From 26919411acfafe35365bbb02205aa8484b2d2726 Mon Sep 17 00:00:00 2001 From: Simon Horman Date: Mon, 14 Oct 2024 09:52:25 +0100 Subject: [PATCH 1/2] net: dsa: microchip: copy string using strscpy Prior to this patch ksz_ptp_msg_irq_setup() uses snprintf() to copy strings. It does so by passing strings as the format argument of snprintf(). This appears to be safe, due to the absence of format specifiers in the strings, which are declared within the same function. But nonetheless GCC 14 warns about it: .../ksz_ptp.c:1109:55: warning: format string is not a string literal (potentially insecure) [-Wformat-security] 1109 | snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]); | ^~~~~~~ .../ksz_ptp.c:1109:55: note: treat the string as an argument to avoid this 1109 | snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]); | ^ | "%s", As what we are really dealing with here is a string copy, it seems make sense to use a function designed for this purpose. In this case null padding is not required, so strscpy is appropriate. And as the destination is an array of fixed size, the 2-argument variant may be used. Reviewed-by: Daniel Machon Signed-off-by: Simon Horman Link: https://patch.msgid.link/20241014-string-thing-v2-1-b9b29625060a@kernel.org Signed-off-by: Jakub Kicinski --- drivers/net/dsa/microchip/ksz_ptp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/dsa/microchip/ksz_ptp.c b/drivers/net/dsa/microchip/ksz_ptp.c index 050f17c43ef60..22fb9ef4645c1 100644 --- a/drivers/net/dsa/microchip/ksz_ptp.c +++ b/drivers/net/dsa/microchip/ksz_ptp.c @@ -1106,7 +1106,7 @@ static int ksz_ptp_msg_irq_setup(struct ksz_port *port, u8 n) ptpmsg_irq->port = port; ptpmsg_irq->ts_reg = ops->get_port_addr(port->num, ts_reg[n]); - snprintf(ptpmsg_irq->name, sizeof(ptpmsg_irq->name), name[n]); + strscpy(ptpmsg_irq->name, name[n]); ptpmsg_irq->num = irq_find_mapping(port->ptpirq.domain, n); if (ptpmsg_irq->num < 0) From d6488e77725ee20cfd84cb75a8cdd56acbcbcc8a Mon Sep 17 00:00:00 2001 From: Simon Horman Date: Mon, 14 Oct 2024 09:52:26 +0100 Subject: [PATCH 2/2] net: txgbe: Pass string literal as format argument of alloc_workqueue() Recently I noticed that both gcc-14 and clang-18 report that passing a non-string literal as the format argument of clkdev_create() is potentially insecure. E.g. clang-18 says: .../txgbe_phy.c:582:35: warning: format string is not a string literal (potentially insecure) [-Wformat-security] 581 | clock = clkdev_create(clk, NULL, clk_name); | ^~~~~~~~ .../txgbe_phy.c:582:35: note: treat the string as an argument to avoid this 581 | clock = clkdev_create(clk, NULL, clk_name); | ^ | "%s", It is always the case where the contents of clk_name is safe to pass as the format argument. That is, in my understanding, it never contains any format escape sequences. However, it seems better to be safe than sorry. And, as a bonus, compiler output becomes less verbose by addressing this issue as suggested by clang-18. Compile tested only. Signed-off-by: Simon Horman Link: https://patch.msgid.link/20241014-string-thing-v2-2-b9b29625060a@kernel.org Signed-off-by: Jakub Kicinski --- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c index 3dd89dafe7c74..a0e4920b4761c 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c @@ -578,7 +578,7 @@ static int txgbe_clock_register(struct txgbe *txgbe) if (IS_ERR(clk)) return PTR_ERR(clk); - clock = clkdev_create(clk, NULL, clk_name); + clock = clkdev_create(clk, NULL, "%s", clk_name); if (!clock) { clk_unregister(clk); return -ENOMEM;