On Fri, 12 Dec 2025 14:46:03 +0000 Simon Horman horms@kernel.org wrote:
On Fri, Dec 12, 2025 at 07:30:04PM +0800, kernel test robot wrote:
Hi Ilya,
kernel test robot noticed the following build warnings:
[auto build test WARNING on net-next/main] [also build test WARNING on net/main linus/master v6.18 next-20251212] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Ilya-Krutskih/net-fealnx-fix-... base: net-next/main patch link: https://lore.kernel.org/r/20251211173035.852756-1-devsec%40tpz.ru patch subject: [PATCH v2] net: fealnx: fix possible 'card_idx' integer overflow in config: alpha-allyesconfig (https://download.01.org/0day-ci/archive/20251212/202512121907.n3Bzh2zF-lkp@i...) compiler: alpha-linux-gcc (GCC) 15.1.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251212/202512121907.n3Bzh2zF-lkp@i...)
If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot lkp@intel.com | Closes: https://lore.kernel.org/oe-kbuild-all/202512121907.n3Bzh2zF-lkp@intel.com/
All warnings (new ones prefixed by >>):
drivers/net/ethernet/fealnx.c: In function 'fealnx_init_one':
drivers/net/ethernet/fealnx.c:496:35: warning: '%d' directive writing between 1 and 11 bytes into a region of size 6 [-Wformat-overflow=]
496 | sprintf(boardname, "fealnx%d", card_idx); | ^~drivers/net/ethernet/fealnx.c:496:28: note: directive argument in the range [-2147483647, 2147483647] 496 | sprintf(boardname, "fealnx%d", card_idx); | ^~~~~~~~~~ drivers/net/ethernet/fealnx.c:496:9: note: 'sprintf' output between 8 and 18 bytes into a destination of size 12 496 | sprintf(boardname, "fealnx%d", card_idx); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Although I think these new warnings are not strictly for problems introduced by this patch. They do make me wonder if it would be best to cap card_index MAX_UNITS and return an error if that limit is exceeded.
The code seems to be written allowing for more than MAX_UNITS 'units'.
Actually it all looks pretty broken to me... 'card_idx' is incremented by every call to fealnx_init_one(). That is the pci_driver.probe() function. So every card remove and rescan will increment it. (Is the .probe() even serialised? I can't remember...)
Then there is the MODULE_PARAM_DESC() that states that bit 17 of 'options' is the 'full duplex' flag, but the code checks 'options & 0x200'.
And I just don't understand the assignment: option = dev->mem_start;
The code was like this when Linux created git.
David