| Message ID | 20170620204059.790066-1-arnd@arndb.de |
|---|---|
| State | Accepted |
| Commit | 2da55390a96ad2245edfaca77669c10088523d39 |
| Headers | show |
On Tue, Jun 20, 2017 at 10:40:46PM +0200, Arnd Bergmann wrote: > The memcpy annotation triggers for a fixed-length buffer copy: > > In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0, > from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21, > from /git/arm-soc/include/linux/spinlock.h:87, > from /git/arm-soc/include/linux/seqlock.h:35, > from /git/arm-soc/include/linux/time.h:5, > from /git/arm-soc/include/linux/stat.h:21, > from /git/arm-soc/include/linux/module.h:10, > from /git/arm-soc/drivers/net/phy/smsc.c:20: > In function 'memcpy', > inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3: > /git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter > > Using strncpy instead of memcpy should do the right thing here. Hi Arnd You will find this pattern in number of phy drivers: bcm-phy-lib.c: memcpy(data + i * ETH_GSTRING_LEN, marvell.c: memcpy(data + i * ETH_GSTRING_LEN, micrel.c: memcpy(data + i * ETH_GSTRING_LEN, smsc.c: memcpy(data + i * ETH_GSTRING_LEN, They probably all need the same fix. Andrew
From: Arnd Bergmann <arnd@arndb.de> Date: Tue, 20 Jun 2017 22:40:46 +0200 > The memcpy annotation triggers for a fixed-length buffer copy: > > In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0, > from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21, > from /git/arm-soc/include/linux/spinlock.h:87, > from /git/arm-soc/include/linux/seqlock.h:35, > from /git/arm-soc/include/linux/time.h:5, > from /git/arm-soc/include/linux/stat.h:21, > from /git/arm-soc/include/linux/module.h:10, > from /git/arm-soc/drivers/net/phy/smsc.c:20: > In function 'memcpy', > inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3: > /git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter > > Using strncpy instead of memcpy should do the right thing here. > > Fixes: 030a89028db0 ("net: phy: smsc: Implement PHY statistics") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> APplied to net-next, thanks Arnd.
diff --git a/drivers/net/phy/smsc.c b/drivers/net/phy/smsc.c index 1b8204be064c..2306bfae057f 100644 --- a/drivers/net/phy/smsc.c +++ b/drivers/net/phy/smsc.c @@ -163,7 +163,7 @@ static void smsc_get_strings(struct phy_device *phydev, u8 *data) int i; for (i = 0; i < ARRAY_SIZE(smsc_hw_stats); i++) { - memcpy(data + i * ETH_GSTRING_LEN, + strncpy(data + i * ETH_GSTRING_LEN, smsc_hw_stats[i].string, ETH_GSTRING_LEN); } }
The memcpy annotation triggers for a fixed-length buffer copy: In file included from /git/arm-soc/arch/arm64/include/asm/processor.h:30:0, from /git/arm-soc/arch/arm64/include/asm/spinlock.h:21, from /git/arm-soc/include/linux/spinlock.h:87, from /git/arm-soc/include/linux/seqlock.h:35, from /git/arm-soc/include/linux/time.h:5, from /git/arm-soc/include/linux/stat.h:21, from /git/arm-soc/include/linux/module.h:10, from /git/arm-soc/drivers/net/phy/smsc.c:20: In function 'memcpy', inlined from 'smsc_get_strings' at /git/arm-soc/drivers/net/phy/smsc.c:166:3: /git/arm-soc/include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter Using strncpy instead of memcpy should do the right thing here. Fixes: 030a89028db0 ("net: phy: smsc: Implement PHY statistics") Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- drivers/net/phy/smsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.9.0