elevator: fix truncation of icq_cache_name [Linux 4.4.187]

This Linux kernel change "elevator: fix truncation of icq_cache_name" is included in the Linux 4.4.187 release. This change is authored by Eric Biggers <ebiggers [at] google.com> on Fri Jun 2 20:35:51 2017 -0700. The commit for this change in Linux stable tree is c5b430e (patch) which is from upstream commit 9bd2bbc. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 9bd2bbc.

elevator: fix truncation of icq_cache_name

commit 9bd2bbc01d17ddd567cc0f81f77fe1163e497462 upstream.

gcc 7.1 reports the following warning:

    block/elevator.c: In function ‘elv_register’:
    block/elevator.c:898:5: warning: ‘snprintf’ output may be truncated before the last format character [-Wformat-truncation=]
         "%s_io_cq", e->elevator_name);
         ^~~~~~~~~~
    block/elevator.c:897:3: note: ‘snprintf’ output between 7 and 22 bytes into a destination of size 21
       snprintf(e->icq_cache_name, sizeof(e->icq_cache_name),
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         "%s_io_cq", e->elevator_name);
         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The bug is that the name of the icq_cache is 6 characters longer than
the elevator name, but only ELV_NAME_MAX + 5 characters were reserved
for it --- so in the case of a maximum-length elevator name, the 'q'
character in "_io_cq" would be truncated by snprintf().  Fix it by
reserving ELV_NAME_MAX + 6 characters instead.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Bart Van Assche <Bart.VanAssche@sandisk.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

There are 2 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 include/linux/elevator.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/elevator.h b/include/linux/elevator.h
index 638b324..92ad08a 100644
--- a/include/linux/elevator.h
+++ b/include/linux/elevator.h
@@ -97,7 +97,7 @@ struct elevator_type
    struct module *elevator_owner;

    /* managed by elevator core */
-   char icq_cache_name[ELV_NAME_MAX + 5];  /* elvname + "_io_cq" */
+   char icq_cache_name[ELV_NAME_MAX + 6];  /* elvname + "_io_cq" */
    struct list_head list;
 };

Leave a Reply

Your email address will not be published. Required fields are marked *