| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Nov 2023 22:59:29 +0800
From: Philip Li <philip.li@...el.com>
To: kernel test robot <lkp@...el.com>
CC: Christoph Hellwig <hch@....de>, <oe-kbuild-all@...ts.linux.dev>,
<linux-kernel@...r.kernel.org>, Jens Axboe <axboe@...nel.dk>,
Kees Cook <keescook@...omium.org>
Subject: Re: drivers/target/target_core_transport.c:1079:59: warning: '%s'
directive output may be truncated writing up to 253 bytes into a region of
size 221
On Mon, Nov 06, 2023 at 10:01:44PM +0800, kernel test robot wrote:
> Hi Christoph,
>
> FYI, the error/warning was bisected to this commit, please ignore it if it's irrelevant.
Sorry for false report, kindly ignore this which is not the cause of initial warning.
>
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: d2f51b3516dade79269ff45eae2a7668ae711b25
> commit: 8a39a0478355e9dfdd2f35038d07c4ebe3192441 target: don't depend on SCSI
> date: 5 years ago
> config: x86_64-randconfig-x083-20230515 (https://download.01.org/0day-ci/archive/20231106/202311062106.HacLsl2Y-lkp@intel.com/config)
> compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231106/202311062106.HacLsl2Y-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202311062106.HacLsl2Y-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
> drivers/target/target_core_transport.c: In function 'transport_dump_vpd_ident':
> >> drivers/target/target_core_transport.c:1079:59: warning: '%s' directive output may be truncated writing up to 253 bytes into a region of size 221 [-Wformat-truncation=]
> 1079 | "T10 VPD ASCII Device Identifier: %s\n",
> | ^~
> drivers/target/target_core_transport.c:1078:17: note: 'snprintf' output between 35 and 288 bytes into a destination of size 254
> 1078 | snprintf(buf, sizeof(buf),
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~
> 1079 | "T10 VPD ASCII Device Identifier: %s\n",
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 1080 | &vpd->device_identifier[0]);
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/target/target_core_transport.c:1084:59: warning: '%s' directive output may be truncated writing up to 253 bytes into a region of size 221 [-Wformat-truncation=]
> 1084 | "T10 VPD UTF-8 Device Identifier: %s\n",
> | ^~
> drivers/target/target_core_transport.c:1083:17: note: 'snprintf' output between 35 and 288 bytes into a destination of size 254
> 1083 | snprintf(buf, sizeof(buf),
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~
> 1084 | "T10 VPD UTF-8 Device Identifier: %s\n",
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 1085 | &vpd->device_identifier[0]);
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/target/target_core_transport.c:1074:60: warning: '%s' directive output may be truncated writing up to 253 bytes into a region of size 220 [-Wformat-truncation=]
> 1074 | "T10 VPD Binary Device Identifier: %s\n",
> | ^~
> drivers/target/target_core_transport.c:1073:17: note: 'snprintf' output between 36 and 289 bytes into a destination of size 254
> 1073 | snprintf(buf, sizeof(buf),
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~
> 1074 | "T10 VPD Binary Device Identifier: %s\n",
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 1075 | &vpd->device_identifier[0]);
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> drivers/target/target_core_transport.o: warning: objtool: transport_init_session()+0x61: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_alloc_session_tags()+0x80: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: target_read_prot_action()+0x156: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_handle_queue_full()+0x2ac: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_lun_remove_cmd()+0x1e3: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: __transport_check_aborted_status()+0x2e2: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: target_setup_cmd_from_cdb()+0x540: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: target_show_dynamic_sessions()+0xf6: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: target_put_nacl()+0x10b: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_free_session()+0x136: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_init_session_tags()+0x66: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: translate_sense_reason.constprop.0()+0x1aa: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_send_check_condition_and_sense()+0x357: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: __transport_wait_for_tasks()+0x245: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_generic_free_cmd()+0x1a5: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: init_se_kmem_caches()+0x2b: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_dump_vpd_ident_type()+0x144: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: target_cmd_size_check()+0x3f3: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_generic_map_mem_to_cmd()+0x7c: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: target_complete_ok_work()+0xa6e: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_complete_qf()+0x266: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_generic_request_failure()+0x4ae: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: target_write_prot_action()+0x156: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_handle_cdb_direct()+0x39: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: target_submit_cmd_map_sgls()+0x3af: sibling call from callable instruction with modified stack frame
> drivers/target/target_core_transport.o: warning: objtool: transport_send_task_abort()+0x2a7: sibling call from callable instruction with modified stack frame
>
>
> vim +1079 drivers/target/target_core_transport.c
>
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1060
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1061 int transport_dump_vpd_ident(
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1062 struct t10_vpd *vpd,
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1063 unsigned char *p_buf,
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1064 int p_buf_len)
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1065 {
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1066 unsigned char buf[VPD_TMP_BUF_SIZE];
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1067 int ret = 0;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1068
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1069 memset(buf, 0, VPD_TMP_BUF_SIZE);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1070
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1071 switch (vpd->device_identifier_code_set) {
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1072 case 0x01: /* Binary */
> 703d641d870346 Dan Carpenter 2013-01-18 1073 snprintf(buf, sizeof(buf),
> 703d641d870346 Dan Carpenter 2013-01-18 1074 "T10 VPD Binary Device Identifier: %s\n",
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1075 &vpd->device_identifier[0]);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1076 break;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1077 case 0x02: /* ASCII */
> 703d641d870346 Dan Carpenter 2013-01-18 1078 snprintf(buf, sizeof(buf),
> 703d641d870346 Dan Carpenter 2013-01-18 @1079 "T10 VPD ASCII Device Identifier: %s\n",
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1080 &vpd->device_identifier[0]);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1081 break;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1082 case 0x03: /* UTF-8 */
> 703d641d870346 Dan Carpenter 2013-01-18 1083 snprintf(buf, sizeof(buf),
> 703d641d870346 Dan Carpenter 2013-01-18 1084 "T10 VPD UTF-8 Device Identifier: %s\n",
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1085 &vpd->device_identifier[0]);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1086 break;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1087 default:
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1088 sprintf(buf, "T10 VPD Device Identifier encoding unsupported:"
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1089 " 0x%02x", vpd->device_identifier_code_set);
> e3d6f909ed803d Andy Grover 2011-07-19 1090 ret = -EINVAL;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1091 break;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1092 }
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1093
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1094 if (p_buf)
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1095 strncpy(p_buf, buf, p_buf_len);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1096 else
> 6708bb27bb2703 Andy Grover 2011-06-08 1097 pr_debug("%s", buf);
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1098
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1099 return ret;
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1100 }
> c66ac9db8d4ad9 Nicholas Bellinger 2010-12-17 1101
>
> :::::: The code at line 1079 was first introduced by commit
> :::::: 703d641d87034629f8b0da94334034ed5d805b36 target: change sprintf to snprintf in transport_dump_vpd_ident
>
> :::::: TO: Dan Carpenter <dan.carpenter@...cle.com>
> :::::: CC: Nicholas Bellinger <nab@...ux-iscsi.org>
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
Powered by blists - more mailing lists