this at driver probe time if * can use this at driver probe time if the unique name of the devices they
* the unique name of the devices they drive is static. * drive is static.
* *
* Return: 0 on success or a negative error code on failure. * Return: 0 on success or a negative error code on failure.
*/ */
int drm_dev_set_unique(struct drm_device *dev, const char *fmt, ...) int drm_dev_set_unique(struct drm_device *dev, const char *name)
{ {
va_list ap;
kfree(dev->unique); kfree(dev->unique);
dev->unique = kstrdup(name, GFP_KERNEL);
va_start(ap, fmt);
dev->unique = kvasprintf(GFP_KERNEL, fmt, ap);
va_end(ap);
return dev->unique ? 0 : -ENOMEM; return dev->unique ? 0 : -ENOMEM;
} }

View File

@ -1046,7 +1046,7 @@ nouveau_platform_device_create(const struct nvkm_device_tegra_func *func,
goto err_free; goto err_free;
} }
err = drm_dev_set_unique(drm, "%s", dev_name(&pdev->dev)); err = drm_dev_set_unique(drm, dev_name(&pdev->dev));
if (err < 0) if (err < 0)
goto err_free; goto err_free;

View File

@ -450,7 +450,7 @@ static int rockchip_drm_bind(struct device *dev)
if (!drm) if (!drm)
return -ENOMEM; return -ENOMEM;
ret = drm_dev_set_unique(drm, "%s", dev_name(dev)); ret = drm_dev_set_unique(drm, dev_name(dev));
if (ret) if (ret)
goto err_free; goto err_free;

View File

@ -1068,7 +1068,7 @@ void drm_dev_ref(struct drm_device *dev);
void drm_dev_unref(struct drm_device *dev); void drm_dev_unref(struct drm_device *dev);
int drm_dev_register(struct drm_device *dev, unsigned long flags); int drm_dev_register(struct drm_device *dev, unsigned long flags);
void drm_dev_unregister(struct drm_device *dev); void drm_dev_unregister(struct drm_device *dev);
int drm_dev_set_unique(struct drm_device *dev, const char *fmt, ...); int drm_dev_set_unique(struct drm_device *dev, const char *name);
struct drm_minor *drm_minor_acquire(unsigned int minor_id); struct drm_minor *drm_minor_acquire(unsigned int minor_id);
void drm_minor_release(struct drm_minor *minor); void drm_minor_release(struct drm_minor *minor);