| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Dec 2017 23:18:38 +0800
From: kbuild test robot <lkp@...el.com>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: kbuild-all@...org, LKML <linux-kernel@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Andrew Morton <akpm@...ux-foundation.org>,
Frederic Weisbecker <fweisbec@...il.com>
Subject: Re: [PATCH v2] vsprintf: Do not have bprintf dereference pointers
Hi Steven,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on linus/master]
[also build test WARNING on v4.15-rc5 next-20171222]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Steven-Rostedt/vsprintf-Do-not-have-bprintf-dereference-pointers/20171231-223129
config: i386-randconfig-x072-201753 (attached as .config)
compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All warnings (new ones prefixed by >>):
lib/vsprintf.c: In function 'vbin_printf':
>> lib/vsprintf.c:2538:27: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
*(typeof(type) *)str = (type)value; \
^
>> lib/vsprintf.c:2590:5: note: in expansion of macro 'save_arg'
save_arg(void *);
^~~~~~~~
>> lib/vsprintf.c:2538:27: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
*(typeof(type) *)str = (type)value; \
^
lib/vsprintf.c:2594:6: note: in expansion of macro 'save_arg'
save_arg(void *);
^~~~~~~~
vim +2538 lib/vsprintf.c
^1da177e4c Linus Torvalds 2005-04-16 2490
4370aa4aa7 Lai Jiangshan 2009-03-06 2491 #ifdef CONFIG_BINARY_PRINTF
4370aa4aa7 Lai Jiangshan 2009-03-06 2492 /*
4370aa4aa7 Lai Jiangshan 2009-03-06 2493 * bprintf service:
4370aa4aa7 Lai Jiangshan 2009-03-06 2494 * vbin_printf() - VA arguments to binary data
4370aa4aa7 Lai Jiangshan 2009-03-06 2495 * bstr_printf() - Binary data to text string
4370aa4aa7 Lai Jiangshan 2009-03-06 2496 */
4370aa4aa7 Lai Jiangshan 2009-03-06 2497
4370aa4aa7 Lai Jiangshan 2009-03-06 2498 /**
4370aa4aa7 Lai Jiangshan 2009-03-06 2499 * vbin_printf - Parse a format string and place args' binary value in a buffer
4370aa4aa7 Lai Jiangshan 2009-03-06 2500 * @bin_buf: The buffer to place args' binary value
4370aa4aa7 Lai Jiangshan 2009-03-06 2501 * @size: The size of the buffer(by words(32bits), not characters)
4370aa4aa7 Lai Jiangshan 2009-03-06 2502 * @fmt: The format string to use
4370aa4aa7 Lai Jiangshan 2009-03-06 2503 * @args: Arguments for the format string
4370aa4aa7 Lai Jiangshan 2009-03-06 2504 *
4370aa4aa7 Lai Jiangshan 2009-03-06 2505 * The format follows C99 vsnprintf, except %n is ignored, and its argument
da3dae54e4 Masanari Iida 2014-09-09 2506 * is skipped.
4370aa4aa7 Lai Jiangshan 2009-03-06 2507 *
4370aa4aa7 Lai Jiangshan 2009-03-06 2508 * The return value is the number of words(32bits) which would be generated for
4370aa4aa7 Lai Jiangshan 2009-03-06 2509 * the given input.
4370aa4aa7 Lai Jiangshan 2009-03-06 2510 *
4370aa4aa7 Lai Jiangshan 2009-03-06 2511 * NOTE:
4370aa4aa7 Lai Jiangshan 2009-03-06 2512 * If the return value is greater than @size, the resulting bin_buf is NOT
4370aa4aa7 Lai Jiangshan 2009-03-06 2513 * valid for bstr_printf().
4370aa4aa7 Lai Jiangshan 2009-03-06 2514 */
4370aa4aa7 Lai Jiangshan 2009-03-06 2515 int vbin_printf(u32 *bin_buf, size_t size, const char *fmt, va_list args)
4370aa4aa7 Lai Jiangshan 2009-03-06 2516 {
fef20d9c13 Frederic Weisbecker 2009-03-06 2517 struct printf_spec spec = {0};
4370aa4aa7 Lai Jiangshan 2009-03-06 2518 char *str, *end;
168dccad05 Steven Rostedt (VMware 2017-12-28 2519) int width;
4370aa4aa7 Lai Jiangshan 2009-03-06 2520
4370aa4aa7 Lai Jiangshan 2009-03-06 2521 str = (char *)bin_buf;
4370aa4aa7 Lai Jiangshan 2009-03-06 2522 end = (char *)(bin_buf + size);
4370aa4aa7 Lai Jiangshan 2009-03-06 2523
4370aa4aa7 Lai Jiangshan 2009-03-06 2524 #define save_arg(type) \
168dccad05 Steven Rostedt (VMware 2017-12-28 2525) ({ \
4370aa4aa7 Lai Jiangshan 2009-03-06 2526 unsigned long long value; \
168dccad05 Steven Rostedt (VMware 2017-12-28 2527) if (sizeof(type) == 8) { \
4370aa4aa7 Lai Jiangshan 2009-03-06 2528 str = PTR_ALIGN(str, sizeof(u32)); \
4370aa4aa7 Lai Jiangshan 2009-03-06 2529 value = va_arg(args, unsigned long long); \
4370aa4aa7 Lai Jiangshan 2009-03-06 2530 if (str + sizeof(type) <= end) { \
4370aa4aa7 Lai Jiangshan 2009-03-06 2531 *(u32 *)str = *(u32 *)&value; \
4370aa4aa7 Lai Jiangshan 2009-03-06 2532 *(u32 *)(str + 4) = *((u32 *)&value + 1); \
4370aa4aa7 Lai Jiangshan 2009-03-06 2533 } \
4370aa4aa7 Lai Jiangshan 2009-03-06 2534 } else { \
4370aa4aa7 Lai Jiangshan 2009-03-06 2535 str = PTR_ALIGN(str, sizeof(type)); \
4370aa4aa7 Lai Jiangshan 2009-03-06 2536 value = va_arg(args, int); \
4370aa4aa7 Lai Jiangshan 2009-03-06 2537 if (str + sizeof(type) <= end) \
4370aa4aa7 Lai Jiangshan 2009-03-06 @2538 *(typeof(type) *)str = (type)value; \
4370aa4aa7 Lai Jiangshan 2009-03-06 2539 } \
4370aa4aa7 Lai Jiangshan 2009-03-06 2540 str += sizeof(type); \
168dccad05 Steven Rostedt (VMware 2017-12-28 2541) value; \
168dccad05 Steven Rostedt (VMware 2017-12-28 2542) })
4370aa4aa7 Lai Jiangshan 2009-03-06 2543
fef20d9c13 Frederic Weisbecker 2009-03-06 2544 while (*fmt) {
d4be151b21 André Goddard Rosa 2009-12-14 2545 int read = format_decode(fmt, &spec);
4370aa4aa7 Lai Jiangshan 2009-03-06 2546
fef20d9c13 Frederic Weisbecker 2009-03-06 2547 fmt += read;
4370aa4aa7 Lai Jiangshan 2009-03-06 2548
fef20d9c13 Frederic Weisbecker 2009-03-06 2549 switch (spec.type) {
fef20d9c13 Frederic Weisbecker 2009-03-06 2550 case FORMAT_TYPE_NONE:
d4be151b21 André Goddard Rosa 2009-12-14 2551 case FORMAT_TYPE_PERCENT_CHAR:
fef20d9c13 Frederic Weisbecker 2009-03-06 2552 break;
b006f19b05 Rasmus Villemoes 2015-11-06 2553 case FORMAT_TYPE_INVALID:
b006f19b05 Rasmus Villemoes 2015-11-06 2554 goto out;
4370aa4aa7 Lai Jiangshan 2009-03-06 2555
ed681a91ab Vegard Nossum 2009-03-14 2556 case FORMAT_TYPE_WIDTH:
fef20d9c13 Frederic Weisbecker 2009-03-06 2557 case FORMAT_TYPE_PRECISION:
168dccad05 Steven Rostedt (VMware 2017-12-28 2558) width = (int)save_arg(int);
168dccad05 Steven Rostedt (VMware 2017-12-28 2559) /* Pointers may require the width */
168dccad05 Steven Rostedt (VMware 2017-12-28 2560) if (*fmt == 'p')
168dccad05 Steven Rostedt (VMware 2017-12-28 2561) set_field_width(&spec, width);
fef20d9c13 Frederic Weisbecker 2009-03-06 2562 break;
4370aa4aa7 Lai Jiangshan 2009-03-06 2563
fef20d9c13 Frederic Weisbecker 2009-03-06 2564 case FORMAT_TYPE_CHAR:
4370aa4aa7 Lai Jiangshan 2009-03-06 2565 save_arg(char);
fef20d9c13 Frederic Weisbecker 2009-03-06 2566 break;
fef20d9c13 Frederic Weisbecker 2009-03-06 2567
fef20d9c13 Frederic Weisbecker 2009-03-06 2568 case FORMAT_TYPE_STR: {
4370aa4aa7 Lai Jiangshan 2009-03-06 2569 const char *save_str = va_arg(args, char *);
4370aa4aa7 Lai Jiangshan 2009-03-06 2570 size_t len;
6c35663411 André Goddard Rosa 2009-12-14 2571
4370aa4aa7 Lai Jiangshan 2009-03-06 2572 if ((unsigned long)save_str > (unsigned long)-PAGE_SIZE
4370aa4aa7 Lai Jiangshan 2009-03-06 2573 || (unsigned long)save_str < PAGE_SIZE)
0f4f81dce9 André Goddard Rosa 2009-12-14 2574 save_str = "(null)";
6c35663411 André Goddard Rosa 2009-12-14 2575 len = strlen(save_str) + 1;
6c35663411 André Goddard Rosa 2009-12-14 2576 if (str + len < end)
6c35663411 André Goddard Rosa 2009-12-14 2577 memcpy(str, save_str, len);
6c35663411 André Goddard Rosa 2009-12-14 2578 str += len;
fef20d9c13 Frederic Weisbecker 2009-03-06 2579 break;
4370aa4aa7 Lai Jiangshan 2009-03-06 2580 }
fef20d9c13 Frederic Weisbecker 2009-03-06 2581
fef20d9c13 Frederic Weisbecker 2009-03-06 2582 case FORMAT_TYPE_PTR:
168dccad05 Steven Rostedt (VMware 2017-12-28 2583) /* Dereferenced pointers must be done now */
168dccad05 Steven Rostedt (VMware 2017-12-28 2584) switch (*fmt) {
168dccad05 Steven Rostedt (VMware 2017-12-28 2585) /* Dereference of functions is still OK */
168dccad05 Steven Rostedt (VMware 2017-12-28 2586) case 'S':
168dccad05 Steven Rostedt (VMware 2017-12-28 2587) case 's':
168dccad05 Steven Rostedt (VMware 2017-12-28 2588) case 'F':
168dccad05 Steven Rostedt (VMware 2017-12-28 2589) case 'f':
4370aa4aa7 Lai Jiangshan 2009-03-06 @2590 save_arg(void *);
168dccad05 Steven Rostedt (VMware 2017-12-28 2591) break;
168dccad05 Steven Rostedt (VMware 2017-12-28 2592) default:
168dccad05 Steven Rostedt (VMware 2017-12-28 2593) if (!isalnum(*fmt)) {
168dccad05 Steven Rostedt (VMware 2017-12-28 2594) save_arg(void *);
168dccad05 Steven Rostedt (VMware 2017-12-28 2595) break;
168dccad05 Steven Rostedt (VMware 2017-12-28 2596) }
168dccad05 Steven Rostedt (VMware 2017-12-28 2597) str = pointer(fmt, str, end, va_arg(args, void *),
168dccad05 Steven Rostedt (VMware 2017-12-28 2598) spec);
168dccad05 Steven Rostedt (VMware 2017-12-28 2599) if (str + 1 < end)
168dccad05 Steven Rostedt (VMware 2017-12-28 2600) *str++ = '\0';
168dccad05 Steven Rostedt (VMware 2017-12-28 2601) else
168dccad05 Steven Rostedt (VMware 2017-12-28 2602) end[-1] = '\0'; /* Must be nul terminated */
168dccad05 Steven Rostedt (VMware 2017-12-28 2603) }
4370aa4aa7 Lai Jiangshan 2009-03-06 2604 /* skip all alphanumeric pointer suffixes */
fef20d9c13 Frederic Weisbecker 2009-03-06 2605 while (isalnum(*fmt))
4370aa4aa7 Lai Jiangshan 2009-03-06 2606 fmt++;
fef20d9c13 Frederic Weisbecker 2009-03-06 2607 break;
fef20d9c13 Frederic Weisbecker 2009-03-06 2608
fef20d9c13 Frederic Weisbecker 2009-03-06 2609 default:
fef20d9c13 Frederic Weisbecker 2009-03-06 2610 switch (spec.type) {
fef20d9c13 Frederic Weisbecker 2009-03-06 2611
fef20d9c13 Frederic Weisbecker 2009-03-06 2612 case FORMAT_TYPE_LONG_LONG:
4370aa4aa7 Lai Jiangshan 2009-03-06 2613 save_arg(long long);
fef20d9c13 Frederic Weisbecker 2009-03-06 2614 break;
fef20d9c13 Frederic Weisbecker 2009-03-06 2615 case FORMAT_TYPE_ULONG:
fef20d9c13 Frederic Weisbecker 2009-03-06 2616 case FORMAT_TYPE_LONG:
4370aa4aa7 Lai Jiangshan 2009-03-06 2617 save_arg(unsigned long);
fef20d9c13 Frederic Weisbecker 2009-03-06 2618 break;
fef20d9c13 Frederic Weisbecker 2009-03-06 2619 case FORMAT_TYPE_SIZE_T:
4370aa4aa7 Lai Jiangshan 2009-03-06 2620 save_arg(size_t);
fef20d9c13 Frederic Weisbecker 2009-03-06 2621 break;
fef20d9c13 Frederic Weisbecker 2009-03-06 2622 case FORMAT_TYPE_PTRDIFF:
4370aa4aa7 Lai Jiangshan 2009-03-06 2623 save_arg(ptrdiff_t);
fef20d9c13 Frederic Weisbecker 2009-03-06 2624 break;
a4e94ef0dd Zhaolei 2009-03-27 2625 case FORMAT_TYPE_UBYTE:
a4e94ef0dd Zhaolei 2009-03-27 2626 case FORMAT_TYPE_BYTE:
a4e94ef0dd Zhaolei 2009-03-27 2627 save_arg(char);
a4e94ef0dd Zhaolei 2009-03-27 2628 break;
fef20d9c13 Frederic Weisbecker 2009-03-06 2629 case FORMAT_TYPE_USHORT:
fef20d9c13 Frederic Weisbecker 2009-03-06 2630 case FORMAT_TYPE_SHORT:
4370aa4aa7 Lai Jiangshan 2009-03-06 2631 save_arg(short);
fef20d9c13 Frederic Weisbecker 2009-03-06 2632 break;
4370aa4aa7 Lai Jiangshan 2009-03-06 2633 default:
fef20d9c13 Frederic Weisbecker 2009-03-06 2634 save_arg(int);
fef20d9c13 Frederic Weisbecker 2009-03-06 2635 }
4370aa4aa7 Lai Jiangshan 2009-03-06 2636 }
4370aa4aa7 Lai Jiangshan 2009-03-06 2637 }
fef20d9c13 Frederic Weisbecker 2009-03-06 2638
b006f19b05 Rasmus Villemoes 2015-11-06 2639 out:
7b9186f5eb André Goddard Rosa 2009-12-14 2640 return (u32 *)(PTR_ALIGN(str, sizeof(u32))) - bin_buf;
fef20d9c13 Frederic Weisbecker 2009-03-06 2641 #undef save_arg
4370aa4aa7 Lai Jiangshan 2009-03-06 2642 }
4370aa4aa7 Lai Jiangshan 2009-03-06 2643 EXPORT_SYMBOL_GPL(vbin_printf);
4370aa4aa7 Lai Jiangshan 2009-03-06 2644
:::::: The code at line 2538 was first introduced by commit
:::::: 4370aa4aa75391a5e2e06bccb0919109f725ed8e vsprintf: add binary printf
:::::: TO: Lai Jiangshan <laijs@...fujitsu.com>
:::::: CC: Ingo Molnar <mingo@...e.hu>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
Download attachment ".config.gz" of type "application/gzip" (30060 bytes)
Powered by blists - more mailing lists