This Linux kernel change "elevator: fix truncation of icq_cache_name" is included in the Linux 4.4.187 release. This change is authored by Eric Biggers <ebiggers [at] google.com> on Fri Jun 2 20:35:51 2017 -0700. The commit for this change in Linux stable tree is c5b430e (patch) which is from upstream commit 9bd2bbc. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 9bd2bbc.
elevator: fix truncation of icq_cache_name commit 9bd2bbc01d17ddd567cc0f81f77fe1163e497462 upstream. gcc 7.1 reports the following warning: block/elevator.c: In function ‘elv_register’: block/elevator.c:898:5: warning: ‘snprintf’ output may be truncated before the last format character [-Wformat-truncation=] "%s_io_cq", e->elevator_name); ^~~~~~~~~~ block/elevator.c:897:3: note: ‘snprintf’ output between 7 and 22 bytes into a destination of size 21 snprintf(e->icq_cache_name, sizeof(e->icq_cache_name), ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "%s_io_cq", e->elevator_name); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The bug is that the name of the icq_cache is 6 characters longer than the elevator name, but only ELV_NAME_MAX + 5 characters were reserved for it --- so in the case of a maximum-length elevator name, the 'q' character in "_io_cq" would be truncated by snprintf(). Fix it by reserving ELV_NAME_MAX + 6 characters instead. Signed-off-by: Eric Biggers <firstname.lastname@example.org> Reviewed-by: Bart Van Assche <Bart.VanAssche@sandisk.com> Signed-off-by: Jens Axboe <email@example.com> Signed-off-by: Greg Kroah-Hartman <firstname.lastname@example.org>
There are 2 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.
include/linux/elevator.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/elevator.h b/include/linux/elevator.h index 638b324..92ad08a 100644 --- a/include/linux/elevator.h +++ b/include/linux/elevator.h @@ -97,7 +97,7 @@ struct elevator_type struct module *elevator_owner; /* managed by elevator core */ - char icq_cache_name[ELV_NAME_MAX + 5]; /* elvname + "_io_cq" */ + char icq_cache_name[ELV_NAME_MAX + 6]; /* elvname + "_io_cq" */ struct list_head list; };