Re: [PATCH] ASoC: Intel: avoid format string leak to thread name

From: Jarkko Nikula
Date: Fri May 23 2014 - 03:14:06 EST


On 05/22/2014 09:43 PM, Kees Cook wrote:
This makes sure a format string can never get processed into the worker
thread name from the device name.

Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
sound/soc/intel/sst-baytrail-ipc.c | 2 +-
sound/soc/intel/sst-haswell-ipc.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sound/soc/intel/sst-baytrail-ipc.c b/sound/soc/intel/sst-baytrail-ipc.c
index 0d31dbbf4806..1b25bf168beb 100644
--- a/sound/soc/intel/sst-baytrail-ipc.c
+++ b/sound/soc/intel/sst-baytrail-ipc.c
@@ -809,7 +809,7 @@ int sst_byt_dsp_init(struct device *dev, struct sst_pdata *pdata)
/* start the IPC message thread */
init_kthread_worker(&byt->kworker);
byt->tx_thread = kthread_run(kthread_worker_fn,
- &byt->kworker,
+ &byt->kworker, "%s",
dev_name(byt->dev));
if (IS_ERR(byt->tx_thread)) {
err = PTR_ERR(byt->tx_thread);
diff --git a/sound/soc/intel/sst-haswell-ipc.c b/sound/soc/intel/sst-haswell-ipc.c
index e7996b39a484..a8fd60c67341 100644
--- a/sound/soc/intel/sst-haswell-ipc.c
+++ b/sound/soc/intel/sst-haswell-ipc.c
@@ -1735,7 +1735,7 @@ int sst_hsw_dsp_init(struct device *dev, struct sst_pdata *pdata)
/* start the IPC message thread */
init_kthread_worker(&hsw->kworker);
hsw->tx_thread = kthread_run(kthread_worker_fn,
- &hsw->kworker,
+ &hsw->kworker, "%s",
dev_name(hsw->dev));
if (IS_ERR(hsw->tx_thread)) {
ret = PTR_ERR(hsw->tx_thread);
This is not very fatal as name comes from sound/soc/intel/sst-acpi.c so only developer can hit this but to be on safe side:

Acked-by: Jarkko Nikula <jarkko.nikula@xxxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/