linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] [v2] hinic: avoid gcc -Wrestrict warning
@ 2021-03-24 13:07 Arnd Bergmann
  2021-03-24 13:29 ` Rasmus Villemoes
  2021-03-25  1:10 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 4+ messages in thread
From: Arnd Bergmann @ 2021-03-24 13:07 UTC (permalink / raw)
  To: Bin Luo, David S. Miller, Jakub Kicinski
  Cc: Arnd Bergmann, Rasmus Villemoes, netdev, linux-kernel

From: Arnd Bergmann <arnd@arndb.de>

With extra warnings enabled, gcc complains that snprintf should not
take the same buffer as source and destination:

drivers/net/ethernet/huawei/hinic/hinic_ethtool.c: In function 'hinic_set_settings_to_hw':
drivers/net/ethernet/huawei/hinic/hinic_ethtool.c:480:9: error: 'snprintf' argument 4 overlaps destination object 'set_link_str' [-Werror=restrict]
  480 |   err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN,
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  481 |           "%sspeed %d ", set_link_str, speed);
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/huawei/hinic/hinic_ethtool.c:464:7: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
  464 |  char set_link_str[SET_LINK_STR_MAX_LEN] = {0};

Rewrite this to avoid the nested sprintf and instead use separate
buffers, which is simpler.

Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
v2: rework according to feedback from Rasmus. This one could
    easily avoid most of the pitfalls
---
 .../net/ethernet/huawei/hinic/hinic_ethtool.c | 25 ++++++++-----------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c b/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c
index c340d9acba80..d7e20dab6e48 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c
@@ -34,7 +34,7 @@
 #include "hinic_rx.h"
 #include "hinic_dev.h"
 
-#define SET_LINK_STR_MAX_LEN	128
+#define SET_LINK_STR_MAX_LEN	16
 
 #define GET_SUPPORTED_MODE	0
 #define GET_ADVERTISED_MODE	1
@@ -462,24 +462,19 @@ static int hinic_set_settings_to_hw(struct hinic_dev *nic_dev,
 {
 	struct hinic_link_ksettings_info settings = {0};
 	char set_link_str[SET_LINK_STR_MAX_LEN] = {0};
+	const char *autoneg_str;
 	struct net_device *netdev = nic_dev->netdev;
 	enum nic_speed_level speed_level = 0;
 	int err;
 
-	err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN, "%s",
-		       (set_settings & HILINK_LINK_SET_AUTONEG) ?
-		       (autoneg ? "autong enable " : "autong disable ") : "");
-	if (err < 0 || err >= SET_LINK_STR_MAX_LEN) {
-		netif_err(nic_dev, drv, netdev, "Failed to snprintf link state, function return(%d) and dest_len(%d)\n",
-			  err, SET_LINK_STR_MAX_LEN);
-		return -EFAULT;
-	}
+	autoneg_str = (set_settings & HILINK_LINK_SET_AUTONEG) ?
+		      (autoneg ? "autong enable " : "autong disable ") : "";
 
 	if (set_settings & HILINK_LINK_SET_SPEED) {
 		speed_level = hinic_ethtool_to_hw_speed_level(speed);
 		err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN,
-			       "%sspeed %d ", set_link_str, speed);
-		if (err <= 0 || err >= SET_LINK_STR_MAX_LEN) {
+			       "speed %d ", speed);
+		if (err >= SET_LINK_STR_MAX_LEN) {
 			netif_err(nic_dev, drv, netdev, "Failed to snprintf link speed, function return(%d) and dest_len(%d)\n",
 				  err, SET_LINK_STR_MAX_LEN);
 			return -EFAULT;
@@ -494,11 +489,11 @@ static int hinic_set_settings_to_hw(struct hinic_dev *nic_dev,
 	err = hinic_set_link_settings(nic_dev->hwdev, &settings);
 	if (err != HINIC_MGMT_CMD_UNSUPPORTED) {
 		if (err)
-			netif_err(nic_dev, drv, netdev, "Set %s failed\n",
-				  set_link_str);
+			netif_err(nic_dev, drv, netdev, "Set %s%sfailed\n",
+				  autoneg_str, set_link_str);
 		else
-			netif_info(nic_dev, drv, netdev, "Set %s successfully\n",
-				   set_link_str);
+			netif_info(nic_dev, drv, netdev, "Set %s%ssuccessfully\n",
+				   autoneg_str, set_link_str);
 
 		return err;
 	}
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] [v2] hinic: avoid gcc -Wrestrict warning
  2021-03-24 13:07 [PATCH] [v2] hinic: avoid gcc -Wrestrict warning Arnd Bergmann
@ 2021-03-24 13:29 ` Rasmus Villemoes
  2021-03-24 14:25   ` Arnd Bergmann
  2021-03-25  1:10 ` patchwork-bot+netdevbpf
  1 sibling, 1 reply; 4+ messages in thread
From: Rasmus Villemoes @ 2021-03-24 13:29 UTC (permalink / raw)
  To: Arnd Bergmann, Bin Luo, David S. Miller, Jakub Kicinski
  Cc: Arnd Bergmann, Rasmus Villemoes, netdev, linux-kernel

On 24/03/2021 14.07, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
> 
> With extra warnings enabled, gcc complains that snprintf should not
> take the same buffer as source and destination:
> 
> drivers/net/ethernet/huawei/hinic/hinic_ethtool.c: In function 'hinic_set_settings_to_hw':
> drivers/net/ethernet/huawei/hinic/hinic_ethtool.c:480:9: error: 'snprintf' argument 4 overlaps destination object 'set_link_str' [-Werror=restrict]
>   480 |   err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN,
>       |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   481 |           "%sspeed %d ", set_link_str, speed);
>       |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/huawei/hinic/hinic_ethtool.c:464:7: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
>   464 |  char set_link_str[SET_LINK_STR_MAX_LEN] = {0};
> 
> Rewrite this to avoid the nested sprintf and instead use separate
> buffers, which is simpler.
> 

This looks much better. Thanks.

> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
> v2: rework according to feedback from Rasmus. This one could
>     easily avoid most of the pitfalls
> ---
>  .../net/ethernet/huawei/hinic/hinic_ethtool.c | 25 ++++++++-----------
>  1 file changed, 10 insertions(+), 15 deletions(-)
> 
> diff --git a/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c b/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c
> index c340d9acba80..d7e20dab6e48 100644
> --- a/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c
> +++ b/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c
> @@ -34,7 +34,7 @@
>  #include "hinic_rx.h"
>  #include "hinic_dev.h"
>  
> -#define SET_LINK_STR_MAX_LEN	128
> +#define SET_LINK_STR_MAX_LEN	16
>  
>  #define GET_SUPPORTED_MODE	0
>  #define GET_ADVERTISED_MODE	1
> @@ -462,24 +462,19 @@ static int hinic_set_settings_to_hw(struct hinic_dev *nic_dev,
>  {
>  	struct hinic_link_ksettings_info settings = {0};
>  	char set_link_str[SET_LINK_STR_MAX_LEN] = {0};
> +	const char *autoneg_str;
>  	struct net_device *netdev = nic_dev->netdev;
>  	enum nic_speed_level speed_level = 0;
>  	int err;
>  
> -	err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN, "%s",
> -		       (set_settings & HILINK_LINK_SET_AUTONEG) ?
> -		       (autoneg ? "autong enable " : "autong disable ") : "");
> -	if (err < 0 || err >= SET_LINK_STR_MAX_LEN) {
> -		netif_err(nic_dev, drv, netdev, "Failed to snprintf link state, function return(%d) and dest_len(%d)\n",
> -			  err, SET_LINK_STR_MAX_LEN);
> -		return -EFAULT;
> -	}
> +	autoneg_str = (set_settings & HILINK_LINK_SET_AUTONEG) ?
> +		      (autoneg ? "autong enable " : "autong disable ") : "";
>  
>  	if (set_settings & HILINK_LINK_SET_SPEED) {
>  		speed_level = hinic_ethtool_to_hw_speed_level(speed);
>  		err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN,
> -			       "%sspeed %d ", set_link_str, speed);
> -		if (err <= 0 || err >= SET_LINK_STR_MAX_LEN) {
> +			       "speed %d ", speed);
> +		if (err >= SET_LINK_STR_MAX_LEN) {
>  			netif_err(nic_dev, drv, netdev, "Failed to snprintf link speed, function return(%d) and dest_len(%d)\n",
>  				  err, SET_LINK_STR_MAX_LEN);
>  			return -EFAULT;

It's not your invention of course, but this both seems needlessly harsh
and EFAULT is a weird error to return. It's just a printk() message that
might be truncated, and now that the format string only has a %d
specifier, it can actually be verified statically that overflow will
never happen (though I don't know or think gcc can do that, perhaps
there's some locale nonsense in the standard that allows using
utf16-encoded sanskrit runes). So probably that test should just be
dropped, but that's a separate thing.

Reviewed-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] [v2] hinic: avoid gcc -Wrestrict warning
  2021-03-24 13:29 ` Rasmus Villemoes
@ 2021-03-24 14:25   ` Arnd Bergmann
  0 siblings, 0 replies; 4+ messages in thread
From: Arnd Bergmann @ 2021-03-24 14:25 UTC (permalink / raw)
  To: Rasmus Villemoes
  Cc: Bin Luo, David S. Miller, Jakub Kicinski, Networking,
	Linux Kernel Mailing List

On Wed, Mar 24, 2021 at 2:29 PM Rasmus Villemoes
<linux@rasmusvillemoes.dk> wrote:
> On 24/03/2021 14.07, Arnd Bergmann wrote:
 >
> >       if (set_settings & HILINK_LINK_SET_SPEED) {
> >               speed_level = hinic_ethtool_to_hw_speed_level(speed);
> >               err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN,
> > -                            "%sspeed %d ", set_link_str, speed);
> > -             if (err <= 0 || err >= SET_LINK_STR_MAX_LEN) {
> > +                            "speed %d ", speed);
> > +             if (err >= SET_LINK_STR_MAX_LEN) {
> >                       netif_err(nic_dev, drv, netdev, "Failed to snprintf link speed, function return(%d) and dest_len(%d)\n",
> >                                 err, SET_LINK_STR_MAX_LEN);
> >                       return -EFAULT;
>
> It's not your invention of course, but this both seems needlessly harsh
> and EFAULT is a weird error to return. It's just a printk() message that
> might be truncated, and now that the format string only has a %d
> specifier, it can actually be verified statically that overflow will
> never happen (though I don't know or think gcc can do that, perhaps
> there's some locale nonsense in the standard that allows using
> utf16-encoded sanskrit runes). So probably that test should just be
> dropped, but that's a separate thing.

I thought about fixing it, but this seemed to be a rabbit hole I didn't
want to get into, as there are other harmless issues in the driver
that could be improved.

I'm fairly sure gcc can indeed warn about the overflow with
-Wformat-truncation, but the warning is disabled at the moment
because it has a ton of false positives:

kernel/workqueue.c: In function 'create_worker':
kernel/workqueue.c:1933:55: error: '%d' directive output may be
truncated writing between 1 and 10 bytes into a region of size between
3 and 13 [-Werror=format-truncation=]
 1933 |                 snprintf(id_buf, sizeof(id_buf), "u%d:%d",
pool->id, id);

        Arnd

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] [v2] hinic: avoid gcc -Wrestrict warning
  2021-03-24 13:07 [PATCH] [v2] hinic: avoid gcc -Wrestrict warning Arnd Bergmann
  2021-03-24 13:29 ` Rasmus Villemoes
@ 2021-03-25  1:10 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-03-25  1:10 UTC (permalink / raw)
  To: Arnd Bergmann; +Cc: luobin9, davem, kuba, arnd, linux, netdev, linux-kernel

Hello:

This patch was applied to netdev/net-next.git (refs/heads/master):

On Wed, 24 Mar 2021 14:07:22 +0100 you wrote:
> From: Arnd Bergmann <arnd@arndb.de>
> 
> With extra warnings enabled, gcc complains that snprintf should not
> take the same buffer as source and destination:
> 
> drivers/net/ethernet/huawei/hinic/hinic_ethtool.c: In function 'hinic_set_settings_to_hw':
> drivers/net/ethernet/huawei/hinic/hinic_ethtool.c:480:9: error: 'snprintf' argument 4 overlaps destination object 'set_link_str' [-Werror=restrict]
>   480 |   err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN,
>       |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   481 |           "%sspeed %d ", set_link_str, speed);
>       |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/net/ethernet/huawei/hinic/hinic_ethtool.c:464:7: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
>   464 |  char set_link_str[SET_LINK_STR_MAX_LEN] = {0};
> 
> [...]

Here is the summary with links:
  - [v2] hinic: avoid gcc -Wrestrict warning
    https://git.kernel.org/netdev/net-next/c/84c7f6c33f42

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-25  1:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-24 13:07 [PATCH] [v2] hinic: avoid gcc -Wrestrict warning Arnd Bergmann
2021-03-24 13:29 ` Rasmus Villemoes
2021-03-24 14:25   ` Arnd Bergmann
2021-03-25  1:10 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).