diff mbox series

[net-next] wwan: core: Pass string literal as format argument of dev_set_name()

Message ID 20241023-wwan-fmt-v1-1-521b39968639@kernel.org (mailing list archive)
State Accepted
Commit 3f7f3ef44f4b735b577291afdf7a87e6ce4b415d
Delegated to: Netdev Maintainers
Headers show
Series [net-next] wwan: core: Pass string literal as format argument of dev_set_name() | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 5 this patch: 5
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 13 of 13 maintainers
netdev/build_clang success Errors and warnings before: 3 this patch: 3
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 4 this patch: 4
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-10-24--12-00 (tests: 777)

Commit Message

Simon Horman Oct. 23, 2024, 12:15 p.m. UTC
Both gcc-14 and clang-18 report that passing a non-string literal as the
format argument of dev_set_name() is potentially insecure.

E.g. clang-18 says:

drivers/net/wwan/wwan_core.c:442:34: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
  442 |         return dev_set_name(&port->dev, buf);
      |                                         ^~~
drivers/net/wwan/wwan_core.c:442:34: note: treat the string as an argument to avoid this
  442 |         return dev_set_name(&port->dev, buf);
      |                                         ^
      |                                         "%s",

It is always the case where the contents of mod is safe to pass as the
format argument. That is, in my understanding, it never contains any
format escape sequences.

But, it seems better to be safe than sorry. And, as a bonus, compiler
output becomes less verbose by addressing this issue as suggested by
clang-18.

Compile tested only.
No functional change intended.

Signed-off-by: Simon Horman <horms@kernel.org>
---
 drivers/net/wwan/wwan_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Sergey Ryazanov Oct. 29, 2024, 12:22 a.m. UTC | #1
Hello Simon,

On 23.10.2024 15:15, Simon Horman wrote:
> Both gcc-14 and clang-18 report that passing a non-string literal as the
> format argument of dev_set_name() is potentially insecure.
> 
> E.g. clang-18 says:
> 
> drivers/net/wwan/wwan_core.c:442:34: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>    442 |         return dev_set_name(&port->dev, buf);
>        |                                         ^~~
> drivers/net/wwan/wwan_core.c:442:34: note: treat the string as an argument to avoid this
>    442 |         return dev_set_name(&port->dev, buf);
>        |                                         ^
>        |                                         "%s",
> 
> It is always the case where the contents of mod is safe to pass as the
> format argument. That is, in my understanding, it never contains any
> format escape sequences.
> 
> But, it seems better to be safe than sorry. And, as a bonus, compiler
> output becomes less verbose by addressing this issue as suggested by
> clang-18.
> 
> Compile tested only.
> No functional change intended.
> 
> Signed-off-by: Simon Horman <horms@kernel.org>

Theoretically, we can pass a string literal there and all the arguments 
required to build a proper device name of multiple elements to save some 
ticks on the format string processing.

But this will require a deep rework still with intermediate string 
formatting. And since the performance of the name allocation is not the 
case here, lets go with your solution as way more simple and clear.

Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

> ---
>   drivers/net/wwan/wwan_core.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c
> index 17431f1b1a0c..465e2a0d57a3 100644
> --- a/drivers/net/wwan/wwan_core.c
> +++ b/drivers/net/wwan/wwan_core.c
> @@ -431,7 +431,7 @@ static int __wwan_port_dev_assign_name(struct wwan_port *port, const char *fmt)
>   		return -ENFILE;
>   	}
>   
> -	return dev_set_name(&port->dev, buf);
> +	return dev_set_name(&port->dev, "%s", buf);
>   }
>   
>   struct wwan_port *wwan_create_port(struct device *parent,
>
patchwork-bot+netdevbpf@kernel.org Oct. 29, 2024, 6:50 p.m. UTC | #2
Hello:

This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Wed, 23 Oct 2024 13:15:28 +0100 you wrote:
> Both gcc-14 and clang-18 report that passing a non-string literal as the
> format argument of dev_set_name() is potentially insecure.
> 
> E.g. clang-18 says:
> 
> drivers/net/wwan/wwan_core.c:442:34: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>   442 |         return dev_set_name(&port->dev, buf);
>       |                                         ^~~
> drivers/net/wwan/wwan_core.c:442:34: note: treat the string as an argument to avoid this
>   442 |         return dev_set_name(&port->dev, buf);
>       |                                         ^
>       |                                         "%s",
> 
> [...]

Here is the summary with links:
  - [net-next] wwan: core: Pass string literal as format argument of dev_set_name()
    https://git.kernel.org/netdev/net-next/c/3f7f3ef44f4b

You are awesome, thank you!
diff mbox series

Patch

diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c
index 17431f1b1a0c..465e2a0d57a3 100644
--- a/drivers/net/wwan/wwan_core.c
+++ b/drivers/net/wwan/wwan_core.c
@@ -431,7 +431,7 @@  static int __wwan_port_dev_assign_name(struct wwan_port *port, const char *fmt)
 		return -ENFILE;
 	}
 
-	return dev_set_name(&port->dev, buf);
+	return dev_set_name(&port->dev, "%s", buf);
 }
 
 struct wwan_port *wwan_create_port(struct device *parent,