iwlwifi: replace sprintf with scnprintf for debugfs output
The buffersize allocated is not accurate.
Writing to these buffers with scnprintf is safer.
Signed-off-by: Abhijeet Kolekar <abhijeet.kolekar@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
diff --git a/drivers/net/wireless/iwlwifi/iwl-debugfs.c b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
index 23632e5..cbea477 100644
--- a/drivers/net/wireless/iwlwifi/iwl-debugfs.c
+++ b/drivers/net/wireless/iwlwifi/iwl-debugfs.c
@@ -102,10 +102,14 @@
struct iwl_priv *priv = (struct iwl_priv *)file->private_data;
char buf[256];
int pos = 0;
+ const size_t bufsz = sizeof(buf);
- pos += sprintf(buf+pos, "mgmt: %u\n", priv->tx_stats[0].cnt);
- pos += sprintf(buf+pos, "ctrl: %u\n", priv->tx_stats[1].cnt);
- pos += sprintf(buf+pos, "data: %u\n", priv->tx_stats[2].cnt);
+ pos += scnprintf(buf + pos, bufsz - pos, "mgmt: %u\n",
+ priv->tx_stats[0].cnt);
+ pos += scnprintf(buf + pos, bufsz - pos, "ctrl: %u\n",
+ priv->tx_stats[1].cnt);
+ pos += scnprintf(buf + pos, bufsz - pos, "data: %u\n",
+ priv->tx_stats[2].cnt);
return simple_read_from_buffer(user_buf, count, ppos, buf, pos);
}
@@ -117,10 +121,14 @@
struct iwl_priv *priv = (struct iwl_priv *)file->private_data;
char buf[256];
int pos = 0;
+ const size_t bufsz = sizeof(buf);
- pos += sprintf(buf+pos, "mgmt: %u\n", priv->rx_stats[0].cnt);
- pos += sprintf(buf+pos, "ctrl: %u\n", priv->rx_stats[1].cnt);
- pos += sprintf(buf+pos, "data: %u\n", priv->rx_stats[2].cnt);
+ pos += scnprintf(buf + pos, bufsz - pos, "mgmt: %u\n",
+ priv->rx_stats[0].cnt);
+ pos += scnprintf(buf + pos, bufsz - pos, "ctrl: %u\n",
+ priv->rx_stats[1].cnt);
+ pos += scnprintf(buf + pos, bufsz - pos, "data: %u\n",
+ priv->rx_stats[2].cnt);
return simple_read_from_buffer(user_buf, count, ppos, buf, pos);
}
@@ -138,6 +146,7 @@
int i;
int pos = 0;
struct iwl_priv *priv = (struct iwl_priv *)file->private_data;
+ const size_t bufsz = sizeof(buf);
printk(KERN_DEBUG "offset is: 0x%x\tlen is: 0x%x\n",
priv->dbgfs->sram_offset, priv->dbgfs->sram_len);
@@ -159,9 +168,9 @@
break;
}
}
- pos += sprintf(buf+pos, "0x%08x ", val);
+ pos += scnprintf(buf + pos, bufsz - pos, "0x%08x ", val);
}
- pos += sprintf(buf+pos, "\n");
+ pos += scnprintf(buf + pos, bufsz - pos, "\n");
iwl_release_nic_access(priv);
ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos);
@@ -210,44 +219,50 @@
if(!buf)
return -ENOMEM;
- pos += sprintf(buf+pos, "num of stations: %d\n\n",
+ pos += scnprintf(buf + pos, bufsz - pos, "num of stations: %d\n\n",
priv->num_stations);
for (i = 0; i < max_sta; i++) {
station = &priv->stations[i];
if (station->used) {
- pos += sprintf(buf+pos, "station %d:\ngeneral data:\n",
- i+1);
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "station %d:\ngeneral data:\n", i+1);
print_mac(mac, station->sta.sta.addr);
- pos += sprintf(buf+pos, "id: %u\n",
+ pos += scnprintf(buf + pos, bufsz - pos, "id: %u\n",
station->sta.sta.sta_id);
- pos += sprintf(buf+pos, "mode: %u\n",
+ pos += scnprintf(buf + pos, bufsz - pos, "mode: %u\n",
station->sta.mode);
- pos += sprintf(buf+pos, "flags: 0x%x\n",
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "flags: 0x%x\n",
station->sta.station_flags_msk);
- pos += sprintf(buf+pos, "ps_status: %u\n",
- station->ps_status);
-
- pos += sprintf(buf+pos, "tid data:\n");
-
- pos += sprintf(buf+pos, "seq_num\t\ttxq_id\t");
- pos += sprintf(buf+pos, "frame_count\twait_for_ba\t");
- pos += sprintf(buf+pos, "start_idx\tbitmap0\t");
- pos += sprintf(buf+pos, "bitmap1\trate_n_flags\n");
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "ps_status: %u\n", station->ps_status);
+ pos += scnprintf(buf + pos, bufsz - pos, "tid data:\n");
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "seq_num\t\ttxq_id\t");
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "frame_count\twait_for_ba\t");
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "start_idx\tbitmap0\t");
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "bitmap1\trate_n_flags\n");
for (j = 0; j < MAX_TID_COUNT; j++) {
- pos += sprintf(buf+pos, "[%d]:\t\t%u\t",
- j, station->tid[j].seq_number);
- pos += sprintf(buf+pos, "%u\t\t%u\t\t%u\t\t",
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "[%d]:\t\t%u\t", j,
+ station->tid[j].seq_number);
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "%u\t\t%u\t\t%u\t\t",
station->tid[j].agg.txq_id,
station->tid[j].agg.frame_count,
station->tid[j].agg.wait_for_ba);
- pos += sprintf(buf+pos, "%u\t%llu\t%u\n",
+ pos += scnprintf(buf + pos, bufsz - pos,
+ "%u\t%llu\t%u\n",
station->tid[j].agg.start_idx,
(unsigned long long)station->tid[j].agg.bitmap,
station->tid[j].agg.rate_n_flags);
}
- pos += sprintf(buf+pos, "\n");
+ pos += scnprintf(buf + pos, bufsz - pos, "\n");
}
}