[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACKFLinr9B6iPYhYbPi1uxGSgQ64YTg7zQZhGV6SdpzOkgMgug@mail.gmail.com>
Date: Tue, 13 Aug 2024 10:02:33 -0700
From: Michael Chan <michael.chan@...adcom.com>
To: Simon Horman <horms@...nel.org>
Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Pavan Chebbi <pavan.chebbi@...adcom.com>, Przemek Kitszel <przemyslaw.kitszel@...el.com>,
netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2 2/2] bnxt_en: avoid truncation of per rx run
debugfs filename
On Tue, Aug 13, 2024 at 7:33 AM Simon Horman <horms@...nel.org> wrote:
>
> Although it seems unlikely in practice - there would need to be
> rx ring indexes greater than 10^10 - it is theoretically possible
> for the filename of per rx ring debugfs files to be truncated.
>
> This is because although a 16 byte buffer is provided, the length
> of the filename is restricted to 10 bytes. Remove this restriction
> and allow the entire buffer to be used.
>
> Also reduce the buffer to 12 bytes, which is sufficient.
>
> Given that the range of rx ring indexes likely much smaller than the
> maximum range of a 32-bit signed integer, a smaller buffer could be
> used, with some further changes. But this change seems simple, robust,
> and has minimal stack overhead.
>
> Flagged by gcc-14:
>
> .../bnxt_debugfs.c: In function 'bnxt_debug_dev_init':
> drivers/net/ethernet/broadcom/bnxt/bnxt_debugfs.c:69:30: warning: '%d' directive output may be truncated writing between 1 and 11 bytes into a region of size 10 [-Wformat-truncation=]
> 69 | snprintf(qname, 10, "%d", ring_idx);
> | ^~
> In function 'debugfs_dim_ring_init',
> inlined from 'bnxt_debug_dev_init' at .../bnxt_debugfs.c:87:4:
> .../bnxt_debugfs.c:69:29: note: directive argument in the range [-2147483643, 2147483646]
> 69 | snprintf(qname, 10, "%d", ring_idx);
> | ^~~~
> .../bnxt_debugfs.c:69:9: note: 'snprintf' output between 2 and 12 bytes into a destination of size 10
> 69 | snprintf(qname, 10, "%d", ring_idx);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Compile tested only
>
> Signed-off-by: Simon Horman <horms@...nel.org>
Thanks.
Reviewed-by: Michael Chan <michael.chan@...adcom.com>
Download attachment "smime.p7s" of type "application/pkcs7-signature" (4209 bytes)
Powered by blists - more mailing lists