This is a note to let you know that I've just added the patch titled leds: trigger: netdev: Move size check in set_device_name to the 6.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: leds-trigger-netdev-move-size-check-in-set_device_name.patch and it can be found in the queue-6.6 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 259e33cbb1712a7dd844fc9757661cc47cb0e39b Mon Sep 17 00:00:00 2001 From: Christian Marangi <ansuelsmth@xxxxxxxxx> Date: Sat, 7 Oct 2023 15:10:42 +0200 Subject: leds: trigger: netdev: Move size check in set_device_name From: Christian Marangi <ansuelsmth@xxxxxxxxx> commit 259e33cbb1712a7dd844fc9757661cc47cb0e39b upstream. GCC 13.2 complains about array subscript 17 is above array bounds of 'char[16]' with IFNAMSIZ set to 16. The warning is correct but this scenario is impossible. set_device_name is called by device_name_store (store sysfs entry) and netdev_trig_activate. device_name_store already check if size is >= of IFNAMSIZ and return -EINVAL. (making the warning scenario impossible) netdev_trig_activate works on already defined interface, where the name has already been checked and should already follow the condition of strlen() < IFNAMSIZ. Aside from the scenario being impossible, set_device_name can be improved to both mute the warning and make the function safer. To make it safer, move size check from device_name_store directly to set_device_name and prevent any out of bounds scenario. Cc: stable@xxxxxxxxxxxxxxx Fixes: 28a6a2ef18ad ("leds: trigger: netdev: refactor code setting device name") Reported-by: kernel test robot <lkp@xxxxxxxxx> Closes: https://lore.kernel.org/oe-kbuild-all/202309192035.GTJEEbem-lkp@xxxxxxxxx/ Signed-off-by: Christian Marangi <ansuelsmth@xxxxxxxxx> Link: https://lore.kernel.org/r/20231007131042.15032-1-ansuelsmth@xxxxxxxxx Signed-off-by: Lee Jones <lee@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/leds/trigger/ledtrig-netdev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/drivers/leds/trigger/ledtrig-netdev.c +++ b/drivers/leds/trigger/ledtrig-netdev.c @@ -221,6 +221,9 @@ static ssize_t device_name_show(struct d static int set_device_name(struct led_netdev_data *trigger_data, const char *name, size_t size) { + if (size >= IFNAMSIZ) + return -EINVAL; + cancel_delayed_work_sync(&trigger_data->work); mutex_lock(&trigger_data->lock); @@ -263,9 +266,6 @@ static ssize_t device_name_store(struct struct led_netdev_data *trigger_data = led_trigger_get_drvdata(dev); int ret; - if (size >= IFNAMSIZ) - return -EINVAL; - ret = set_device_name(trigger_data, buf, size); if (ret < 0) Patches currently in stable-queue which might be from ansuelsmth@xxxxxxxxx are queue-6.6/net-sfp-add-quirk-for-fiberstone-gpon-onu-34-20bi.patch queue-6.6/leds-trigger-netdev-move-size-check-in-set_device_name.patch queue-6.6/cpufreq-stats-fix-buffer-overflow-detection-in-trans_stats.patch