* [PATCH net-next] bonding: Pass string literal as format argument of alloc_ordered_workqueue()
@ 2024-08-06 9:56 Simon Horman
2024-08-06 22:43 ` Jay Vosburgh
2024-08-08 3:30 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Simon Horman @ 2024-08-06 9:56 UTC (permalink / raw)
To: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni
Cc: Jay Vosburgh, Andy Gospodarek, Nathan Chancellor,
Nick Desaulniers, Bill Wendling, Justin Stitt, netdev, llvm
Recently I noticed that both gcc-14 and clang-18 report that passing
a non-string literal as the format argument of alloc_ordered_workqueue
is potentially insecure.
F.e. clang-18 says:
.../bond_main.c:6384:37: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
6384 | bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
| ^~~~~~~~~~~~~~
.../workqueue.h:524:18: note: expanded from macro 'alloc_ordered_workqueue'
524 | alloc_workqueue(fmt, WQ_UNBOUND | __WQ_ORDERED | (flags), 1, ##args)
| ^~~
.../bond_main.c:6384:37: note: treat the string as an argument to avoid this
6384 | bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
| ^
| "%s",
..../workqueue.h:524:18: note: expanded from macro 'alloc_ordered_workqueue'
524 | alloc_workqueue(fmt, WQ_UNBOUND | __WQ_ORDERED | (flags), 1, ##args)
| ^
Perhaps it is always the case where the contents of bond_dev->name is
safe to pass as the format argument. That is, in my understanding, it
never contains any format escape sequences.
But, it seems better to be safe than sorry. And, as a bonus, compiler
output becomes less verbose by addressing this issue as suggested by
clang-18.
Signed-off-by: Simon Horman <horms@kernel.org>
---
drivers/net/bonding/bond_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 1cd92c12e782..f9633a6f8571 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -6338,7 +6338,8 @@ static int bond_init(struct net_device *bond_dev)
netdev_dbg(bond_dev, "Begin bond_init\n");
- bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
+ bond->wq = alloc_ordered_workqueue("%s", WQ_MEM_RECLAIM,
+ bond_dev->name);
if (!bond->wq)
return -ENOMEM;
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH net-next] bonding: Pass string literal as format argument of alloc_ordered_workqueue()
2024-08-06 9:56 [PATCH net-next] bonding: Pass string literal as format argument of alloc_ordered_workqueue() Simon Horman
@ 2024-08-06 22:43 ` Jay Vosburgh
2024-08-08 3:30 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Jay Vosburgh @ 2024-08-06 22:43 UTC (permalink / raw)
To: Simon Horman
Cc: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Andy Gospodarek, Nathan Chancellor, Nick Desaulniers,
Bill Wendling, Justin Stitt, netdev, llvm
Simon Horman <horms@kernel.org> wrote:
>Recently I noticed that both gcc-14 and clang-18 report that passing
>a non-string literal as the format argument of alloc_ordered_workqueue
>is potentially insecure.
>
>F.e. clang-18 says:
>
>.../bond_main.c:6384:37: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> 6384 | bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
> | ^~~~~~~~~~~~~~
>.../workqueue.h:524:18: note: expanded from macro 'alloc_ordered_workqueue'
> 524 | alloc_workqueue(fmt, WQ_UNBOUND | __WQ_ORDERED | (flags), 1, ##args)
> | ^~~
>.../bond_main.c:6384:37: note: treat the string as an argument to avoid this
> 6384 | bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
> | ^
> | "%s",
>..../workqueue.h:524:18: note: expanded from macro 'alloc_ordered_workqueue'
> 524 | alloc_workqueue(fmt, WQ_UNBOUND | __WQ_ORDERED | (flags), 1, ##args)
> | ^
>
>Perhaps it is always the case where the contents of bond_dev->name is
>safe to pass as the format argument. That is, in my understanding, it
>never contains any format escape sequences.
>
>But, it seems better to be safe than sorry. And, as a bonus, compiler
>output becomes less verbose by addressing this issue as suggested by
>clang-18.
>
>Signed-off-by: Simon Horman <horms@kernel.org>
Acked-by: Jay Vosburgh <jv@jvosburgh.net>
>---
> drivers/net/bonding/bond_main.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
>index 1cd92c12e782..f9633a6f8571 100644
>--- a/drivers/net/bonding/bond_main.c
>+++ b/drivers/net/bonding/bond_main.c
>@@ -6338,7 +6338,8 @@ static int bond_init(struct net_device *bond_dev)
>
> netdev_dbg(bond_dev, "Begin bond_init\n");
>
>- bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
>+ bond->wq = alloc_ordered_workqueue("%s", WQ_MEM_RECLAIM,
>+ bond_dev->name);
> if (!bond->wq)
> return -ENOMEM;
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net-next] bonding: Pass string literal as format argument of alloc_ordered_workqueue()
2024-08-06 9:56 [PATCH net-next] bonding: Pass string literal as format argument of alloc_ordered_workqueue() Simon Horman
2024-08-06 22:43 ` Jay Vosburgh
@ 2024-08-08 3:30 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-08-08 3:30 UTC (permalink / raw)
To: Simon Horman
Cc: davem, edumazet, kuba, pabeni, jv, andy, nathan, ndesaulniers,
morbo, justinstitt, netdev, llvm
Hello:
This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Tue, 06 Aug 2024 10:56:52 +0100 you wrote:
> Recently I noticed that both gcc-14 and clang-18 report that passing
> a non-string literal as the format argument of alloc_ordered_workqueue
> is potentially insecure.
>
> F.e. clang-18 says:
>
> .../bond_main.c:6384:37: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> 6384 | bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
> | ^~~~~~~~~~~~~~
> .../workqueue.h:524:18: note: expanded from macro 'alloc_ordered_workqueue'
> 524 | alloc_workqueue(fmt, WQ_UNBOUND | __WQ_ORDERED | (flags), 1, ##args)
> | ^~~
> .../bond_main.c:6384:37: note: treat the string as an argument to avoid this
> 6384 | bond->wq = alloc_ordered_workqueue(bond_dev->name, WQ_MEM_RECLAIM);
> | ^
> | "%s",
> ..../workqueue.h:524:18: note: expanded from macro 'alloc_ordered_workqueue'
> 524 | alloc_workqueue(fmt, WQ_UNBOUND | __WQ_ORDERED | (flags), 1, ##args)
> | ^
>
> [...]
Here is the summary with links:
- [net-next] bonding: Pass string literal as format argument of alloc_ordered_workqueue()
https://git.kernel.org/netdev/net-next/c/93b828cc8e2a
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-08-08 3:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-06 9:56 [PATCH net-next] bonding: Pass string literal as format argument of alloc_ordered_workqueue() Simon Horman
2024-08-06 22:43 ` Jay Vosburgh
2024-08-08 3:30 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).