mac80211: fix some snprintf misuses

In some debugfs related functions snprintf was used while scnprintf should have been used instead. (blindly adding the return value of snprintf and supplying it to the next snprintf might result in buffer overflow when the input is too big) Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Eliad Peller <eliad@wizery.com> 2013-08-27 05:40:15 -0400
committer: Johannes Berg <johannes.berg@intel.com> 2013-10-01 06:16:51 -0400
commit: f364ef99a8e82ee27933d6a0cf5cc1f27e9f0df9 (patch)
tree: 1efd470df60143de6acd2beb73314f7f173711ad
parent: ee4bc9e75811d2c0cb5f2a2fc5b51ff037a01f47 (diff)
3 files changed, 55 insertions, 50 deletions
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index b0e32d628114..5c090e41d9bb 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -103,54 +103,57 @@ static ssize_t hwflags_read(struct file *file, char __user *user_buf,
        if (!buf)
                return 0;
-        sf += snprintf(buf, mxln - sf, "0x%x\n", local->hw.flags);
+        sf += scnprintf(buf, mxln - sf, "0x%x\n", local->hw.flags);
        if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
-                sf += snprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n");
+                sf += scnprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n");
        if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
-                sf += snprintf(buf + sf, mxln - sf, "RX_INCLUDES_FCS\n");
+                sf += scnprintf(buf + sf, mxln - sf, "RX_INCLUDES_FCS\n");
        if (local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING)
-                sf += snprintf(buf + sf, mxln - sf,
+                sf += scnprintf(buf + sf, mxln - sf,
-                               "HOST_BCAST_PS_BUFFERING\n");
+                                "HOST_BCAST_PS_BUFFERING\n");
        if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)
-                sf += snprintf(buf + sf, mxln - sf,
+                sf += scnprintf(buf + sf, mxln - sf,
-                               "2GHZ_SHORT_SLOT_INCAPABLE\n");
+                                "2GHZ_SHORT_SLOT_INCAPABLE\n");
        if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)
-                sf += snprintf(buf + sf, mxln - sf,
+                sf += scnprintf(buf + sf, mxln - sf,
-                               "2GHZ_SHORT_PREAMBLE_INCAPABLE\n");
+                                "2GHZ_SHORT_PREAMBLE_INCAPABLE\n");
        if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
-                sf += snprintf(buf + sf, mxln - sf, "SIGNAL_UNSPEC\n");
+                sf += scnprintf(buf + sf, mxln - sf, "SIGNAL_UNSPEC\n");
        if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
-                sf += snprintf(buf + sf, mxln - sf, "SIGNAL_DBM\n");
+                sf += scnprintf(buf + sf, mxln - sf, "SIGNAL_DBM\n");
        if (local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC)
-                sf += snprintf(buf + sf, mxln - sf, "NEED_DTIM_BEFORE_ASSOC\n");
+                sf += scnprintf(buf + sf, mxln - sf,
+                                "NEED_DTIM_BEFORE_ASSOC\n");
        if (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)
-                sf += snprintf(buf + sf, mxln - sf, "SPECTRUM_MGMT\n");
+                sf += scnprintf(buf + sf, mxln - sf, "SPECTRUM_MGMT\n");
        if (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)
-                sf += snprintf(buf + sf, mxln - sf, "AMPDU_AGGREGATION\n");
+                sf += scnprintf(buf + sf, mxln - sf, "AMPDU_AGGREGATION\n");
        if (local->hw.flags & IEEE80211_HW_SUPPORTS_PS)
-                sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PS\n");
+                sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_PS\n");
        if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
-                sf += snprintf(buf + sf, mxln - sf, "PS_NULLFUNC_STACK\n");
+                sf += scnprintf(buf + sf, mxln - sf, "PS_NULLFUNC_STACK\n");
        if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
-                sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n");
+                sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n");
        if (local->hw.flags & IEEE80211_HW_MFP_CAPABLE)
-                sf += snprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n");
+                sf += scnprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n");
        if (local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS)
-                sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n");
+                sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n");
        if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
-                sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_SMPS\n");
+                sf += scnprintf(buf + sf, mxln - sf,
+                                "SUPPORTS_DYNAMIC_SMPS\n");
        if (local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)
-                sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_UAPSD\n");
+                sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_UAPSD\n");
        if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
-                sf += snprintf(buf + sf, mxln - sf, "REPORTS_TX_ACK_STATUS\n");
+                sf += scnprintf(buf + sf, mxln - sf,
+                                "REPORTS_TX_ACK_STATUS\n");
        if (local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
-                sf += snprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n");
+                sf += scnprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n");
        if (local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)
-                sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n");
+                sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n");
        if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
-                sf += snprintf(buf + sf, mxln - sf, "AP_LINK_PS\n");
+                sf += scnprintf(buf + sf, mxln - sf, "AP_LINK_PS\n");
        if (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)
-                sf += snprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n");
+                sf += scnprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n");
        rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
        kfree(buf);
diff --git a/net/mac80211/rc80211_pid_debugfs.c b/net/mac80211/rc80211_pid_debugfs.c
index c97a0657c043..6ff134650a84 100644
--- a/net/mac80211/rc80211_pid_debugfs.c
+++ b/net/mac80211/rc80211_pid_debugfs.c
@@ -167,29 +167,29 @@ static ssize_t rate_control_pid_events_read(struct file *file, char __user *buf,
         * provide large enough buffers. */
        length = length < RC_PID_PRINT_BUF_SIZE ?
                 length : RC_PID_PRINT_BUF_SIZE;
-        p = snprintf(pb, length, "%u %lu ", ev->id, ev->timestamp);
+        p = scnprintf(pb, length, "%u %lu ", ev->id, ev->timestamp);
        switch (ev->type) {
        case RC_PID_EVENT_TYPE_TX_STATUS:
-                p += snprintf(pb + p, length - p, "tx_status %u %u",
+                p += scnprintf(pb + p, length - p, "tx_status %u %u",
-                              !(ev->data.flags & IEEE80211_TX_STAT_ACK),
+                               !(ev->data.flags & IEEE80211_TX_STAT_ACK),
-                              ev->data.tx_status.status.rates[0].idx);
+                               ev->data.tx_status.status.rates[0].idx);
                break;
        case RC_PID_EVENT_TYPE_RATE_CHANGE:
-                p += snprintf(pb + p, length - p, "rate_change %d %d",
+                p += scnprintf(pb + p, length - p, "rate_change %d %d",
-                              ev->data.index, ev->data.rate);
+                               ev->data.index, ev->data.rate);
                break;
        case RC_PID_EVENT_TYPE_TX_RATE:
-                p += snprintf(pb + p, length - p, "tx_rate %d %d",
+                p += scnprintf(pb + p, length - p, "tx_rate %d %d",
-                              ev->data.index, ev->data.rate);
+                               ev->data.index, ev->data.rate);
                break;
        case RC_PID_EVENT_TYPE_PF_SAMPLE:
-                p += snprintf(pb + p, length - p,
+                p += scnprintf(pb + p, length - p,
-                              "pf_sample %d %d %d %d",
+                               "pf_sample %d %d %d %d",
-                              ev->data.pf_sample, ev->data.prop_err,
+                               ev->data.pf_sample, ev->data.prop_err,
-                              ev->data.int_err, ev->data.der_err);
+                               ev->data.int_err, ev->data.der_err);
                break;
        }
-        p += snprintf(pb + p, length - p, "\n");
+        p += scnprintf(pb + p, length - p, "\n");
        spin_unlock_irqrestore(&events->lock, status);
diff --git a/net/wireless/debugfs.c b/net/wireless/debugfs.c
index 90d050036624..454157717efa 100644
--- a/net/wireless/debugfs.c
+++ b/net/wireless/debugfs.c
@@ -47,17 +47,19 @@ static int ht_print_chan(struct ieee80211_channel *chan,
                return 0;
        if (chan->flags & IEEE80211_CHAN_DISABLED)
-                return snprintf(buf + offset,
+                return scnprintf(buf + offset,
-                                buf_size - offset,
+                                 buf_size - offset,
-                                "%d Disabled\n",
+                                 "%d Disabled\n",
-                                chan->center_freq);
+                                 chan->center_freq);
-        return snprintf(buf + offset,
+        return scnprintf(buf + offset,
-                        buf_size - offset,
+                         buf_size - offset,
-                        "%d HT40 %c%c\n",
+                         "%d HT40 %c%c\n",
-                        chan->center_freq,
+                         chan->center_freq,
-                        (chan->flags & IEEE80211_CHAN_NO_HT40MINUS) ? ' ' : '-',
+                         (chan->flags & IEEE80211_CHAN_NO_HT40MINUS) ?
-                        (chan->flags & IEEE80211_CHAN_NO_HT40PLUS)  ? ' ' : '+');
+                                ' ' : '-',
+                         (chan->flags & IEEE80211_CHAN_NO_HT40PLUS) ?
+                                ' ' : '+');
 }
 static ssize_t ht40allow_map_read(struct file *file,
author	Eliad Peller <eliad@wizery.com>	2013-08-27 05:40:15 -0400
committer	Johannes Berg <johannes.berg@intel.com>	2013-10-01 06:16:51 -0400
commit	f364ef99a8e82ee27933d6a0cf5cc1f27e9f0df9 (patch)
tree	1efd470df60143de6acd2beb73314f7f173711ad
parent	ee4bc9e75811d2c0cb5f2a2fc5b51ff037a01f47 (diff)

diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c index b0e32d628114..5c090e41d9bb 100644 --- a/net/mac80211/debugfs.c +++ b/net/mac80211/debugfs.c
@@ -103,54 +103,57 @@ static ssize_t hwflags_read(struct file file, char __user user_buf,
103	if (!buf)	103	if (!buf)
104	return 0;	104	return 0;
105		105
106	sf += snprintf(buf, mxln - sf, "0x%x\n", local->hw.flags);	106	sf += scnprintf(buf, mxln - sf, "0x%x\n", local->hw.flags);
107	if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)	107	if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
108	sf += snprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n");	108	sf += scnprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n");
109	if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)	109	if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
110	sf += snprintf(buf + sf, mxln - sf, "RX_INCLUDES_FCS\n");	110	sf += scnprintf(buf + sf, mxln - sf, "RX_INCLUDES_FCS\n");
111	if (local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING)	111	if (local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING)
112	sf += snprintf(buf + sf, mxln - sf,	112	sf += scnprintf(buf + sf, mxln - sf,
113	"HOST_BCAST_PS_BUFFERING\n");	113	"HOST_BCAST_PS_BUFFERING\n");
114	if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)	114	if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)
115	sf += snprintf(buf + sf, mxln - sf,	115	sf += scnprintf(buf + sf, mxln - sf,
116	"2GHZ_SHORT_SLOT_INCAPABLE\n");	116	"2GHZ_SHORT_SLOT_INCAPABLE\n");
117	if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)	117	if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)
118	sf += snprintf(buf + sf, mxln - sf,	118	sf += scnprintf(buf + sf, mxln - sf,
119	"2GHZ_SHORT_PREAMBLE_INCAPABLE\n");	119	"2GHZ_SHORT_PREAMBLE_INCAPABLE\n");
120	if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)	120	if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
121	sf += snprintf(buf + sf, mxln - sf, "SIGNAL_UNSPEC\n");	121	sf += scnprintf(buf + sf, mxln - sf, "SIGNAL_UNSPEC\n");
122	if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)	122	if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
123	sf += snprintf(buf + sf, mxln - sf, "SIGNAL_DBM\n");	123	sf += scnprintf(buf + sf, mxln - sf, "SIGNAL_DBM\n");
124	if (local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC)	124	if (local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC)
125	sf += snprintf(buf + sf, mxln - sf, "NEED_DTIM_BEFORE_ASSOC\n");	125	sf += scnprintf(buf + sf, mxln - sf,
		126	"NEED_DTIM_BEFORE_ASSOC\n");
126	if (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)	127	if (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)
127	sf += snprintf(buf + sf, mxln - sf, "SPECTRUM_MGMT\n");	128	sf += scnprintf(buf + sf, mxln - sf, "SPECTRUM_MGMT\n");
128	if (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)	129	if (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)
129	sf += snprintf(buf + sf, mxln - sf, "AMPDU_AGGREGATION\n");	130	sf += scnprintf(buf + sf, mxln - sf, "AMPDU_AGGREGATION\n");
130	if (local->hw.flags & IEEE80211_HW_SUPPORTS_PS)	131	if (local->hw.flags & IEEE80211_HW_SUPPORTS_PS)
131	sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PS\n");	132	sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_PS\n");
132	if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)	133	if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
133	sf += snprintf(buf + sf, mxln - sf, "PS_NULLFUNC_STACK\n");	134	sf += scnprintf(buf + sf, mxln - sf, "PS_NULLFUNC_STACK\n");
134	if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)	135	if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
135	sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n");	136	sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n");
136	if (local->hw.flags & IEEE80211_HW_MFP_CAPABLE)	137	if (local->hw.flags & IEEE80211_HW_MFP_CAPABLE)
137	sf += snprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n");	138	sf += scnprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n");
138	if (local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS)	139	if (local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS)
139	sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n");	140	sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n");
140	if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)	141	if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
141	sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_SMPS\n");	142	sf += scnprintf(buf + sf, mxln - sf,
		143	"SUPPORTS_DYNAMIC_SMPS\n");
142	if (local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)	144	if (local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)
143	sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_UAPSD\n");	145	sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_UAPSD\n");
144	if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)	146	if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
145	sf += snprintf(buf + sf, mxln - sf, "REPORTS_TX_ACK_STATUS\n");	147	sf += scnprintf(buf + sf, mxln - sf,
		148	"REPORTS_TX_ACK_STATUS\n");
146	if (local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)	149	if (local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
147	sf += snprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n");	150	sf += scnprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n");
148	if (local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)	151	if (local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)
149	sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n");	152	sf += scnprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n");
150	if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)	153	if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
151	sf += snprintf(buf + sf, mxln - sf, "AP_LINK_PS\n");	154	sf += scnprintf(buf + sf, mxln - sf, "AP_LINK_PS\n");
152	if (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)	155	if (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)
153	sf += snprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n");	156	sf += scnprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n");
154		157
155	rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));	158	rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
156	kfree(buf);	159	kfree(buf);


diff --git a/net/mac80211/rc80211_pid_debugfs.c b/net/mac80211/rc80211_pid_debugfs.c index c97a0657c043..6ff134650a84 100644 --- a/net/mac80211/rc80211_pid_debugfs.c +++ b/net/mac80211/rc80211_pid_debugfs.c
@@ -167,29 +167,29 @@ static ssize_t rate_control_pid_events_read(struct file file, char __user buf,
167	* provide large enough buffers. */	167	* provide large enough buffers. */
168	length = length < RC_PID_PRINT_BUF_SIZE ?	168	length = length < RC_PID_PRINT_BUF_SIZE ?
169	length : RC_PID_PRINT_BUF_SIZE;	169	length : RC_PID_PRINT_BUF_SIZE;
170	p = snprintf(pb, length, "%u %lu ", ev->id, ev->timestamp);	170	p = scnprintf(pb, length, "%u %lu ", ev->id, ev->timestamp);
171	switch (ev->type) {	171	switch (ev->type) {
172	case RC_PID_EVENT_TYPE_TX_STATUS:	172	case RC_PID_EVENT_TYPE_TX_STATUS:
173	p += snprintf(pb + p, length - p, "tx_status %u %u",	173	p += scnprintf(pb + p, length - p, "tx_status %u %u",
174	!(ev->data.flags & IEEE80211_TX_STAT_ACK),	174	!(ev->data.flags & IEEE80211_TX_STAT_ACK),
175	ev->data.tx_status.status.rates[0].idx);	175	ev->data.tx_status.status.rates[0].idx);
176	break;	176	break;
177	case RC_PID_EVENT_TYPE_RATE_CHANGE:	177	case RC_PID_EVENT_TYPE_RATE_CHANGE:
178	p += snprintf(pb + p, length - p, "rate_change %d %d",	178	p += scnprintf(pb + p, length - p, "rate_change %d %d",
179	ev->data.index, ev->data.rate);	179	ev->data.index, ev->data.rate);
180	break;	180	break;
181	case RC_PID_EVENT_TYPE_TX_RATE:	181	case RC_PID_EVENT_TYPE_TX_RATE:
182	p += snprintf(pb + p, length - p, "tx_rate %d %d",	182	p += scnprintf(pb + p, length - p, "tx_rate %d %d",
183	ev->data.index, ev->data.rate);	183	ev->data.index, ev->data.rate);
184	break;	184	break;
185	case RC_PID_EVENT_TYPE_PF_SAMPLE:	185	case RC_PID_EVENT_TYPE_PF_SAMPLE:
186	p += snprintf(pb + p, length - p,	186	p += scnprintf(pb + p, length - p,
187	"pf_sample %d %d %d %d",	187	"pf_sample %d %d %d %d",
188	ev->data.pf_sample, ev->data.prop_err,	188	ev->data.pf_sample, ev->data.prop_err,
189	ev->data.int_err, ev->data.der_err);	189	ev->data.int_err, ev->data.der_err);
190	break;	190	break;
191	}	191	}
192	p += snprintf(pb + p, length - p, "\n");	192	p += scnprintf(pb + p, length - p, "\n");
193		193
194	spin_unlock_irqrestore(&events->lock, status);	194	spin_unlock_irqrestore(&events->lock, status);
195		195


diff --git a/net/wireless/debugfs.c b/net/wireless/debugfs.c index 90d050036624..454157717efa 100644 --- a/net/wireless/debugfs.c +++ b/net/wireless/debugfs.c
@@ -47,17 +47,19 @@ static int ht_print_chan(struct ieee80211_channel *chan,
47	return 0;	47	return 0;
48		48
49	if (chan->flags & IEEE80211_CHAN_DISABLED)	49	if (chan->flags & IEEE80211_CHAN_DISABLED)
50	return snprintf(buf + offset,	50	return scnprintf(buf + offset,
51	buf_size - offset,	51	buf_size - offset,
52	"%d Disabled\n",	52	"%d Disabled\n",
53	chan->center_freq);	53	chan->center_freq);
54		54
55	return snprintf(buf + offset,	55	return scnprintf(buf + offset,
56	buf_size - offset,	56	buf_size - offset,
57	"%d HT40 %c%c\n",	57	"%d HT40 %c%c\n",
58	chan->center_freq,	58	chan->center_freq,
59	(chan->flags & IEEE80211_CHAN_NO_HT40MINUS) ? ' ' : '-',	59	(chan->flags & IEEE80211_CHAN_NO_HT40MINUS) ?
60	(chan->flags & IEEE80211_CHAN_NO_HT40PLUS) ? ' ' : '+');	60	' ' : '-',
		61	(chan->flags & IEEE80211_CHAN_NO_HT40PLUS) ?
		62	' ' : '+');
61	}	63	}
62		64
63	static ssize_t ht40allow_map_read(struct file *file,	65	static ssize_t ht40allow_map_read(struct file *file,