From: Jason Gunthorpe <jgg@nvidia.com>
To: Leon Romanovsky <leon@kernel.org>
Cc: Arnd Bergmann <arnd@kernel.org>,
Yishai Hadas <yishaih@nvidia.com>,
Zhu Yanjun <yanjun.zhu@linux.dev>,
Chiara Meiohas <cmeiohas@nvidia.com>,
Arnd Bergmann <arnd@arndb.de>,
linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] inifiniband: ucaps: avoid format-security warning
Date: Tue, 1 Apr 2025 13:28:36 -0300 [thread overview]
Message-ID: <20250401162836.GA324820@nvidia.com> (raw)
In-Reply-To: <20250317115000.GS1322339@unreal>
On Mon, Mar 17, 2025 at 01:50:00PM +0200, Leon Romanovsky wrote:
> On Fri, Mar 14, 2025 at 04:57:15PM +0100, Arnd Bergmann wrote:
> > From: Arnd Bergmann <arnd@arndb.de>
> >
> > Passing a non-constant format string to dev_set_name causes a warning:
> >
> > drivers/infiniband/core/ucaps.c:173:33: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
> > 173 | ret = dev_set_name(&ucap->dev, ucap_names[type]);
> > | ^~~~~~~~~~~~~~~~
> > drivers/infiniband/core/ucaps.c:173:33: note: treat the string as an argument to avoid this
> > 173 | ret = dev_set_name(&ucap->dev, ucap_names[type]);
> > | ^
> > | "%s",
> >
> > Turn the name into thet %s argument as suggested by gcc.
> >
> > Fixes: 61e51682816d ("RDMA/uverbs: Introduce UCAP (User CAPabilities) API")
> > Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> > ---
> > drivers/infiniband/core/ucaps.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Why don't you change ucap_names[] declaration instead?
>
> diff --git a/drivers/infiniband/core/ucaps.c b/drivers/infiniband/core/ucaps.c
> index 6853c6d078f9..90ac41bc0f07 100644
> --- a/drivers/infiniband/core/ucaps.c
> +++ b/drivers/infiniband/core/ucaps.c
> @@ -23,7 +23,7 @@ struct ib_ucap {
> struct kref ref;
> };
>
> -static const char *ucap_names[RDMA_UCAP_MAX] = {
> +static const char *const ucap_names[RDMA_UCAP_MAX] = {
> [RDMA_UCAP_MLX5_CTRL_LOCAL] = "mlx5_perm_ctrl_local",
> [RDMA_UCAP_MLX5_CTRL_OTHER_VHCA] = "mlx5_perm_ctrl_other_vhca"
> };
This should be done anyone, but it won't fix the warning. gcc is
worried that the format string could have an embedded "%XXX" or
something that would cause stack corruption. It is a security error to
push user controlled data into the format string. This isn't happening
here, but silencing gcc will need the %s.
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
For both
Jason
next prev parent reply other threads:[~2025-04-01 16:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-14 15:57 [PATCH] inifiniband: ucaps: avoid format-security warning Arnd Bergmann
2025-03-14 19:05 ` Zhu Yanjun
2025-03-17 11:50 ` Leon Romanovsky
2025-04-01 16:28 ` Jason Gunthorpe [this message]
2025-04-07 17:56 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250401162836.GA324820@nvidia.com \
--to=jgg@nvidia.com \
--cc=arnd@arndb.de \
--cc=arnd@kernel.org \
--cc=cmeiohas@nvidia.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=yanjun.zhu@linux.dev \
--cc=yishaih@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.