lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <BL0PR11MB31222860B8222722D15AA251BDD3A@BL0PR11MB3122.namprd11.prod.outlook.com>
Date: Thu, 12 Oct 2023 10:13:08 +0000
From: "Pucha, HimasekharX Reddy" <himasekharx.reddy.pucha@...el.com>
To: "Brandeburg, Jesse" <jesse.brandeburg@...el.com>,
	"intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "Lobakin, Aleksander"
	<aleksander.lobakin@...el.com>, Christophe JAILLET
	<christophe.jaillet@...adoo.fr>, "Brandeburg, Jesse"
	<jesse.brandeburg@...el.com>, "Kitszel, Przemyslaw"
	<przemyslaw.kitszel@...el.com>
Subject: RE: [Intel-wired-lan] [PATCH iwl-next v1 2/2] intel: fix format
 warnings

> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf Of Jesse Brandeburg
> Sent: Wednesday, October 4, 2023 12:06 AM
> To: intel-wired-lan@...ts.osuosl.org
> Cc: netdev@...r.kernel.org; Lobakin, Aleksander <aleksander.lobakin@...el.com>; Christophe JAILLET <christophe.jaillet@...adoo.fr>; Brandeburg, Jesse <jesse.brandeburg@...el.com>; Kitszel, Przemyslaw <przemyslaw.kitszel@...el.com>
> Subject: [Intel-wired-lan] [PATCH iwl-next v1 2/2] intel: fix format warnings
>
> Get ahead of the game and fix all the -Wformat=2 noted warnings in the
> intel drivers directory.
>
> There are one set of i40e and iavf warnings I couldn't figure out how to
> fix because the driver is already using vsnprintf without an explicit
> "const char *" format string.
>
> Tested with both gcc-12 and clang-15. I found gcc-12 runs clean after
> this series but clang-15 is a little worried about the vsnprintf lines.
>
> summary of warnings:
> 
> drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c:148:34: warning: format string is not a string literal [-Wformat-nonliteral]
> drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c:1416:24: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c:1416:24: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c:1421:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c:1421:6: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/igc/igc_ethtool.c:776:24: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/igc/igc_ethtool.c:776:24: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/igc/igc_ethtool.c:779:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/igc/igc_ethtool.c:779:6: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/iavf/iavf_ethtool.c:199:34: warning: format string is not a string literal [-Wformat-nonliteral]
> drivers/net/ethernet/intel/igb/igb_ethtool.c:2360:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/igb/igb_ethtool.c:2360:6: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/igb/igb_ethtool.c:2363:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/igb/igb_ethtool.c:2363:6: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:208:34: warning: format string is not a string literal [-Wformat-nonliteral]
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:2515:23: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:2515:23: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:2519:23: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:2519:23: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1064:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1064:6: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1084:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1084:6: note: treat the string as an argument to avoid this
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1100:24: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1100:24: note: treat the string as an argument to avoid this
>
> Suggested-by: Alexander Lobakin <aleksander.lobakin@...el.com>
> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@...el.com>
> Signed-off-by: Jesse Brandeburg <jesse.brandeburg@...el.com>
> ---
> clang-15 warnings before the patch:
>
> drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c:148:34: warning: format string is not a string literal [-Wformat-nonliteral]
>                vsnprintf(*p, ETH_GSTRING_LEN, stats[i].stat_string, args);
>                                               ^~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c:1416:24: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                         ethtool_sprintf(&p, ixgbe_gstrings_test[i]);
>                                             ^~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c:1416:24: note: treat the string as an argument to avoid this
>                         ethtool_sprintf(&p, ixgbe_gstrings_test[i]);
>                                             ^
>                                            "%s",
> drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c:1421:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                                         ixgbe_gstrings_stats[i].stat_string);
>                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c:1421:6: note: treat the string as an argument to avoid this
>                                         ixgbe_gstrings_stats[i].stat_string);
>                                         ^
>                                         "%s",
> drivers/net/ethernet/intel/igc/igc_ethtool.c:776:24: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                         ethtool_sprintf(&p, igc_gstrings_stats[i].stat_string);
>                                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/igc/igc_ethtool.c:776:24: note: treat the string as an argument to avoid this
>                         ethtool_sprintf(&p, igc_gstrings_stats[i].stat_string);
>                                            ^
>                                            "%s",
> drivers/net/ethernet/intel/igc/igc_ethtool.c:779:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                                         igc_gstrings_net_stats[i].stat_string);
>                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/igc/igc_ethtool.c:779:6: note: treat the string as an argument to avoid this
>                                         igc_gstrings_net_stats[i].stat_string);
>                                       ^
>                                        "%s",
> drivers/net/ethernet/intel/iavf/iavf_ethtool.c:199:34: warning: format string is not a string literal [-Wformat-nonliteral]
>                vsnprintf(*p, ETH_GSTRING_LEN, stats[i].stat_string, args);
>                                               ^~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/igb/igb_ethtool.c:2360:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                                         igb_gstrings_stats[i].stat_string);
>                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/igb/igb_ethtool.c:2360:6: note: treat the string as an argument to avoid this
>                                         igb_gstrings_stats[i].stat_string);
>                                         ^
>                                         "%s",
> drivers/net/ethernet/intel/igb/igb_ethtool.c:2363:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                                         igb_gstrings_net_stats[i].stat_string);
>                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/igb/igb_ethtool.c:2363:6: note: treat the string as an argument to avoid this
>                                         igb_gstrings_net_stats[i].stat_string);
>                                         ^
>                                         "%s",
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:208:34: warning: format string is not a string literal [-Wformat-nonliteral]
>                 vsnprintf(*p, ETH_GSTRING_LEN, stats[i].stat_string, args);
>                                                ^~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:2515:23: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                 ethtool_sprintf(&p, i40e_gstrings_priv_flags[i].flag_string);
>                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:2515:23: note: treat the string as an argument to avoid this
>                 ethtool_sprintf(&p, i40e_gstrings_priv_flags[i].flag_string);
>                                   ^
>                                    "%s",
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:2519:23: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                 ethtool_sprintf(&p, i40e_gl_gstrings_priv_flags[i].flag_string);
>                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/i40e/i40e_ethtool.c:2519:23: note: treat the string as an argument to avoid this
>                 ethtool_sprintf(&p, i40e_gl_gstrings_priv_flags[i].flag_string);
>                                     ^
>                                     "%s",
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1064:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                                         ice_gstrings_vsi_stats[i].stat_string);
>                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1064:6: note: treat the string as an argument to avoid this
>                                         ice_gstrings_vsi_stats[i].stat_string);
>                                        ^
>                                        "%s",
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1084:6: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                                         ice_gstrings_pf_stats[i].stat_string);
>                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1084:6: note: treat the string as an argument to avoid this
>                                         ice_gstrings_pf_stats[i].stat_string);
>                                         ^
>                                        "%s",
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1100:24: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
>                         ethtool_sprintf(&p, ice_gstrings_priv_flags[i].name);
>                                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/intel/ice/ice_ethtool.c:1100:24: note: treat the string as an argument to avoid this
>                         ethtool_sprintf(&p, ice_gstrings_priv_flags[i].name);
>                                           ^
>                                            "%s",
> ---
>  drivers/net/ethernet/intel/i40e/i40e_ethtool.c   | 6 ++++--
>  drivers/net/ethernet/intel/iavf/iavf_ethtool.c   | 8 +++-----
>  drivers/net/ethernet/intel/ice/ice_ethtool.c     | 7 ++++---
> drivers/net/ethernet/intel/igb/igb_ethtool.c     | 4 ++--
>  drivers/net/ethernet/intel/igc/igc_ethtool.c     | 5 +++--
>  drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 4 ++--
>  6 files changed, 18 insertions(+), 16 deletions(-)
>

Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@...el.com> (A Contingent worker at Intel)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ