On 10/11/2024 3:57 AM, Simon Horman wrote:
Recently I noticed that both gcc-14 and clang-18 report that passing
a non-string literal as the format argument of alloc_workqueue()
is potentially insecure.
E.g. clang-18 says:
.../qaic_drv.c:61:23: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
61 | wq = alloc_workqueue(fmt, WQ_UNBOUND, 0);
| ^~~
.../qaic_drv.c:61:23: note: treat the string as an argument to avoid this
61 | wq = alloc_workqueue(fmt, WQ_UNBOUND, 0);
| ^
| "%s",
It is always the case where the contents of fmt is safe to pass as the
format argument. That is, in my understanding, it never contains any
format escape sequences.
But, it seems better to be safe than sorry. And, as a bonus, compiler
output becomes less verbose by addressing this issue as suggested by
clang-18.
Also, change the name of the parameter of qaicm_wq_init from
fmt to name to better reflect it's purpose.
Compile tested only.
I'm not sure why this looks like it is targeted for net-next. I'm not
seeing any dependencies on net code, nor is this a net driver. My
confusion makes me think I might be missing something.
I'll plan on independently taking this through DRM, unless something is
brought to my attention.
Regarding the patch itself, looks sane to me. I'll give it run through
on hardware soon.
-Jeff
