| Message ID | 20231204140743.1487843-1-stefanha@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | virtio_blk: fix snprintf truncation compiler warning | expand |
On 12/4/2023 6:07 AM, Stefan Hajnoczi wrote: > Commit 4e0400525691 ("virtio-blk: support polling I/O") triggers the > following gcc 13 W=1 warnings: > > drivers/block/virtio_blk.c: In function ‘init_vq’: > drivers/block/virtio_blk.c:1077:68: warning: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 7 [-Wformat-truncation=] > 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > | ^~ > drivers/block/virtio_blk.c:1077:58: note: directive argument in the range [-2147483648, 65534] > 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > | ^~~~~~~~~~~~~ > drivers/block/virtio_blk.c:1077:17: note: ‘snprintf’ output between 11 and 21 bytes into a destination of size 16 > 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > This is a false positive because the lower bound -2147483648 is > incorrect. The true range of i is [0, num_vqs - 1] where 0 < num_vqs < > 65536. > > The code mixes int, unsigned short, and unsigned int types in addition > to using "%d" for an unsigned value. Use unsigned short and "%u" > consistently to solve the compiler warning. > > Cc: Suwan Kim <suwan.kim027@gmail.com> > Reported-by: kernel test robot <lkp@intel.com> > Closes: https://lore.kernel.org/oe-kbuild-all/202312041509.DIyvEt9h-lkp@intel.com/ > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- Looks good. Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> -ck
From: Stefan Hajnoczi > Sent: 04 December 2023 14:08 > > Commit 4e0400525691 ("virtio-blk: support polling I/O") triggers the > following gcc 13 W=1 warnings: > > drivers/block/virtio_blk.c: In function ‘init_vq’: > drivers/block/virtio_blk.c:1077:68: warning: ‘%d’ directive output may be truncated writing between 1 > and 11 bytes into a region of size 7 [-Wformat-truncation=] > 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > | ^~ > drivers/block/virtio_blk.c:1077:58: note: directive argument in the range [-2147483648, 65534] > 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > | ^~~~~~~~~~~~~ > drivers/block/virtio_blk.c:1077:17: note: ‘snprintf’ output between 11 and 21 bytes into a destination > of size 16 > 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > This is a false positive because the lower bound -2147483648 is > incorrect. The true range of i is [0, num_vqs - 1] where 0 < num_vqs < > 65536. > > The code mixes int, unsigned short, and unsigned int types in addition > to using "%d" for an unsigned value. Use unsigned short and "%u" > consistently to solve the compiler warning. > > Cc: Suwan Kim <suwan.kim027@gmail.com> > Reported-by: kernel test robot <lkp@intel.com> > Closes: https://lore.kernel.org/oe-kbuild-all/202312041509.DIyvEt9h-lkp@intel.com/ > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > drivers/block/virtio_blk.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c > index d53d6aa8ee69..47556d8ccc32 100644 > --- a/drivers/block/virtio_blk.c > +++ b/drivers/block/virtio_blk.c > @@ -1019,12 +1019,12 @@ static void virtblk_config_changed(struct virtio_device *vdev) > static int init_vq(struct virtio_blk *vblk) > { > int err; > - int i; > + unsigned short i; > vq_callback_t **callbacks; > const char **names; > struct virtqueue **vqs; > unsigned short num_vqs; > - unsigned int num_poll_vqs; > + unsigned short num_poll_vqs; > struct virtio_device *vdev = vblk->vdev; > struct irq_affinity desc = { 0, }; > > @@ -1068,13 +1068,13 @@ static int init_vq(struct virtio_blk *vblk) > > for (i = 0; i < num_vqs - num_poll_vqs; i++) { Ugg doing arithmetic on char/short is likely to generate horrid code (especially on non-x86). Hint, there will be explicit masking and/or sign/zero extension. Even the array index might add extra code (although there'll be an explicit sign extend to 64bit with the current code). There really ought to be a better way to make gcc STFU. In this case 'unsigned int i' might be enough since gcc seems to have a small enough upper bound. David > callbacks[i] = virtblk_done; > - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i); > + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%u", i); > names[i] = vblk->vqs[i].name; > } > > for (; i < num_vqs; i++) { > callbacks[i] = NULL; > - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%u", i); > names[i] = vblk->vqs[i].name; > } > > -- > 2.43.0 - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
On Tue, 5 Dec 2023 at 08:54, David Laight <David.Laight@aculab.com> wrote: > > From: Stefan Hajnoczi > > Sent: 04 December 2023 14:08 > > > > Commit 4e0400525691 ("virtio-blk: support polling I/O") triggers the > > following gcc 13 W=1 warnings: > > > > drivers/block/virtio_blk.c: In function ‘init_vq’: > > drivers/block/virtio_blk.c:1077:68: warning: ‘%d’ directive output may be truncated writing between 1 > > and 11 bytes into a region of size 7 [-Wformat-truncation=] > > 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > > | ^~ > > drivers/block/virtio_blk.c:1077:58: note: directive argument in the range [-2147483648, 65534] > > 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > > | ^~~~~~~~~~~~~ > > drivers/block/virtio_blk.c:1077:17: note: ‘snprintf’ output between 11 and 21 bytes into a destination > > of size 16 > > 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > This is a false positive because the lower bound -2147483648 is > > incorrect. The true range of i is [0, num_vqs - 1] where 0 < num_vqs < > > 65536. > > > > The code mixes int, unsigned short, and unsigned int types in addition > > to using "%d" for an unsigned value. Use unsigned short and "%u" > > consistently to solve the compiler warning. > > > > Cc: Suwan Kim <suwan.kim027@gmail.com> > > Reported-by: kernel test robot <lkp@intel.com> > > Closes: https://lore.kernel.org/oe-kbuild-all/202312041509.DIyvEt9h-lkp@intel.com/ > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > > --- > > drivers/block/virtio_blk.c | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c > > index d53d6aa8ee69..47556d8ccc32 100644 > > --- a/drivers/block/virtio_blk.c > > +++ b/drivers/block/virtio_blk.c > > @@ -1019,12 +1019,12 @@ static void virtblk_config_changed(struct virtio_device *vdev) > > static int init_vq(struct virtio_blk *vblk) > > { > > int err; > > - int i; > > + unsigned short i; > > vq_callback_t **callbacks; > > const char **names; > > struct virtqueue **vqs; > > unsigned short num_vqs; > > - unsigned int num_poll_vqs; > > + unsigned short num_poll_vqs; > > struct virtio_device *vdev = vblk->vdev; > > struct irq_affinity desc = { 0, }; > > > > @@ -1068,13 +1068,13 @@ static int init_vq(struct virtio_blk *vblk) > > > > for (i = 0; i < num_vqs - num_poll_vqs; i++) { > > Ugg doing arithmetic on char/short is likely to generate horrid > code (especially on non-x86). > Hint, there will be explicit masking and/or sign/zero extension. > > Even the array index might add extra code (although there'll be > an explicit sign extend to 64bit with the current code). > > There really ought to be a better way to make gcc STFU. > > In this case 'unsigned int i' might be enough since gcc seems > to have a small enough upper bound. Sounds good, I'll send a v2 that uses unsigned int. The core virtio code uses unsigned int for virtqueue indices too. Stefan > > David > > > > callbacks[i] = virtblk_done; > > - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i); > > + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%u", i); > > names[i] = vblk->vqs[i].name; > > } > > > > for (; i < num_vqs; i++) { > > callbacks[i] = NULL; > > - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); > > + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%u", i); > > names[i] = vblk->vqs[i].name; > > } > > > > -- > > 2.43.0 > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK > Registration No: 1397386 (Wales)
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index d53d6aa8ee69..47556d8ccc32 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -1019,12 +1019,12 @@ static void virtblk_config_changed(struct virtio_device *vdev) static int init_vq(struct virtio_blk *vblk) { int err; - int i; + unsigned short i; vq_callback_t **callbacks; const char **names; struct virtqueue **vqs; unsigned short num_vqs; - unsigned int num_poll_vqs; + unsigned short num_poll_vqs; struct virtio_device *vdev = vblk->vdev; struct irq_affinity desc = { 0, }; @@ -1068,13 +1068,13 @@ static int init_vq(struct virtio_blk *vblk) for (i = 0; i < num_vqs - num_poll_vqs; i++) { callbacks[i] = virtblk_done; - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i); + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%u", i); names[i] = vblk->vqs[i].name; } for (; i < num_vqs; i++) { callbacks[i] = NULL; - snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); + snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%u", i); names[i] = vblk->vqs[i].name; }
Commit 4e0400525691 ("virtio-blk: support polling I/O") triggers the following gcc 13 W=1 warnings: drivers/block/virtio_blk.c: In function ‘init_vq’: drivers/block/virtio_blk.c:1077:68: warning: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 7 [-Wformat-truncation=] 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~ drivers/block/virtio_blk.c:1077:58: note: directive argument in the range [-2147483648, 65534] 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~~~~~~~~~~~~ drivers/block/virtio_blk.c:1077:17: note: ‘snprintf’ output between 11 and 21 bytes into a destination of size 16 1077 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a false positive because the lower bound -2147483648 is incorrect. The true range of i is [0, num_vqs - 1] where 0 < num_vqs < 65536. The code mixes int, unsigned short, and unsigned int types in addition to using "%d" for an unsigned value. Use unsigned short and "%u" consistently to solve the compiler warning. Cc: Suwan Kim <suwan.kim027@gmail.com> Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202312041509.DIyvEt9h-lkp@intel.com/ Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> --- drivers/block/virtio_blk.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)