From 7882f15ff63199a517852760f5686ecd0b886123 Mon Sep 17 00:00:00 2001
From: Nitin Kumbhar <nkumbhar@nvidia.com>
Date: Wed, 25 Sep 2019 14:27:57 +0530
Subject: gpu: nvgpu: fix possible buffer overflow issue

As sprintf() is used to populate pool_name[20], it can overflow
for larger u32 values (u32 max decimal number chars are 10) i.e.
20 < strlen("semaphore_pool-") i.e. 15 + 10.

Fix this overflow by removing pool_name as it's not used.

Bug 2626446
Bug 3273414

Change-Id: I4e0a222a2cd34dcd09e69294bc46e2242abb04bb
Signed-off-by: Nitin Kumbhar <nkumbhar@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/2205356
(cherry picked from commit baa86cf134ee6753beabfa974a10faffc5775ee8)
Signed-off-by: ByungKuk Seo <bseo@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2496976
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: Harsh Sinha <hsinha@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
GVS: Gerrit_Virtual_Submit
---
 drivers/gpu/nvgpu/common/sync/channel_sync.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/gpu/nvgpu/common/sync/channel_sync.c b/drivers/gpu/nvgpu/common/sync/channel_sync.c
index a88092e1..3829d257 100644
--- a/drivers/gpu/nvgpu/common/sync/channel_sync.c
+++ b/drivers/gpu/nvgpu/common/sync/channel_sync.c
@@ -1,7 +1,7 @@
 /*
  * GK20A Channel Synchronization Abstraction
  *
- * Copyright (c) 2014-2018, NVIDIA CORPORATION.  All rights reserved.
+ * Copyright (c) 2014-2021, NVIDIA CORPORATION.  All rights reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the "Software"),
@@ -596,7 +596,6 @@ channel_sync_semaphore_create(struct channel_gk20a *c, bool user_managed)
 {
 	struct nvgpu_channel_sync_semaphore *sema;
 	struct gk20a *g = c->g;
-	char pool_name[20];
 	int asid = -1;
 	int err;
 
@@ -610,7 +609,6 @@ channel_sync_semaphore_create(struct channel_gk20a *c, bool user_managed)
 	}
 	sema->c = c;
 
-	sprintf(pool_name, "semaphore_pool-%d", c->chid);
 	sema->pool = c->vm->sema_pool;
 
 	if (c->vm->as_share != NULL) {
-- 
cgit v1.2.2