| Message ID | 20241023-wwan-fmt-v1-1-521b39968639@kernel.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 3f7f3ef44f4b735b577291afdf7a87e6ce4b415d |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net-next] wwan: core: Pass string literal as format argument of dev_set_name() | expand |
Hello Simon, On 23.10.2024 15:15, Simon Horman wrote: > Both gcc-14 and clang-18 report that passing a non-string literal as the > format argument of dev_set_name() is potentially insecure. > > E.g. clang-18 says: > > drivers/net/wwan/wwan_core.c:442:34: warning: format string is not a string literal (potentially insecure) [-Wformat-security] > 442 | return dev_set_name(&port->dev, buf); > | ^~~ > drivers/net/wwan/wwan_core.c:442:34: note: treat the string as an argument to avoid this > 442 | return dev_set_name(&port->dev, buf); > | ^ > | "%s", > > It is always the case where the contents of mod is safe to pass as the > format argument. That is, in my understanding, it never contains any > format escape sequences. > > But, it seems better to be safe than sorry. And, as a bonus, compiler > output becomes less verbose by addressing this issue as suggested by > clang-18. > > Compile tested only. > No functional change intended. > > Signed-off-by: Simon Horman <horms@kernel.org> Theoretically, we can pass a string literal there and all the arguments required to build a proper device name of multiple elements to save some ticks on the format string processing. But this will require a deep rework still with intermediate string formatting. And since the performance of the name allocation is not the case here, lets go with your solution as way more simple and clear. Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com> > --- > drivers/net/wwan/wwan_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c > index 17431f1b1a0c..465e2a0d57a3 100644 > --- a/drivers/net/wwan/wwan_core.c > +++ b/drivers/net/wwan/wwan_core.c > @@ -431,7 +431,7 @@ static int __wwan_port_dev_assign_name(struct wwan_port *port, const char *fmt) > return -ENFILE; > } > > - return dev_set_name(&port->dev, buf); > + return dev_set_name(&port->dev, "%s", buf); > } > > struct wwan_port *wwan_create_port(struct device *parent, >
Hello: This patch was applied to netdev/net-next.git (main) by Jakub Kicinski <kuba@kernel.org>: On Wed, 23 Oct 2024 13:15:28 +0100 you wrote: > Both gcc-14 and clang-18 report that passing a non-string literal as the > format argument of dev_set_name() is potentially insecure. > > E.g. clang-18 says: > > drivers/net/wwan/wwan_core.c:442:34: warning: format string is not a string literal (potentially insecure) [-Wformat-security] > 442 | return dev_set_name(&port->dev, buf); > | ^~~ > drivers/net/wwan/wwan_core.c:442:34: note: treat the string as an argument to avoid this > 442 | return dev_set_name(&port->dev, buf); > | ^ > | "%s", > > [...] Here is the summary with links: - [net-next] wwan: core: Pass string literal as format argument of dev_set_name() https://git.kernel.org/netdev/net-next/c/3f7f3ef44f4b You are awesome, thank you!
diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c index 17431f1b1a0c..465e2a0d57a3 100644 --- a/drivers/net/wwan/wwan_core.c +++ b/drivers/net/wwan/wwan_core.c @@ -431,7 +431,7 @@ static int __wwan_port_dev_assign_name(struct wwan_port *port, const char *fmt) return -ENFILE; } - return dev_set_name(&port->dev, buf); + return dev_set_name(&port->dev, "%s", buf); } struct wwan_port *wwan_create_port(struct device *parent,
Both gcc-14 and clang-18 report that passing a non-string literal as the format argument of dev_set_name() is potentially insecure. E.g. clang-18 says: drivers/net/wwan/wwan_core.c:442:34: warning: format string is not a string literal (potentially insecure) [-Wformat-security] 442 | return dev_set_name(&port->dev, buf); | ^~~ drivers/net/wwan/wwan_core.c:442:34: note: treat the string as an argument to avoid this 442 | return dev_set_name(&port->dev, buf); | ^ | "%s", It is always the case where the contents of mod is safe to pass as the format argument. That is, in my understanding, it never contains any format escape sequences. But, it seems better to be safe than sorry. And, as a bonus, compiler output becomes less verbose by addressing this issue as suggested by clang-18. Compile tested only. No functional change intended. Signed-off-by: Simon Horman <horms@kernel.org> --- drivers/net/wwan/wwan_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)