lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sun, 2 Oct 2022 05:11:41 +0800
From:   kernel test robot <lkp@...el.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        linux-kernel@...r.kernel.org
Subject: [kees:devel/hardening 27/69] include/linux/fortify-string.h:532:4:
 error: call to __read_overflow2 declared with 'error' attribute: detected
 read beyond size of object (2nd parameter)

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git devel/hardening
head:   4b677c85590798c3141758109cc5be7ba068a3ff
commit: 34647f075d5474b539890da2ee3c56d647871a92 [27/69] fortify: Use __builtin_dynamic_object_size() when available
config: x86_64-randconfig-a016
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?id=34647f075d5474b539890da2ee3c56d647871a92
        git remote add kees https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git
        git fetch --no-tags kees devel/hardening
        git checkout 34647f075d5474b539890da2ee3c56d647871a92
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>

All errors (new ones prefixed by >>):

   In file included from drivers/media/usb/uvc/uvc_ctrl.c:11:
   In file included from include/linux/module.h:13:
   In file included from include/linux/stat.h:19:
   In file included from include/linux/time.h:60:
   In file included from include/linux/time32.h:13:
   In file included from include/linux/timex.h:67:
   In file included from arch/x86/include/asm/timex.h:5:
   In file included from arch/x86/include/asm/processor.h:22:
   In file included from arch/x86/include/asm/msr.h:11:
   In file included from arch/x86/include/asm/cpumask.h:5:
   In file included from include/linux/cpumask.h:12:
   In file included from include/linux/bitmap.h:11:
   In file included from include/linux/string.h:253:
>> include/linux/fortify-string.h:532:4: error: call to __read_overflow2 declared with 'error' attribute: detected read beyond size of object (2nd parameter)
                           __read_overflow2();
                           ^
   1 error generated.


vim +/error +532 include/linux/fortify-string.h

a28a6e860c6cf2 Francis Laniel 2021-02-25  521  
92df138a8d663c Kees Cook      2022-02-08  522  __FORTIFY_INLINE __diagnose_as(__builtin_memcmp, 1, 2, 3)
281d0c962752fb Kees Cook      2022-02-08  523  int memcmp(const void * const POS0 p, const void * const POS0 q, __kernel_size_t size)
a28a6e860c6cf2 Francis Laniel 2021-02-25  524  {
9f7d69c5cd2390 Kees Cook      2022-09-19  525  	size_t p_size = __struct_size(p);
9f7d69c5cd2390 Kees Cook      2022-09-19  526  	size_t q_size = __struct_size(q);
a28a6e860c6cf2 Francis Laniel 2021-02-25  527  
a28a6e860c6cf2 Francis Laniel 2021-02-25  528  	if (__builtin_constant_p(size)) {
fa35198f39571b Kees Cook      2022-09-19  529  		if (__compiletime_lessthan(p_size, size))
a28a6e860c6cf2 Francis Laniel 2021-02-25  530  			__read_overflow();
fa35198f39571b Kees Cook      2022-09-19  531  		if (__compiletime_lessthan(q_size, size))
a28a6e860c6cf2 Francis Laniel 2021-02-25 @532  			__read_overflow2();
a28a6e860c6cf2 Francis Laniel 2021-02-25  533  	}
a28a6e860c6cf2 Francis Laniel 2021-02-25  534  	if (p_size < size || q_size < size)
a28a6e860c6cf2 Francis Laniel 2021-02-25  535  		fortify_panic(__func__);
a28a6e860c6cf2 Francis Laniel 2021-02-25  536  	return __underlying_memcmp(p, q, size);
a28a6e860c6cf2 Francis Laniel 2021-02-25  537  }
a28a6e860c6cf2 Francis Laniel 2021-02-25  538  

:::::: The code at line 532 was first introduced by commit
:::::: a28a6e860c6cf231cf3c5171c75c342adcd00406 string.h: move fortified functions definitions in a dedicated header.

:::::: TO: Francis Laniel <laniel_francis@...vacyrequired.com>
:::::: CC: Linus Torvalds <torvalds@...ux-foundation.org>

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

View attachment "config" of type "text/plain" (153123 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ