lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Mon, 25 Oct 2021 06:43:25 +0800
From:   kernel test robot <lkp@...el.com>
To:     Russell King <rmk+kernel@...linux.org.uk>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org
Subject: [rmk-arm:clearfog 2/13]
 drivers/net/dsa/mv88e6xxx/mv88e6xxx_debugfs.c:739:6: warning: %d in format
 string (no. 1) requires 'int *' but the argument type is 'unsigned int *'.
 [invalidScanfArgType_int]

Hi Russell,

First bad commit (maybe != root cause):

tree:   git://git.armlinux.org.uk/~rmk/linux-arm clearfog
head:   89b5c2c2bea4a97b0c6254f54d3719fe15c9e38e
commit: ee71c167800c79ed367a6cb8d0efb4e2cfffabf7 [2/13] net: dsa: mv88e6xxx: debugfs hacks to fix the compile
compiler: sh4-linux-gcc (GCC) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>


cppcheck possible warnings: (new ones prefixed by >>, may not real problems)

>> drivers/net/dsa/mv88e6xxx/mv88e6xxx_debugfs.c:162:8: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]
    ret = sscanf(cmd, "%s %x %x", name, &reg, &val);
          ^

vim +739 drivers/net/dsa/mv88e6xxx/mv88e6xxx_debugfs.c

3724260d6f3b5e Vivien Didelot 2015-10-22  725  
3724260d6f3b5e Vivien Didelot 2015-10-22  726  static ssize_t mv88e6xxx_pvt_write(struct file *file, const char __user *buf,
3724260d6f3b5e Vivien Didelot 2015-10-22  727  				    size_t count, loff_t *ppos)
3724260d6f3b5e Vivien Didelot 2015-10-22  728  {
3724260d6f3b5e Vivien Didelot 2015-10-22  729  	struct seq_file *s = file->private_data;
3724260d6f3b5e Vivien Didelot 2015-10-22  730  	struct mv88e6xxx_chip *chip = s->private;
3724260d6f3b5e Vivien Didelot 2015-10-22  731  	const u16 mask = (1 << mv88e6xxx_num_ports(chip)) - 1;
3724260d6f3b5e Vivien Didelot 2015-10-22  732  	char cmd[32];
3724260d6f3b5e Vivien Didelot 2015-10-22  733  	unsigned int src_dev, src_port, pvlan;
3724260d6f3b5e Vivien Didelot 2015-10-22  734  	int ret;
3724260d6f3b5e Vivien Didelot 2015-10-22  735  
3724260d6f3b5e Vivien Didelot 2015-10-22  736  	if (copy_from_user(cmd, buf, sizeof(cmd)))
3724260d6f3b5e Vivien Didelot 2015-10-22  737  		return -EFAULT;
3724260d6f3b5e Vivien Didelot 2015-10-22  738  
3724260d6f3b5e Vivien Didelot 2015-10-22 @739  	if (sscanf(cmd, "%d %d %x", &src_dev, &src_port, &pvlan) != 3)
3724260d6f3b5e Vivien Didelot 2015-10-22  740  		return -EINVAL;
3724260d6f3b5e Vivien Didelot 2015-10-22  741  
3724260d6f3b5e Vivien Didelot 2015-10-22  742  	if (src_dev >= 32 || src_port >= 16 || pvlan & ~mask)
3724260d6f3b5e Vivien Didelot 2015-10-22  743  		return -ERANGE;
3724260d6f3b5e Vivien Didelot 2015-10-22  744  
3724260d6f3b5e Vivien Didelot 2015-10-22  745  	mutex_lock(&chip->reg_lock);
3724260d6f3b5e Vivien Didelot 2015-10-22  746  	ret = _mv88e6xxx_pvt_write(chip, src_dev, src_port, pvlan);
3724260d6f3b5e Vivien Didelot 2015-10-22  747  	mutex_unlock(&chip->reg_lock);
3724260d6f3b5e Vivien Didelot 2015-10-22  748  
3724260d6f3b5e Vivien Didelot 2015-10-22  749  	return ret < 0 ? ret : count;
3724260d6f3b5e Vivien Didelot 2015-10-22  750  }
3724260d6f3b5e Vivien Didelot 2015-10-22  751  

:::::: The code at line 739 was first introduced by commit
:::::: 3724260d6f3b5e821ce7ead6410416bf02c3fff6 net: dsa: mv88e6xxx: add debugfs interface

:::::: TO: Vivien Didelot <vivien.didelot@...oirfairelinux.com>
:::::: CC: Russell King (Oracle) <rmk+kernel@...linux.org.uk>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Powered by blists - more mailing lists