lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202201070108.OWIDTV5G-lkp@intel.com>
Date:   Fri, 7 Jan 2022 01:47:37 +0800
From:   kernel test robot <lkp@...el.com>
To:     Trond Myklebust <trond.myklebust@...merspace.com>
Cc:     llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        linux-kernel@...r.kernel.org,
        Anna Schumaker <Anna.Schumaker@...app.com>
Subject: [anna-nfs:linux-next 12/21] fs/nfs/callback_xdr.c:274:8: warning:
 result of comparison of constant 658812288346769700 with expression of type
 'uint32_t' (aka 'unsigned int') is always false

tree:   git://git.linux-nfs.org/projects/anna/linux-nfs.git linux-next
head:   3e0a5877834cb4899478873b0f6ccc604ab33d28
commit: 9c2f14caf2bfc8b25b9d755aa77a37355d00c7ce [12/21] NFSv4.1: Fix uninitialised variable in devicenotify
config: x86_64-buildonly-randconfig-r001-20220106 (https://download.01.org/0day-ci/archive/20220107/202201070108.OWIDTV5G-lkp@intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project ca7ffe09dc6e525109e3cd570cc5182ce568be13)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        git remote add anna-nfs git://git.linux-nfs.org/projects/anna/linux-nfs.git
        git fetch --no-tags anna-nfs linux-next
        git checkout 9c2f14caf2bfc8b25b9d755aa77a37355d00c7ce
        # save the config file to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash fs/nfs/ sound/x86/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

>> fs/nfs/callback_xdr.c:274:8: warning: result of comparison of constant 658812288346769700 with expression of type 'uint32_t' (aka 'unsigned int') is always false [-Wtautological-constant-out-of-range-compare]
           if (n > ULONG_MAX / sizeof(*args->devs)) {
               ~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   1 warning generated.


vim +274 fs/nfs/callback_xdr.c

f2a625616045fe Fred Isaman       2011-01-06  254  
1be5683b03a766 Marc Eshel        2011-05-22  255  static
1be5683b03a766 Marc Eshel        2011-05-22  256  __be32 decode_devicenotify_args(struct svc_rqst *rqstp,
1be5683b03a766 Marc Eshel        2011-05-22  257  				struct xdr_stream *xdr,
f4dac4ade5ba4e Christoph Hellwig 2017-05-11  258  				void *argp)
1be5683b03a766 Marc Eshel        2011-05-22  259  {
f4dac4ade5ba4e Christoph Hellwig 2017-05-11  260  	struct cb_devicenotifyargs *args = argp;
9c2f14caf2bfc8 Trond Myklebust   2022-01-03  261  	uint32_t tmp, n, i;
1be5683b03a766 Marc Eshel        2011-05-22  262  	__be32 *p;
1be5683b03a766 Marc Eshel        2011-05-22  263  	__be32 status = 0;
1be5683b03a766 Marc Eshel        2011-05-22  264  
1be5683b03a766 Marc Eshel        2011-05-22  265  	/* Num of device notifications */
eb72f484a5eb94 Chuck Lever       2019-02-11  266  	p = xdr_inline_decode(xdr, sizeof(uint32_t));
1be5683b03a766 Marc Eshel        2011-05-22  267  	if (unlikely(p == NULL)) {
1be5683b03a766 Marc Eshel        2011-05-22  268  		status = htonl(NFS4ERR_BADXDR);
1be5683b03a766 Marc Eshel        2011-05-22  269  		goto out;
1be5683b03a766 Marc Eshel        2011-05-22  270  	}
1be5683b03a766 Marc Eshel        2011-05-22  271  	n = ntohl(*p++);
9c2f14caf2bfc8 Trond Myklebust   2022-01-03  272  	if (n == 0)
1be5683b03a766 Marc Eshel        2011-05-22  273  		goto out;
363e0df057ea8d Dan Carpenter     2012-01-12 @274  	if (n > ULONG_MAX / sizeof(*args->devs)) {
363e0df057ea8d Dan Carpenter     2012-01-12  275  		status = htonl(NFS4ERR_BADXDR);
363e0df057ea8d Dan Carpenter     2012-01-12  276  		goto out;
363e0df057ea8d Dan Carpenter     2012-01-12  277  	}
1be5683b03a766 Marc Eshel        2011-05-22  278  
a4f743a6bb2016 Trond Myklebust   2015-02-11  279  	args->devs = kmalloc_array(n, sizeof(*args->devs), GFP_KERNEL);
1be5683b03a766 Marc Eshel        2011-05-22  280  	if (!args->devs) {
1be5683b03a766 Marc Eshel        2011-05-22  281  		status = htonl(NFS4ERR_DELAY);
1be5683b03a766 Marc Eshel        2011-05-22  282  		goto out;
1be5683b03a766 Marc Eshel        2011-05-22  283  	}
1be5683b03a766 Marc Eshel        2011-05-22  284  
1be5683b03a766 Marc Eshel        2011-05-22  285  	/* Decode each dev notification */
1be5683b03a766 Marc Eshel        2011-05-22  286  	for (i = 0; i < n; i++) {
1be5683b03a766 Marc Eshel        2011-05-22  287  		struct cb_devicenotifyitem *dev = &args->devs[i];
1be5683b03a766 Marc Eshel        2011-05-22  288  
eb72f484a5eb94 Chuck Lever       2019-02-11  289  		p = xdr_inline_decode(xdr, (4 * sizeof(uint32_t)) +
eb72f484a5eb94 Chuck Lever       2019-02-11  290  				      NFS4_DEVICEID4_SIZE);
1be5683b03a766 Marc Eshel        2011-05-22  291  		if (unlikely(p == NULL)) {
1be5683b03a766 Marc Eshel        2011-05-22  292  			status = htonl(NFS4ERR_BADXDR);
1be5683b03a766 Marc Eshel        2011-05-22  293  			goto err;
1be5683b03a766 Marc Eshel        2011-05-22  294  		}
1be5683b03a766 Marc Eshel        2011-05-22  295  
1be5683b03a766 Marc Eshel        2011-05-22  296  		tmp = ntohl(*p++);	/* bitmap size */
1be5683b03a766 Marc Eshel        2011-05-22  297  		if (tmp != 1) {
1be5683b03a766 Marc Eshel        2011-05-22  298  			status = htonl(NFS4ERR_INVAL);
1be5683b03a766 Marc Eshel        2011-05-22  299  			goto err;
1be5683b03a766 Marc Eshel        2011-05-22  300  		}
1be5683b03a766 Marc Eshel        2011-05-22  301  		dev->cbd_notify_type = ntohl(*p++);
1be5683b03a766 Marc Eshel        2011-05-22  302  		if (dev->cbd_notify_type != NOTIFY_DEVICEID4_CHANGE &&
1be5683b03a766 Marc Eshel        2011-05-22  303  		    dev->cbd_notify_type != NOTIFY_DEVICEID4_DELETE) {
1be5683b03a766 Marc Eshel        2011-05-22  304  			status = htonl(NFS4ERR_INVAL);
1be5683b03a766 Marc Eshel        2011-05-22  305  			goto err;
1be5683b03a766 Marc Eshel        2011-05-22  306  		}
1be5683b03a766 Marc Eshel        2011-05-22  307  
1be5683b03a766 Marc Eshel        2011-05-22  308  		tmp = ntohl(*p++);	/* opaque size */
1be5683b03a766 Marc Eshel        2011-05-22  309  		if (((dev->cbd_notify_type == NOTIFY_DEVICEID4_CHANGE) &&
1be5683b03a766 Marc Eshel        2011-05-22  310  		     (tmp != NFS4_DEVICEID4_SIZE + 8)) ||
1be5683b03a766 Marc Eshel        2011-05-22  311  		    ((dev->cbd_notify_type == NOTIFY_DEVICEID4_DELETE) &&
1be5683b03a766 Marc Eshel        2011-05-22  312  		     (tmp != NFS4_DEVICEID4_SIZE + 4))) {
1be5683b03a766 Marc Eshel        2011-05-22  313  			status = htonl(NFS4ERR_INVAL);
1be5683b03a766 Marc Eshel        2011-05-22  314  			goto err;
1be5683b03a766 Marc Eshel        2011-05-22  315  		}
1be5683b03a766 Marc Eshel        2011-05-22  316  		dev->cbd_layout_type = ntohl(*p++);
1be5683b03a766 Marc Eshel        2011-05-22  317  		memcpy(dev->cbd_dev_id.data, p, NFS4_DEVICEID4_SIZE);
1be5683b03a766 Marc Eshel        2011-05-22  318  		p += XDR_QUADLEN(NFS4_DEVICEID4_SIZE);
1be5683b03a766 Marc Eshel        2011-05-22  319  
1be5683b03a766 Marc Eshel        2011-05-22  320  		if (dev->cbd_layout_type == NOTIFY_DEVICEID4_CHANGE) {
eb72f484a5eb94 Chuck Lever       2019-02-11  321  			p = xdr_inline_decode(xdr, sizeof(uint32_t));
1be5683b03a766 Marc Eshel        2011-05-22  322  			if (unlikely(p == NULL)) {
1be5683b03a766 Marc Eshel        2011-05-22  323  				status = htonl(NFS4ERR_BADXDR);
1be5683b03a766 Marc Eshel        2011-05-22  324  				goto err;
1be5683b03a766 Marc Eshel        2011-05-22  325  			}
1be5683b03a766 Marc Eshel        2011-05-22  326  			dev->cbd_immediate = ntohl(*p++);
1be5683b03a766 Marc Eshel        2011-05-22  327  		} else {
1be5683b03a766 Marc Eshel        2011-05-22  328  			dev->cbd_immediate = 0;
1be5683b03a766 Marc Eshel        2011-05-22  329  		}
1be5683b03a766 Marc Eshel        2011-05-22  330  
1be5683b03a766 Marc Eshel        2011-05-22  331  		dprintk("%s: type %d layout 0x%x immediate %d\n",
1be5683b03a766 Marc Eshel        2011-05-22  332  			__func__, dev->cbd_notify_type, dev->cbd_layout_type,
1be5683b03a766 Marc Eshel        2011-05-22  333  			dev->cbd_immediate);
1be5683b03a766 Marc Eshel        2011-05-22  334  	}
9c2f14caf2bfc8 Trond Myklebust   2022-01-03  335  	args->ndevs = n;
9c2f14caf2bfc8 Trond Myklebust   2022-01-03  336  	dprintk("%s: ndevs %d\n", __func__, args->ndevs);
9c2f14caf2bfc8 Trond Myklebust   2022-01-03  337  	return 0;
9c2f14caf2bfc8 Trond Myklebust   2022-01-03  338  err:
9c2f14caf2bfc8 Trond Myklebust   2022-01-03  339  	kfree(args->devs);
1be5683b03a766 Marc Eshel        2011-05-22  340  out:
9c2f14caf2bfc8 Trond Myklebust   2022-01-03  341  	args->devs = NULL;
9c2f14caf2bfc8 Trond Myklebust   2022-01-03  342  	args->ndevs = 0;
1be5683b03a766 Marc Eshel        2011-05-22  343  	dprintk("%s: status %d ndevs %d\n",
1be5683b03a766 Marc Eshel        2011-05-22  344  		__func__, ntohl(status), args->ndevs);
1be5683b03a766 Marc Eshel        2011-05-22  345  	return status;
1be5683b03a766 Marc Eshel        2011-05-22  346  }
1be5683b03a766 Marc Eshel        2011-05-22  347  

:::::: The code at line 274 was first introduced by commit
:::::: 363e0df057ea8da539645fe4c3c227e3d44054cc nfs: check for integer overflow in decode_devicenotify_args()

:::::: TO: Dan Carpenter <dan.carpenter@...cle.com>
:::::: CC: Trond Myklebust <Trond.Myklebust@...app.com>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ