From: Jay Vosburgh <jv@jvosburgh.net>
To: Simon Horman <horms@kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Andy Gospodarek <andy@greyhouse.net>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Bill Wendling <morbo@google.com>,
Justin Stitt <justinstitt@google.com>,
netdev@vger.kernel.org, llvm@lists.linux.dev
Subject: Re: [PATCH net-next] bonding: Pass string literal as format argument of alloc_ordered_workqueue()
Date: Tue, 06 Aug 2024 15:43:32 -0700 [thread overview]
Message-ID: <3239345.1722984212@famine> (raw)
In-Reply-To: <20240806-bonding-fmt-v1-1-e75027e45775@kernel.org>
Simon Horman <horms@kernel.org> wrote:
>Recently I noticed that both gcc-14 and clang-18 report that passing
>a non-string literal as the format argument of alloc_ordered_workqueue
>is potentially insecure.
>
>F.e. clang-18 says:
>
>.../bond_main.c:6384:37: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> 6384 | bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
> | ^~~~~~~~~~~~~~
>.../workqueue.h:524:18: note: expanded from macro 'alloc_ordered_workqueue'
> 524 | alloc_workqueue(fmt, WQ_UNBOUND | __WQ_ORDERED | (flags), 1, ##args)
> | ^~~
>.../bond_main.c:6384:37: note: treat the string as an argument to avoid this
> 6384 | bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
> | ^
> | "%s",
>..../workqueue.h:524:18: note: expanded from macro 'alloc_ordered_workqueue'
> 524 | alloc_workqueue(fmt, WQ_UNBOUND | __WQ_ORDERED | (flags), 1, ##args)
> | ^
>
>Perhaps it is always the case where the contents of bond_dev->name is
>safe to pass as the format argument. That is, in my understanding, it
>never contains any format escape sequences.
>
>But, it seems better to be safe than sorry. And, as a bonus, compiler
>output becomes less verbose by addressing this issue as suggested by
>clang-18.
>
>Signed-off-by: Simon Horman <horms@kernel.org>
Acked-by: Jay Vosburgh <jv@jvosburgh.net>
>---
> drivers/net/bonding/bond_main.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
>index 1cd92c12e782..f9633a6f8571 100644
>--- a/drivers/net/bonding/bond_main.c
>+++ b/drivers/net/bonding/bond_main.c
>@@ -6338,7 +6338,8 @@ static int bond_init(struct net_device *bond_dev)
>
> netdev_dbg(bond_dev, "Begin bond_init\n");
>
>- bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
>+ bond->wq = alloc_ordered_workqueue("%s", WQ_MEM_RECLAIM,
>+ bond_dev->name);
> if (!bond->wq)
> return -ENOMEM;
>
>
next prev parent reply other threads:[~2024-08-06 22:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-06 9:56 [PATCH net-next] bonding: Pass string literal as format argument of alloc_ordered_workqueue() Simon Horman
2024-08-06 22:43 ` Jay Vosburgh [this message]
2024-08-08 3:30 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3239345.1722984212@famine \
--to=jv@jvosburgh.net \
--cc=andy@greyhouse.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=justinstitt@google.com \
--cc=kuba@kernel.org \
--cc=llvm@lists.linux.dev \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.