alx: fix OOB-read compiler warning
authorGONG, Ruiqi <gongruiqi1@huawei.com>
Mon, 21 Aug 2023 01:32:18 +0000 (09:32 +0800)
committerPaolo Abeni <pabeni@redhat.com>
Tue, 22 Aug 2023 10:30:15 +0000 (12:30 +0200)
The following message shows up when compiling with W=1:

In function ‘fortify_memcpy_chk’,
    inlined from ‘alx_get_ethtool_stats’ at drivers/net/ethernet/atheros/alx/ethtool.c:297:2:
./include/linux/fortify-string.h:592:4: error: call to ‘__read_overflow2_field’
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Werror=attribute-warning]
  592 |    __read_overflow2_field(q_size_field, size);
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In order to get alx stats altogether, alx_get_ethtool_stats() reads
beyond hw->stats.rx_ok. Fix this warning by directly copying hw->stats,
and refactor the unnecessarily complicated BUILD_BUG_ON btw.

Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20230821013218.1614265-1-gongruiqi@huaweicloud.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
drivers/net/ethernet/atheros/alx/ethtool.c

index b716ada..7f6b69a 100644 (file)
@@ -292,9 +292,8 @@ static void alx_get_ethtool_stats(struct net_device *netdev,
        spin_lock(&alx->stats_lock);
 
        alx_update_hw_stats(hw);
-       BUILD_BUG_ON(sizeof(hw->stats) - offsetof(struct alx_hw_stats, rx_ok) <
-                    ALX_NUM_STATS * sizeof(u64));
-       memcpy(data, &hw->stats.rx_ok, ALX_NUM_STATS * sizeof(u64));
+       BUILD_BUG_ON(sizeof(hw->stats) != ALX_NUM_STATS * sizeof(u64));
+       memcpy(data, &hw->stats, sizeof(hw->stats));
 
        spin_unlock(&alx->stats_lock);
 }