Re: [PATCH] mac80211: debugfs: bound queue state formatting to PAGE_SIZE

Next message: Christoph Hellwig: "Re: [PATCH] xfs: fix memory leak for data allocated by xfs_zone_gc_data_alloc()"
Previous message: Huihui Huang: "[PATCH] staging: media: ipu7: fix MMU resource leak in ipu7_psys_init()"
In reply to: Pengpeng Hou: "[PATCH] mac80211: debugfs: bound queue state formatting to PAGE_SIZE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Johannes Berg

Date: Fri Apr 17 2026 - 03:58:41 EST

On Fri, 2026-04-17 at 15:46 +0800, Pengpeng Hou wrote:
> queues_read() formats all queue state lines into a fixed stack buffer
> that budgets only 20 bytes per queue and appends each line with
> sprintf().
>
> The queue-stop reason bitmap is printed with %#.8lx, whose width is not
> capped on 64-bit builds, and the pending queue length field can add more
> digits still. The cumulative output can therefore run past the end of
> the fixed stack buffer.

I'd agree the code isn't optimal, but this simply isn't true.

> Format the output into a PAGE_SIZE heap buffer with scnprintf() and stop
> once the debugfs read buffer is full.

And the fix is just strange.

> Fixes: db2e6bd4e966 ("mac80211: add queue debugfs file")
>
> Signed-off-by: Pengpeng Hou <pengpeng@xxxxxxxxxxx>

There also should be no blank line there.

johannes