| Message ID | 20240110222210.193479-1-prabhakar.mahadev-lad.rj@bp.renesas.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 62b68a88795942512936896b9fec1ee7d5fa9922 |
| Headers | show |
| Series | dmaengine: usb-dmac: Avoid format-overflow warning | expand |
On Wed, Jan 10, 2024 at 10:22:10PM +0000, Prabhakar wrote: > From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> > > gcc points out that the fix-byte buffer might be too small: > drivers/dma/sh/usb-dmac.c: In function 'usb_dmac_probe': > drivers/dma/sh/usb-dmac.c:720:34: warning: '%u' directive writing between 1 and 10 bytes into a region of size 3 [-Wformat-overflow=] > 720 | sprintf(pdev_irqname, "ch%u", index); > | ^~ > In function 'usb_dmac_chan_probe', > inlined from 'usb_dmac_probe' at drivers/dma/sh/usb-dmac.c:814:9: > drivers/dma/sh/usb-dmac.c:720:31: note: directive argument in the range [0, 4294967294] > 720 | sprintf(pdev_irqname, "ch%u", index); > | ^~~~~~ > drivers/dma/sh/usb-dmac.c:720:9: note: 'sprintf' output between 4 and 13 bytes into a destination of size 5 > 720 | sprintf(pdev_irqname, "ch%u", index); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Maximum number of channels for USB-DMAC as per the driver is 1-99 so use > u8 instead of unsigned int/int for DMAC channel indexing and make the > pdev_irqname string long enough to avoid the warning. > > While at it use scnprintf() instead of sprintf() to make the code more > robust. > > Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> This looks like good fixes; thanks! I see n_channels is sanity checked during the probe in usb_dmac_chan_probe(), so this looks good. (Is there a reason not to also change n_channels to a u8?) -Kees > --- > drivers/dma/sh/usb-dmac.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/drivers/dma/sh/usb-dmac.c b/drivers/dma/sh/usb-dmac.c > index a9b4302f6050..f7cd0cad056c 100644 > --- a/drivers/dma/sh/usb-dmac.c > +++ b/drivers/dma/sh/usb-dmac.c > @@ -706,10 +706,10 @@ static const struct dev_pm_ops usb_dmac_pm = { > > static int usb_dmac_chan_probe(struct usb_dmac *dmac, > struct usb_dmac_chan *uchan, > - unsigned int index) > + u8 index) > { > struct platform_device *pdev = to_platform_device(dmac->dev); > - char pdev_irqname[5]; > + char pdev_irqname[6]; > char *irqname; > int ret; > > @@ -717,7 +717,7 @@ static int usb_dmac_chan_probe(struct usb_dmac *dmac, > uchan->iomem = dmac->iomem + USB_DMAC_CHAN_OFFSET(index); > > /* Request the channel interrupt. */ > - sprintf(pdev_irqname, "ch%u", index); > + scnprintf(pdev_irqname, sizeof(pdev_irqname), "ch%u", index); > uchan->irq = platform_get_irq_byname(pdev, pdev_irqname); > if (uchan->irq < 0) > return -ENODEV; > @@ -768,8 +768,8 @@ static int usb_dmac_probe(struct platform_device *pdev) > const enum dma_slave_buswidth widths = USB_DMAC_SLAVE_BUSWIDTH; > struct dma_device *engine; > struct usb_dmac *dmac; > - unsigned int i; > int ret; > + u8 i; > > dmac = devm_kzalloc(&pdev->dev, sizeof(*dmac), GFP_KERNEL); > if (!dmac) > @@ -869,7 +869,7 @@ static void usb_dmac_chan_remove(struct usb_dmac *dmac, > static void usb_dmac_remove(struct platform_device *pdev) > { > struct usb_dmac *dmac = platform_get_drvdata(pdev); > - int i; > + u8 i; > for (i = 0; i < dmac->n_channels; ++i) > usb_dmac_chan_remove(dmac, &dmac->channels[i]); > -- > 2.34.1 >
Hi Kees, Thank you for the review. On Wed, Jan 10, 2024 at 10:41 PM Kees Cook <keescook@chromium.org> wrote: > > On Wed, Jan 10, 2024 at 10:22:10PM +0000, Prabhakar wrote: > > From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> > > > > gcc points out that the fix-byte buffer might be too small: > > drivers/dma/sh/usb-dmac.c: In function 'usb_dmac_probe': > > drivers/dma/sh/usb-dmac.c:720:34: warning: '%u' directive writing between 1 and 10 bytes into a region of size 3 [-Wformat-overflow=] > > 720 | sprintf(pdev_irqname, "ch%u", index); > > | ^~ > > In function 'usb_dmac_chan_probe', > > inlined from 'usb_dmac_probe' at drivers/dma/sh/usb-dmac.c:814:9: > > drivers/dma/sh/usb-dmac.c:720:31: note: directive argument in the range [0, 4294967294] > > 720 | sprintf(pdev_irqname, "ch%u", index); > > | ^~~~~~ > > drivers/dma/sh/usb-dmac.c:720:9: note: 'sprintf' output between 4 and 13 bytes into a destination of size 5 > > 720 | sprintf(pdev_irqname, "ch%u", index); > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > Maximum number of channels for USB-DMAC as per the driver is 1-99 so use > > u8 instead of unsigned int/int for DMAC channel indexing and make the > > pdev_irqname string long enough to avoid the warning. > > > > While at it use scnprintf() instead of sprintf() to make the code more > > robust. > > > > Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> > > This looks like good fixes; thanks! I see n_channels is sanity checked > during the probe in usb_dmac_chan_probe(), so this looks good. > > (Is there a reason not to also change n_channels to a u8?) > Good point, I oversighted it by just looking at the loop indices. I will send a v2 with that change. Cheers, Prabhakar > -Kees > > > --- > > drivers/dma/sh/usb-dmac.c | 10 +++++----- > > 1 file changed, 5 insertions(+), 5 deletions(-) > > > > diff --git a/drivers/dma/sh/usb-dmac.c b/drivers/dma/sh/usb-dmac.c > > index a9b4302f6050..f7cd0cad056c 100644 > > --- a/drivers/dma/sh/usb-dmac.c > > +++ b/drivers/dma/sh/usb-dmac.c > > @@ -706,10 +706,10 @@ static const struct dev_pm_ops usb_dmac_pm = { > > > > static int usb_dmac_chan_probe(struct usb_dmac *dmac, > > struct usb_dmac_chan *uchan, > > - unsigned int index) > > + u8 index) > > { > > struct platform_device *pdev = to_platform_device(dmac->dev); > > - char pdev_irqname[5]; > > + char pdev_irqname[6]; > > char *irqname; > > int ret; > > > > @@ -717,7 +717,7 @@ static int usb_dmac_chan_probe(struct usb_dmac *dmac, > > uchan->iomem = dmac->iomem + USB_DMAC_CHAN_OFFSET(index); > > > > /* Request the channel interrupt. */ > > - sprintf(pdev_irqname, "ch%u", index); > > + scnprintf(pdev_irqname, sizeof(pdev_irqname), "ch%u", index); > > uchan->irq = platform_get_irq_byname(pdev, pdev_irqname); > > if (uchan->irq < 0) > > return -ENODEV; > > @@ -768,8 +768,8 @@ static int usb_dmac_probe(struct platform_device *pdev) > > const enum dma_slave_buswidth widths = USB_DMAC_SLAVE_BUSWIDTH; > > struct dma_device *engine; > > struct usb_dmac *dmac; > > - unsigned int i; > > int ret; > > + u8 i; > > > > dmac = devm_kzalloc(&pdev->dev, sizeof(*dmac), GFP_KERNEL); > > if (!dmac) > > @@ -869,7 +869,7 @@ static void usb_dmac_chan_remove(struct usb_dmac *dmac, > > static void usb_dmac_remove(struct platform_device *pdev) > > { > > struct usb_dmac *dmac = platform_get_drvdata(pdev); > > - int i; > > + u8 i; > > for (i = 0; i < dmac->n_channels; ++i) > > usb_dmac_chan_remove(dmac, &dmac->channels[i]); > > -- > > 2.34.1 > > > > -- > Kees Cook
On Wed, Jan 10, 2024 at 10:46:02PM +0000, Lad, Prabhakar wrote: > Hi Kees, > > Thank you for the review. > > On Wed, Jan 10, 2024 at 10:41 PM Kees Cook <keescook@chromium.org> wrote: > > > > On Wed, Jan 10, 2024 at 10:22:10PM +0000, Prabhakar wrote: > > > From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> > > > > > > gcc points out that the fix-byte buffer might be too small: > > > drivers/dma/sh/usb-dmac.c: In function 'usb_dmac_probe': > > > drivers/dma/sh/usb-dmac.c:720:34: warning: '%u' directive writing between 1 and 10 bytes into a region of size 3 [-Wformat-overflow=] > > > 720 | sprintf(pdev_irqname, "ch%u", index); > > > | ^~ > > > In function 'usb_dmac_chan_probe', > > > inlined from 'usb_dmac_probe' at drivers/dma/sh/usb-dmac.c:814:9: > > > drivers/dma/sh/usb-dmac.c:720:31: note: directive argument in the range [0, 4294967294] > > > 720 | sprintf(pdev_irqname, "ch%u", index); > > > | ^~~~~~ > > > drivers/dma/sh/usb-dmac.c:720:9: note: 'sprintf' output between 4 and 13 bytes into a destination of size 5 > > > 720 | sprintf(pdev_irqname, "ch%u", index); > > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > > Maximum number of channels for USB-DMAC as per the driver is 1-99 so use > > > u8 instead of unsigned int/int for DMAC channel indexing and make the > > > pdev_irqname string long enough to avoid the warning. > > > > > > While at it use scnprintf() instead of sprintf() to make the code more > > > robust. > > > > > > Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> > > > > This looks like good fixes; thanks! I see n_channels is sanity checked > > during the probe in usb_dmac_chan_probe(), so this looks good. > > > > (Is there a reason not to also change n_channels to a u8?) > > > Good point, I oversighted it by just looking at the loop indices. I > will send a v2 with that change. I think you'll need a bounce variable in usb_dmac_chan_probe() since it looks like it's reading a 32-bit value from DT, but otherwise, it should be okay. -Kees
Hi Prabhakar, On Wed, Jan 10, 2024 at 11:23 PM Prabhakar <prabhakar.csengg@gmail.com> wrote: > From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> > > gcc points out that the fix-byte buffer might be too small: > drivers/dma/sh/usb-dmac.c: In function 'usb_dmac_probe': > drivers/dma/sh/usb-dmac.c:720:34: warning: '%u' directive writing between 1 and 10 bytes into a region of size 3 [-Wformat-overflow=] > 720 | sprintf(pdev_irqname, "ch%u", index); > | ^~ > In function 'usb_dmac_chan_probe', > inlined from 'usb_dmac_probe' at drivers/dma/sh/usb-dmac.c:814:9: > drivers/dma/sh/usb-dmac.c:720:31: note: directive argument in the range [0, 4294967294] > 720 | sprintf(pdev_irqname, "ch%u", index); > | ^~~~~~ > drivers/dma/sh/usb-dmac.c:720:9: note: 'sprintf' output between 4 and 13 bytes into a destination of size 5 > 720 | sprintf(pdev_irqname, "ch%u", index); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Maximum number of channels for USB-DMAC as per the driver is 1-99 so use > u8 instead of unsigned int/int for DMAC channel indexing and make the > pdev_irqname string long enough to avoid the warning. > > While at it use scnprintf() instead of sprintf() to make the code more > robust. > > Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> One nit below. > --- a/drivers/dma/sh/usb-dmac.c > +++ b/drivers/dma/sh/usb-dmac.c > @@ -768,8 +768,8 @@ static int usb_dmac_probe(struct platform_device *pdev) > const enum dma_slave_buswidth widths = USB_DMAC_SLAVE_BUSWIDTH; > struct dma_device *engine; > struct usb_dmac *dmac; > - unsigned int i; > int ret; > + u8 i; Personally, I'm not much a fan of making loop counters smaller than (unsigned) int. If you do go this way, there are more loops over all channels still using int. Gr{oetje,eeting}s, Geert
Hi Geert, Thank you for the review. On Thu, Jan 11, 2024 at 9:05 AM Geert Uytterhoeven <geert@linux-m68k.org> wrote: > > Hi Prabhakar, > > On Wed, Jan 10, 2024 at 11:23 PM Prabhakar <prabhakar.csengg@gmail.com> wrote: > > From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> > > > > gcc points out that the fix-byte buffer might be too small: > > drivers/dma/sh/usb-dmac.c: In function 'usb_dmac_probe': > > drivers/dma/sh/usb-dmac.c:720:34: warning: '%u' directive writing between 1 and 10 bytes into a region of size 3 [-Wformat-overflow=] > > 720 | sprintf(pdev_irqname, "ch%u", index); > > | ^~ > > In function 'usb_dmac_chan_probe', > > inlined from 'usb_dmac_probe' at drivers/dma/sh/usb-dmac.c:814:9: > > drivers/dma/sh/usb-dmac.c:720:31: note: directive argument in the range [0, 4294967294] > > 720 | sprintf(pdev_irqname, "ch%u", index); > > | ^~~~~~ > > drivers/dma/sh/usb-dmac.c:720:9: note: 'sprintf' output between 4 and 13 bytes into a destination of size 5 > > 720 | sprintf(pdev_irqname, "ch%u", index); > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > Maximum number of channels for USB-DMAC as per the driver is 1-99 so use > > u8 instead of unsigned int/int for DMAC channel indexing and make the > > pdev_irqname string long enough to avoid the warning. > > > > While at it use scnprintf() instead of sprintf() to make the code more > > robust. > > > > Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> > > Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> > > One nit below. > > > --- a/drivers/dma/sh/usb-dmac.c > > +++ b/drivers/dma/sh/usb-dmac.c > > > @@ -768,8 +768,8 @@ static int usb_dmac_probe(struct platform_device *pdev) > > const enum dma_slave_buswidth widths = USB_DMAC_SLAVE_BUSWIDTH; > > struct dma_device *engine; > > struct usb_dmac *dmac; > > - unsigned int i; > > int ret; > > + u8 i; > > Personally, I'm not much a fan of making loop counters smaller than > (unsigned) int. If you do go this way, there are more loops over all > channels still using int. > Agreed. So shall I drop Kees suggestion and leave the patch as is? Cheers, Prabhakar
On Wed, 10 Jan 2024 22:22:10 +0000, Prabhakar wrote: > gcc points out that the fix-byte buffer might be too small: > drivers/dma/sh/usb-dmac.c: In function 'usb_dmac_probe': > drivers/dma/sh/usb-dmac.c:720:34: warning: '%u' directive writing between 1 and 10 bytes into a region of size 3 [-Wformat-overflow=] > 720 | sprintf(pdev_irqname, "ch%u", index); > | ^~ > In function 'usb_dmac_chan_probe', > inlined from 'usb_dmac_probe' at drivers/dma/sh/usb-dmac.c:814:9: > drivers/dma/sh/usb-dmac.c:720:31: note: directive argument in the range [0, 4294967294] > 720 | sprintf(pdev_irqname, "ch%u", index); > | ^~~~~~ > drivers/dma/sh/usb-dmac.c:720:9: note: 'sprintf' output between 4 and 13 bytes into a destination of size 5 > 720 | sprintf(pdev_irqname, "ch%u", index); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > [...] Applied, thanks! [1/1] dmaengine: usb-dmac: Avoid format-overflow warning commit: 62b68a88795942512936896b9fec1ee7d5fa9922 Best regards,
diff --git a/drivers/dma/sh/usb-dmac.c b/drivers/dma/sh/usb-dmac.c index a9b4302f6050..f7cd0cad056c 100644 --- a/drivers/dma/sh/usb-dmac.c +++ b/drivers/dma/sh/usb-dmac.c @@ -706,10 +706,10 @@ static const struct dev_pm_ops usb_dmac_pm = { static int usb_dmac_chan_probe(struct usb_dmac *dmac, struct usb_dmac_chan *uchan, - unsigned int index) + u8 index) { struct platform_device *pdev = to_platform_device(dmac->dev); - char pdev_irqname[5]; + char pdev_irqname[6]; char *irqname; int ret; @@ -717,7 +717,7 @@ static int usb_dmac_chan_probe(struct usb_dmac *dmac, uchan->iomem = dmac->iomem + USB_DMAC_CHAN_OFFSET(index); /* Request the channel interrupt. */ - sprintf(pdev_irqname, "ch%u", index); + scnprintf(pdev_irqname, sizeof(pdev_irqname), "ch%u", index); uchan->irq = platform_get_irq_byname(pdev, pdev_irqname); if (uchan->irq < 0) return -ENODEV; @@ -768,8 +768,8 @@ static int usb_dmac_probe(struct platform_device *pdev) const enum dma_slave_buswidth widths = USB_DMAC_SLAVE_BUSWIDTH; struct dma_device *engine; struct usb_dmac *dmac; - unsigned int i; int ret; + u8 i; dmac = devm_kzalloc(&pdev->dev, sizeof(*dmac), GFP_KERNEL); if (!dmac) @@ -869,7 +869,7 @@ static void usb_dmac_chan_remove(struct usb_dmac *dmac, static void usb_dmac_remove(struct platform_device *pdev) { struct usb_dmac *dmac = platform_get_drvdata(pdev); - int i; + u8 i; for (i = 0; i < dmac->n_channels; ++i) usb_dmac_chan_remove(dmac, &dmac->channels[i]);