[PATCH net-next] octeontx2-af: use unsigned int as iterator for unsigned values

[PATCH net-next] octeontx2-af: use unsigned int as iterator for unsigned values

[Simon Horman]

The local variable i is used to iterate over unsigned
values. The lower bound of the loop is set to 0. While
the upper bound is cgx->lmac_count, where they lmac_count is
an u8. So the theoretical upper bound is 255.

As is, GCC can't see this range of values and warns that
a formatted string, which includes the %d representation of i,
may overflow the buffer provided.

GCC 15.1.0 says:

  .../cgx.c: In function 'cgx_lmac_init':
  .../cgx.c:1737:49: warning: '%d' directive writing between 1 and 11 bytes into a region of size between 4 and 6 [-Wformat-overflow=]
   1737 |                 sprintf(lmac->name, "cgx_fwi_%d_%d", cgx->cgx_id, i);
        |                                                 ^~
  .../cgx.c:1737:37: note: directive argument in the range [-2147483641, 254]
   1737 |                 sprintf(lmac->name, "cgx_fwi_%d_%d", cgx->cgx_id, i);
        |                                     ^~~~~~~~~~~~~~~
  .../cgx.c:1737:17: note: 'sprintf' output between 12 and 24 bytes into a destination of size 16
   1737 |                 sprintf(lmac->name, "cgx_fwi_%d_%d", cgx->cgx_id, i);
        |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Empirically, changing the type of i from (signed) int to unsigned int
addresses this problem. I assume by allowing GCC to see the range of
values described above.

Also update the format specifiers for the integer values in the string
in question from %d to %u. This seems appropriate as they are now both
unsigned.

No functional change intended.
Compile tested only.

Signed-off-by: Simon Horman <horms@kernel.org>
---
 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
index ab5838865c3f..4ff19a04b23e 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
@@ -1706,9 +1706,9 @@ static int cgx_lmac_init(struct cgx *cgx)
 {
 	u8 max_dmac_filters;
 	struct lmac *lmac;
+	int err, filter;
+	unsigned int i;
 	u64 lmac_list;
-	int i, err;
-	int filter;
 
 	/* lmac_list specifies which lmacs are enabled
 	 * when bit n is set to 1, LMAC[n] is enabled
@@ -1734,7 +1734,7 @@ static int cgx_lmac_init(struct cgx *cgx)
 			err = -ENOMEM;
 			goto err_lmac_free;
 		}
-		sprintf(lmac->name, "cgx_fwi_%d_%d", cgx->cgx_id, i);
+		sprintf(lmac->name, "cgx_fwi_%u_%u", cgx->cgx_id, i);
 		if (cgx->mac_ops->non_contiguous_serdes_lane) {
 			lmac->lmac_id = __ffs64(lmac_list);
 			lmac_list   &= ~BIT_ULL(lmac->lmac_id);

Re: [PATCH net-next] octeontx2-af: use unsigned int as iterator for unsigned values

[Vadim Fedorenko]

On 24/07/2025 14:10, Simon Horman wrote:
> The local variable i is used to iterate over unsigned
> values. The lower bound of the loop is set to 0. While
> the upper bound is cgx->lmac_count, where they lmac_count is
> an u8. So the theoretical upper bound is 255.
> 
> As is, GCC can't see this range of values and warns that
> a formatted string, which includes the %d representation of i,
> may overflow the buffer provided.
> 
> GCC 15.1.0 says:
> 
>    .../cgx.c: In function 'cgx_lmac_init':
>    .../cgx.c:1737:49: warning: '%d' directive writing between 1 and 11 bytes into a region of size between 4 and 6 [-Wformat-overflow=]
>     1737 |                 sprintf(lmac->name, "cgx_fwi_%d_%d", cgx->cgx_id, i);
>          |                                                 ^~
>    .../cgx.c:1737:37: note: directive argument in the range [-2147483641, 254]
>     1737 |                 sprintf(lmac->name, "cgx_fwi_%d_%d", cgx->cgx_id, i);
>          |                                     ^~~~~~~~~~~~~~~
>    .../cgx.c:1737:17: note: 'sprintf' output between 12 and 24 bytes into a destination of size 16
>     1737 |                 sprintf(lmac->name, "cgx_fwi_%d_%d", cgx->cgx_id, i);
>          |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Empirically, changing the type of i from (signed) int to unsigned int
> addresses this problem. I assume by allowing GCC to see the range of
> values described above.
> 
> Also update the format specifiers for the integer values in the string
> in question from %d to %u. This seems appropriate as they are now both
> unsigned.
> 
> No functional change intended.
> Compile tested only.
> 
> Signed-off-by: Simon Horman <horms@kernel.org>
> ---
>   drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)

Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>

Re: [PATCH net-next] octeontx2-af: use unsigned int as iterator for unsigned values

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Thu, 24 Jul 2025 14:10:54 +0100 you wrote:
> The local variable i is used to iterate over unsigned
> values. The lower bound of the loop is set to 0. While
> the upper bound is cgx->lmac_count, where they lmac_count is
> an u8. So the theoretical upper bound is 255.
> 
> As is, GCC can't see this range of values and warns that
> a formatted string, which includes the %d representation of i,
> may overflow the buffer provided.
> 
> [...]

Here is the summary with links:
  - [net-next] octeontx2-af: use unsigned int as iterator for unsigned values
    https://git.kernel.org/netdev/net-next/c/9312ee76490d

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html