The field "name" in struct ptp_clock_info has a fixed size of 16
chars and is used as zero terminated string by clock_name_show()
in drivers/ptp/ptp_sysfs.c
The current initialization value requires 17 chars to fit also the
null termination, and this causes overflow to the next bytes in
the struct when the string is read as null terminated:
hexdump -C /sys/class/ptp/ptp0/clock_name
00000000 73 74 6d 6d 61 63 5f 70 74 70 5f 63 6c 6f 63 6b |stmmac_ptp_clock|
00000010 a0 ac b9 03 0a |.....|
where the extra 4 bytes (excluding the newline) after the string
represent the integer 0x03b9aca0 = 62500000 assigned to the field
"max_adj" that follows "name" in the same struct.
There is no strict requirement for the "name" content and in the
comment in ptp_clock_kernel.h it's reported it should just be 'A
short "friendly name" to identify the clock'.
Replace it with "stmmac ptp".
Signed-off-by: Antonio Borneo <[email protected]>
Fixes: 92ba6888510c ("stmmac: add the support for PTP hw clock driver")
---
drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c
index 173493db038c..df638b18b72c 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c
@@ -164,7 +164,7 @@ static int stmmac_enable(struct ptp_clock_info *ptp,
/* structure describing a PTP hardware clock */
static struct ptp_clock_info stmmac_ptp_clock_ops = {
.owner = THIS_MODULE,
- .name = "stmmac_ptp_clock",
+ .name = "stmmac ptp",
.max_adj = 62500000,
.n_alarm = 0,
.n_ext_ts = 0,
--
2.23.0
On Mon, 7 Oct 2019 17:43:04 +0200, Antonio Borneo wrote:
> The field "name" in struct ptp_clock_info has a fixed size of 16
> chars and is used as zero terminated string by clock_name_show()
> in drivers/ptp/ptp_sysfs.c
> The current initialization value requires 17 chars to fit also the
> null termination, and this causes overflow to the next bytes in
> the struct when the string is read as null terminated:
> hexdump -C /sys/class/ptp/ptp0/clock_name
> 00000000 73 74 6d 6d 61 63 5f 70 74 70 5f 63 6c 6f 63 6b |stmmac_ptp_clock|
> 00000010 a0 ac b9 03 0a |.....|
> where the extra 4 bytes (excluding the newline) after the string
> represent the integer 0x03b9aca0 = 62500000 assigned to the field
> "max_adj" that follows "name" in the same struct.
>
> There is no strict requirement for the "name" content and in the
> comment in ptp_clock_kernel.h it's reported it should just be 'A
> short "friendly name" to identify the clock'.
> Replace it with "stmmac ptp".
>
> Signed-off-by: Antonio Borneo <[email protected]>
> Fixes: 92ba6888510c ("stmmac: add the support for PTP hw clock driver")
Applied to net, queued for stable.
For future submissions please indicate the target tree. Networking fixes
should go to the net tree and have [PATCH net] in the subject, while
normal patches such as new features and clean ups should be tagged as
[PATCH net-next].