On 23/03/2021 13.56, Arnd Bergmann wrote: > From: Arnd Bergmann <a...@arndb.de> > > With extra warnings enabled, gcc complains that snprintf should not > take the same buffer as source and destination: > > drivers/net/ethernet/huawei/hinic/hinic_ethtool.c: In function > 'hinic_set_settings_to_hw': > drivers/net/ethernet/huawei/hinic/hinic_ethtool.c:480:9: error: 'snprintf' > argument 4 overlaps destination object 'set_link_str' [-Werror=restrict] > 480 | err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN, > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 481 | "%sspeed %d ", set_link_str, speed); > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > drivers/net/ethernet/huawei/hinic/hinic_ethtool.c:464:7: note: destination > object referenced by 'restrict'-qualified argument 1 was declared here > 464 | char set_link_str[SET_LINK_STR_MAX_LEN] = {0}; > > Rewrite this to remember the offset of the previous printf output > instead. > > Signed-off-by: Arnd Bergmann <a...@arndb.de> > --- > drivers/net/ethernet/huawei/hinic/hinic_ethtool.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c > b/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c > index c340d9acba80..74aefc8fc4d8 100644 > --- a/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c > +++ b/drivers/net/ethernet/huawei/hinic/hinic_ethtool.c > @@ -464,7 +464,7 @@ static int hinic_set_settings_to_hw(struct hinic_dev > *nic_dev, > char set_link_str[SET_LINK_STR_MAX_LEN] = {0}; > struct net_device *netdev = nic_dev->netdev; > enum nic_speed_level speed_level = 0; > - int err; > + int err, off; > > err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN, "%s", > (set_settings & HILINK_LINK_SET_AUTONEG) ? > @@ -475,10 +475,11 @@ static int hinic_set_settings_to_hw(struct hinic_dev > *nic_dev, > return -EFAULT; > } > > + off = err; > if (set_settings & HILINK_LINK_SET_SPEED) { > speed_level = hinic_ethtool_to_hw_speed_level(speed); > - err = snprintf(set_link_str, SET_LINK_STR_MAX_LEN, > - "%sspeed %d ", set_link_str, speed); > + err = snprintf(set_link_str + off, SET_LINK_STR_MAX_LEN - off, > + "speed %d ", speed); > if (err <= 0 || err >= SET_LINK_STR_MAX_LEN) {
This is broken, the second snprintf has no longer overflown if "err >= SET_LINK_STR_MAX_LEN", but if "err >= SET_LINK_STR_MAX_LEN - off". (The existing err <= 0 check is also bogus, but that's a different story). But, I think these conversions where you use snprintf are all broken, it's only a matter of time before gcc or another static analyzer also learns a "Wusing-return-value-from-snprintf-as-index-to-output-buffer-is-fragile-because,you-know,snprintf-semantics..." and then we'd have to revisit all these. You should in general, when building a string by repeatedly printf'ing to a local buffer, use the "len += scnprintf()" pattern. That doesn't easily provide a "have we overflown at some point" so is not directly applicable here, but all the more reason to start making use of seq_buf to wrap a local char buffer in a nice abstraction that lets you seq_buf_printf() and ask seq_buf_has_overflowed(). Rasmus