From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: Re: [PATCH] NFSD: prevent integer overflow on 32 bit systems
Date: Tue, 15 Mar 2022 15:35:45 +0800 [thread overview]
Message-ID: <202203151552.RotMz4kf-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 5054 bytes --]
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
In-Reply-To: <20220314140958.GE30883@kili>
References: <20220314140958.GE30883@kili>
TO: Dan Carpenter <error27@gmail.com>
TO: Chuck Lever <chuck.lever@oracle.com>
TO: Trond Myklebust <trond.myklebust@hammerspace.com>
CC: Anna Schumaker <anna@kernel.org>
CC: linux-nfs(a)vger.kernel.org
CC: kernel-janitors(a)vger.kernel.org
CC: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Hi Dan,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on trondmy-nfs/linux-next]
[also build test WARNING on linus/master v5.17-rc8 next-20220310]
[cannot apply to cel-2.6/for-next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Dan-Carpenter/NFSD-prevent-integer-overflow-on-32-bit-systems/20220314-221126
base: git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next
:::::: branch date: 17 hours ago
:::::: commit date: 17 hours ago
config: x86_64-randconfig-m001-20220314 (https://download.01.org/0day-ci/archive/20220315/202203151552.RotMz4kf-lkp(a)intel.com/config)
compiler: gcc-9 (Ubuntu 9.4.0-1ubuntu1~20.04) 9.4.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
include/linux/sunrpc/xdr.h:734 xdr_stream_decode_uint32_array() warn: impossible condition '(len > (~0) / 4) => (0-u32max > 4611686018427387903)'
Old smatch warnings:
fs/nfs/nfs4xdr.c:1194 encode_attrs() error: we previously assumed 'umask' could be null (see line 1103)
vim +734 include/linux/sunrpc/xdr.h
37c88763def8474 Trond Myklebust 2018-03-20 712
37c88763def8474 Trond Myklebust 2018-03-20 713 /**
37c88763def8474 Trond Myklebust 2018-03-20 714 * xdr_stream_decode_uint32_array - Decode variable length array of integers
37c88763def8474 Trond Myklebust 2018-03-20 715 * @xdr: pointer to xdr_stream
37c88763def8474 Trond Myklebust 2018-03-20 716 * @array: location to store the integer array or NULL
37c88763def8474 Trond Myklebust 2018-03-20 717 * @array_size: number of elements to store
37c88763def8474 Trond Myklebust 2018-03-20 718 *
37c88763def8474 Trond Myklebust 2018-03-20 719 * Return values:
37c88763def8474 Trond Myklebust 2018-03-20 720 * On success, returns number of elements stored in @array
37c88763def8474 Trond Myklebust 2018-03-20 721 * %-EBADMSG on XDR buffer overflow
37c88763def8474 Trond Myklebust 2018-03-20 722 * %-EMSGSIZE if the size of the array exceeds @array_size
37c88763def8474 Trond Myklebust 2018-03-20 723 */
37c88763def8474 Trond Myklebust 2018-03-20 724 static inline ssize_t
37c88763def8474 Trond Myklebust 2018-03-20 725 xdr_stream_decode_uint32_array(struct xdr_stream *xdr,
37c88763def8474 Trond Myklebust 2018-03-20 726 __u32 *array, size_t array_size)
37c88763def8474 Trond Myklebust 2018-03-20 727 {
37c88763def8474 Trond Myklebust 2018-03-20 728 __be32 *p;
37c88763def8474 Trond Myklebust 2018-03-20 729 __u32 len;
37c88763def8474 Trond Myklebust 2018-03-20 730 ssize_t retval;
37c88763def8474 Trond Myklebust 2018-03-20 731
37c88763def8474 Trond Myklebust 2018-03-20 732 if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
37c88763def8474 Trond Myklebust 2018-03-20 733 return -EBADMSG;
455f80f80ed3496 Dan Carpenter 2022-03-14 @734 if (len > ULONG_MAX / sizeof(*p))
455f80f80ed3496 Dan Carpenter 2022-03-14 735 return -EBADMSG;
37c88763def8474 Trond Myklebust 2018-03-20 736 p = xdr_inline_decode(xdr, len * sizeof(*p));
37c88763def8474 Trond Myklebust 2018-03-20 737 if (unlikely(!p))
37c88763def8474 Trond Myklebust 2018-03-20 738 return -EBADMSG;
37c88763def8474 Trond Myklebust 2018-03-20 739 if (array == NULL)
37c88763def8474 Trond Myklebust 2018-03-20 740 return len;
37c88763def8474 Trond Myklebust 2018-03-20 741 if (len <= array_size) {
37c88763def8474 Trond Myklebust 2018-03-20 742 if (len < array_size)
37c88763def8474 Trond Myklebust 2018-03-20 743 memset(array+len, 0, (array_size-len)*sizeof(*array));
37c88763def8474 Trond Myklebust 2018-03-20 744 array_size = len;
37c88763def8474 Trond Myklebust 2018-03-20 745 retval = len;
37c88763def8474 Trond Myklebust 2018-03-20 746 } else
37c88763def8474 Trond Myklebust 2018-03-20 747 retval = -EMSGSIZE;
37c88763def8474 Trond Myklebust 2018-03-20 748 for (; array_size > 0; p++, array++, array_size--)
37c88763def8474 Trond Myklebust 2018-03-20 749 *array = be32_to_cpup(p);
37c88763def8474 Trond Myklebust 2018-03-20 750 return retval;
37c88763def8474 Trond Myklebust 2018-03-20 751 }
^1da177e4c3f415 Linus Torvalds 2005-04-16 752
---
0-DAY CI Kernel Test Service
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
next reply other threads:[~2022-03-15 7:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-15 7:35 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-03-14 14:09 [PATCH] NFSD: prevent integer overflow on 32 bit systems Dan Carpenter
2022-03-14 14:45 ` Chuck Lever III
2022-03-14 17:03 ` Dan Carpenter
2022-03-14 18:05 ` Chuck Lever III
2022-03-14 19:25 ` Trond Myklebust
2022-03-14 19:57 ` kernel test robot
2022-03-15 15:40 ` Dan Carpenter
2022-03-15 15:40 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202203151552.RotMz4kf-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.