From patchwork Fri Oct 11 09:57:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Horman X-Patchwork-Id: 13832313 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 70B7FCFD316 for ; Fri, 11 Oct 2024 09:57:26 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id F074410EA9C; Fri, 11 Oct 2024 09:57:25 +0000 (UTC) Authentication-Results: gabe.freedesktop.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="YYZsggJg"; dkim-atps=neutral Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by gabe.freedesktop.org (Postfix) with ESMTPS id 1F83110EA9C for ; Fri, 11 Oct 2024 09:57:24 +0000 (UTC) Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id DFFE25C031B; Fri, 11 Oct 2024 09:57:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F1ED8C4CED0; Fri, 11 Oct 2024 09:57:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1728640642; bh=C4j0spZA6e8EtGv8uPBzDuOpzYnqUPeFP8JKH5G1X2c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=YYZsggJgcn0JhvMFned+oc1Zr9EUvB+y/6R2noGQylEmjNbtdx4FAhh1nNQtES74s N88fZc6X7lVCq9+jVaLjWtyJxLNs8Apx5+mKSiyniQt/WVwnekxj47qzCaAGkrgVwa Njw9lLq1pQJou3i4GNfU+s0F/LBI1fXZWGppm7nignGMSHI3xiYx8CXmbuFdajslEp Tflq1mKQhrpG8Bp/qta9V1eqCLK1HbqpjWuxbOUl0k1RA+Z8GVGb/0mvfszjsElcSV g6/ZvY30YnT6sgj7xvSYNkurEQz2bbtYPTK4+Sj8UaCZGDqb23I8vpfPRpvZK2A9e5 us7zaPy5HporA== From: Simon Horman Date: Fri, 11 Oct 2024 10:57:10 +0100 Subject: [PATCH net-next 1/3] net: dsa: microchip: copy string using strscpy MIME-Version: 1.0 Message-Id: <20241011-string-thing-v1-1-acc506568033@kernel.org> References: <20241011-string-thing-v1-0-acc506568033@kernel.org> In-Reply-To: <20241011-string-thing-v1-0-acc506568033@kernel.org> To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: Woojung Huh , Andrew Lunn , Florian Fainelli , Vladimir Oltean , Richard Cochran , Jiawen Wu , Mengyuan Lou , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Jeffrey Hugo , Carl Vanderlip , Oded Gabbay , UNGLinuxDriver@microchip.com, netdev@vger.kernel.org, llvm@lists.linux.dev, linux-arm-msm@vger.kernel.org, dri-devel@lists.freedesktop.org X-Mailer: b4 0.14.0 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" Prior to this patch ksz_ptp_msg_irq_setup() uses snprintf() to copy strings. It does so by passing strings as the format argument of snprintf(). This appears to be safe, due to the absence of format specifiers in the strings, which are declared within the same function. But nonetheless GCC 14 warns about it: .../ksz_ptp.c:1109:55: warning: format string is not a string literal (potentially insecure) [-Wformat-security] 1109 | snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]); | ^~~~~~~ .../ksz_ptp.c:1109:55: note: treat the string as an argument to avoid this 1109 | snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]); | ^ | "%s", As what we are really dealing with here is a string copy, it seems make sense to use a function designed for this purpose. In this case null padding is not required, so strscpy is appropriate. And as the destination is an array, the 2-argument variant may be used. Signed-off-by: Simon Horman Reviewed-by: Daniel Machon --- drivers/net/dsa/microchip/ksz_ptp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/dsa/microchip/ksz_ptp.c b/drivers/net/dsa/microchip/ksz_ptp.c index 050f17c43ef6..22fb9ef4645c 100644 --- a/drivers/net/dsa/microchip/ksz_ptp.c +++ b/drivers/net/dsa/microchip/ksz_ptp.c @@ -1106,7 +1106,7 @@ static int ksz_ptp_msg_irq_setup(struct ksz_port *port, u8 n) ptpmsg_irq->port = port; ptpmsg_irq->ts_reg = ops->get_port_addr(port->num, ts_reg[n]); - snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]); + strscpy(ptpmsg_irq->name, name[n]); ptpmsg_irq->num = irq_find_mapping(port->ptpirq.domain, n); if (ptpmsg_irq->num < 0) From patchwork Fri Oct 11 09:57:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Horman X-Patchwork-Id: 13832314 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 553F9CFD316 for ; Fri, 11 Oct 2024 09:57:30 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id C2A7F10EA9D; Fri, 11 Oct 2024 09:57:29 +0000 (UTC) Authentication-Results: gabe.freedesktop.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="pLi/WQ0v"; dkim-atps=neutral Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by gabe.freedesktop.org (Postfix) with ESMTPS id 435B910EA9D for ; Fri, 11 Oct 2024 09:57:28 +0000 (UTC) Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 45D1F5C5B10; Fri, 11 Oct 2024 09:57:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 575F4C4CEC3; Fri, 11 Oct 2024 09:57:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1728640647; bh=hsOb7L5eWKwXJPJsWh5XXOI6Us1bIOBJXOrfGRTSao0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=pLi/WQ0vGwyDb2dzl9+Fq4w/QFVDnyZE6c/iZvu8EV7OHL8g/K/HqY5N0QnCuobzj 2XljCRFYb6J2i9a+IPgFu9vfq6lIWXrxPoYbrzW3LEyHzcJ3rlxoqGV89G+68RGGcw xXxFfef56sNMj9AlbSN4d83ubSkb6oWg5cdXl6qdB/B92cDbfeMMDLXofG3YUEuIcC gEw/pxKNGT3ManoSs/S7/JXjyHatU40L45dwZV7oVUtc4EwtiCaPnxFh29grf0qJyM rDN6V0+atZpvZPLhTAMbyn43fRod2bs+sHBnSSK7JvlyEUKN8BPyTkdIps3q0C3fIs V0IDwhUR/KxsQ== From: Simon Horman Date: Fri, 11 Oct 2024 10:57:11 +0100 Subject: [PATCH net-next 2/3] net: txgbe: Pass string literal as format argument of alloc_workqueue() MIME-Version: 1.0 Message-Id: <20241011-string-thing-v1-2-acc506568033@kernel.org> References: <20241011-string-thing-v1-0-acc506568033@kernel.org> In-Reply-To: <20241011-string-thing-v1-0-acc506568033@kernel.org> To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: Woojung Huh , Andrew Lunn , Florian Fainelli , Vladimir Oltean , Richard Cochran , Jiawen Wu , Mengyuan Lou , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Jeffrey Hugo , Carl Vanderlip , Oded Gabbay , UNGLinuxDriver@microchip.com, netdev@vger.kernel.org, llvm@lists.linux.dev, linux-arm-msm@vger.kernel.org, dri-devel@lists.freedesktop.org X-Mailer: b4 0.14.0 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" Recently I noticed that both gcc-14 and clang-18 report that passing a non-string literal as the format argument of clkdev_create() is potentially insecure. E.g. clang-18 says: .../txgbe_phy.c:582:35: warning: format string is not a string literal (potentially insecure) [-Wformat-security] 581 | clock = clkdev_create(clk, NULL, clk_name); | ^~~~~~~~ .../txgbe_phy.c:582:35: note: treat the string as an argument to avoid this 581 | clock = clkdev_create(clk, NULL, clk_name); | ^ | "%s", It is always the case where the contents of clk_name is safe to pass as the format argument. That is, in my understanding, it never contains any format escape sequences. However, it seems better to be safe than sorry. And, as a bonus, compiler output becomes less verbose by addressing this issue as suggested by clang-18. Compile tested only. Signed-off-by: Simon Horman --- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c index 3dd89dafe7c7..a0e4920b4761 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c @@ -578,7 +578,7 @@ static int txgbe_clock_register(struct txgbe *txgbe) if (IS_ERR(clk)) return PTR_ERR(clk); - clock = clkdev_create(clk, NULL, clk_name); + clock = clkdev_create(clk, NULL, "%s", clk_name); if (!clock) { clk_unregister(clk); return -ENOMEM; From patchwork Fri Oct 11 09:57:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Horman X-Patchwork-Id: 13832315 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EF09CCFD316 for ; Fri, 11 Oct 2024 09:57:34 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 7B3C010EA9E; Fri, 11 Oct 2024 09:57:34 +0000 (UTC) Authentication-Results: gabe.freedesktop.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="A6wc6itB"; dkim-atps=neutral Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by gabe.freedesktop.org (Postfix) with ESMTPS id A271B10EA9E for ; Fri, 11 Oct 2024 09:57:32 +0000 (UTC) Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id BAF775C031B; Fri, 11 Oct 2024 09:57:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AEEA2C4CECC; Fri, 11 Oct 2024 09:57:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1728640651; bh=2gk6wi1k4yh4eT4f1QLyt5TAGrsRtDo5kjnzPVa+0i4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=A6wc6itBAOVHQ9eF/x8rnO99ux7oFb/Y4u4+GyMoH11r/HEnSR7YWT6ktOh1TlAyh c3Aw9leZhsTPfMYqggqoDzxAQvXkPwQE9tyfaPz1bgbdQC37uoej7U1vmQbrWaDtUC BOo14oZZ5/1XSrqbR4jEBC/CabDXay9B5/j4Mj4BgPxErjYPMNAo7Rz+CRMv1f0w8r 8qs5cYPAtlurYUjzO9gv+1n4AaIcAexjsHtYwRlWytP0Pas6jOjVbOFge4YKelANvg +VItf0w5Oqk4dqfG3NiEfS0ulkj3XLUpfhUQ1gyQkhopzKnqKbaMF/nlzq5vWyO+9f rZLZygIBfnj1Q== From: Simon Horman Date: Fri, 11 Oct 2024 10:57:12 +0100 Subject: [PATCH net-next 3/3] accel/qaic: Pass string literal as format argument of alloc_workqueue() MIME-Version: 1.0 Message-Id: <20241011-string-thing-v1-3-acc506568033@kernel.org> References: <20241011-string-thing-v1-0-acc506568033@kernel.org> In-Reply-To: <20241011-string-thing-v1-0-acc506568033@kernel.org> To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: Woojung Huh , Andrew Lunn , Florian Fainelli , Vladimir Oltean , Richard Cochran , Jiawen Wu , Mengyuan Lou , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Jeffrey Hugo , Carl Vanderlip , Oded Gabbay , UNGLinuxDriver@microchip.com, netdev@vger.kernel.org, llvm@lists.linux.dev, linux-arm-msm@vger.kernel.org, dri-devel@lists.freedesktop.org X-Mailer: b4 0.14.0 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" Recently I noticed that both gcc-14 and clang-18 report that passing a non-string literal as the format argument of alloc_workqueue() is potentially insecure. E.g. clang-18 says: .../qaic_drv.c:61:23: warning: format string is not a string literal (potentially insecure) [-Wformat-security] 61 | wq = alloc_workqueue(fmt, WQ_UNBOUND, 0); | ^~~ .../qaic_drv.c:61:23: note: treat the string as an argument to avoid this 61 | wq = alloc_workqueue(fmt, WQ_UNBOUND, 0); | ^ | "%s", It is always the case where the contents of fmt is safe to pass as the format argument. That is, in my understanding, it never contains any format escape sequences. But, it seems better to be safe than sorry. And, as a bonus, compiler output becomes less verbose by addressing this issue as suggested by clang-18. Also, change the name of the parameter of qaicm_wq_init from fmt to name to better reflect it's purpose. Compile tested only. Signed-off-by: Simon Horman Reviewed-by: Jeffrey Hugo Tested-by: Jeffrey Hugo --- drivers/accel/qaic/qaic_drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/accel/qaic/qaic_drv.c b/drivers/accel/qaic/qaic_drv.c index bf10156c334e..30e6bf7897bd 100644 --- a/drivers/accel/qaic/qaic_drv.c +++ b/drivers/accel/qaic/qaic_drv.c @@ -53,12 +53,12 @@ static void qaicm_wq_release(struct drm_device *dev, void *res) destroy_workqueue(wq); } -static struct workqueue_struct *qaicm_wq_init(struct drm_device *dev, const char *fmt) +static struct workqueue_struct *qaicm_wq_init(struct drm_device *dev, const char *name) { struct workqueue_struct *wq; int ret; - wq = alloc_workqueue(fmt, WQ_UNBOUND, 0); + wq = alloc_workqueue("%s", WQ_UNBOUND, 0, name); if (!wq) return ERR_PTR(-ENOMEM); ret = drmm_add_action_or_reset(dev, qaicm_wq_release, wq);