lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 6 Nov 2023 17:31:34 +0100
From:   Alexander Lobakin <aleksander.lobakin@...el.com>
To:     Alexander Potapenko <glider@...gle.com>
CC:     Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Yury Norov <yury.norov@...il.com>,
        Syed Nayyar Waris <syednwaris@...il.com>,
        "kernel test robot" <lkp@...el.com>,
        <oe-kbuild-all@...ts.linux.dev>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [alobakin:pfcp 11/19] include/linux/bitmap.h:642:17: warning:
 array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]'

BTW, I have this in my inbox:

From: Kernel Test Robot <lkp@...el.com>
Date: Tue, 17 Oct 2023 08:14:51 +0800

> tree:   https://github.com/alobakin/linux pfcp
> head:   9183a3eb639912169a3d3e2be4f25556b465919b
> commit: c8a652cdcc0964510f108726b3da0784d1bc0cd2 [11/19] bitmap: make bitmap_{get,set}_value8() use bitmap_{read,write}()

So it happened after I converted bitmap_{get,set}_value8() so that they
use bitmap_{read,write}().

> config: x86_64-randconfig-004-20231017 (https://download.01.org/0day-ci/archive/20231017/202310170708.fJzLlgDM-lkp@intel.com/config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231017/202310170708.fJzLlgDM-lkp@intel.com/reproduce)
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202310170708.fJzLlgDM-lkp@intel.com/
> 
> All warnings (new ones prefixed by >>):
> 
>    In file included from include/linux/cpumask.h:12,
>                     from arch/x86/include/asm/cpumask.h:5,
>                     from arch/x86/include/asm/msr.h:11,
>                     from arch/x86/include/asm/processor.h:23,
>                     from arch/x86/include/asm/cpufeature.h:5,
>                     from arch/x86/include/asm/thread_info.h:53,
>                     from include/linux/thread_info.h:60,
>                     from arch/x86/include/asm/preempt.h:9,
>                     from include/linux/preempt.h:79,
>                     from include/linux/spinlock.h:56,
>                     from include/linux/mmzone.h:8,
>                     from include/linux/gfp.h:7,
>                     from include/linux/slab.h:16,
>                     from include/linux/resource_ext.h:11,
>                     from include/linux/acpi.h:13,
>                     from drivers/gpio/gpio-pca953x.c:11:
>    drivers/gpio/gpio-pca953x.c: In function 'pca953x_probe':
>>> include/linux/bitmap.h:642:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]' [-Warray-bounds]
>      642 |  map[index + 1] &= BITMAP_FIRST_WORD_MASK(start + nbits);
>          |                 ^~
>    In file included from include/linux/kasan-checks.h:5,
>                     from include/asm-generic/rwonce.h:26,
>                     from ./arch/x86/include/generated/asm/rwonce.h:1,
>                     from include/linux/compiler.h:246,
>                     from include/linux/build_bug.h:5,
>                     from include/linux/bits.h:21,
>                     from include/linux/ioport.h:13,
>                     from include/linux/acpi.h:12,
>                     from drivers/gpio/gpio-pca953x.c:11:
>    drivers/gpio/gpio-pca953x.c:1032:17: note: while referencing 'val'
>     1032 |  DECLARE_BITMAP(val, MAX_LINE);
>          |                 ^~~
>    include/linux/types.h:11:16: note: in definition of macro 'DECLARE_BITMAP'
>       11 |  unsigned long name[BITS_TO_LONGS(bits)]
>          |                ^~~~
>    In file included from include/linux/cpumask.h:12,
>                     from arch/x86/include/asm/cpumask.h:5,
>                     from arch/x86/include/asm/msr.h:11,
>                     from arch/x86/include/asm/processor.h:23,
>                     from arch/x86/include/asm/cpufeature.h:5,
>                     from arch/x86/include/asm/thread_info.h:53,
>                     from include/linux/thread_info.h:60,
>                     from arch/x86/include/asm/preempt.h:9,
>                     from include/linux/preempt.h:79,
>                     from include/linux/spinlock.h:56,
>                     from include/linux/mmzone.h:8,
>                     from include/linux/gfp.h:7,
>                     from include/linux/slab.h:16,
>                     from include/linux/resource_ext.h:11,
>                     from include/linux/acpi.h:13,
>                     from drivers/gpio/gpio-pca953x.c:11:
>>> include/linux/bitmap.h:642:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]' [-Warray-bounds]
>      642 |  map[index + 1] &= BITMAP_FIRST_WORD_MASK(start + nbits);
>          |                 ^~
>    In file included from include/linux/kasan-checks.h:5,
>                     from include/asm-generic/rwonce.h:26,
>                     from ./arch/x86/include/generated/asm/rwonce.h:1,
>                     from include/linux/compiler.h:246,
>                     from include/linux/build_bug.h:5,
>                     from include/linux/bits.h:21,
>                     from include/linux/ioport.h:13,
>                     from include/linux/acpi.h:12,
>                     from drivers/gpio/gpio-pca953x.c:11:
>    drivers/gpio/gpio-pca953x.c:1032:17: note: while referencing 'val'
>     1032 |  DECLARE_BITMAP(val, MAX_LINE);
>          |                 ^~~
>    include/linux/types.h:11:16: note: in definition of macro 'DECLARE_BITMAP'
>       11 |  unsigned long name[BITS_TO_LONGS(bits)]
>          |                ^~~~
>    In file included from include/linux/cpumask.h:12,
>                     from arch/x86/include/asm/cpumask.h:5,
>                     from arch/x86/include/asm/msr.h:11,
>                     from arch/x86/include/asm/processor.h:23,
>                     from arch/x86/include/asm/cpufeature.h:5,
>                     from arch/x86/include/asm/thread_info.h:53,
>                     from include/linux/thread_info.h:60,
>                     from arch/x86/include/asm/preempt.h:9,
>                     from include/linux/preempt.h:79,
>                     from include/linux/spinlock.h:56,
>                     from include/linux/mmzone.h:8,
>                     from include/linux/gfp.h:7,
>                     from include/linux/slab.h:16,
>                     from include/linux/resource_ext.h:11,
>                     from include/linux/acpi.h:13,
>                     from drivers/gpio/gpio-pca953x.c:11:
>    include/linux/bitmap.h:643:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]' [-Warray-bounds]
>      643 |  map[index + 1] |= (value >> space);
>          |                 ^~
>    In file included from include/linux/kasan-checks.h:5,
>                     from include/asm-generic/rwonce.h:26,
>                     from ./arch/x86/include/generated/asm/rwonce.h:1,
>                     from include/linux/compiler.h:246,
>                     from include/linux/build_bug.h:5,
>                     from include/linux/bits.h:21,
>                     from include/linux/ioport.h:13,
>                     from include/linux/acpi.h:12,
>                     from drivers/gpio/gpio-pca953x.c:11:
>    drivers/gpio/gpio-pca953x.c:1032:17: note: while referencing 'val'
>     1032 |  DECLARE_BITMAP(val, MAX_LINE);
>          |                 ^~~
>    include/linux/types.h:11:16: note: in definition of macro 'DECLARE_BITMAP'
>       11 |  unsigned long name[BITS_TO_LONGS(bits)]
>          |                ^~~~
>    In file included from include/linux/cpumask.h:12,
>                     from arch/x86/include/asm/cpumask.h:5,
>                     from arch/x86/include/asm/msr.h:11,
>                     from arch/x86/include/asm/processor.h:23,
>                     from arch/x86/include/asm/cpufeature.h:5,
>                     from arch/x86/include/asm/thread_info.h:53,
>                     from include/linux/thread_info.h:60,
>                     from arch/x86/include/asm/preempt.h:9,
>                     from include/linux/preempt.h:79,
>                     from include/linux/spinlock.h:56,
>                     from include/linux/mmzone.h:8,
>                     from include/linux/gfp.h:7,
>                     from include/linux/slab.h:16,
>                     from include/linux/resource_ext.h:11,
>                     from include/linux/acpi.h:13,
>                     from drivers/gpio/gpio-pca953x.c:11:
>    include/linux/bitmap.h:643:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]' [-Warray-bounds]
>      643 |  map[index + 1] |= (value >> space);
>          |                 ^~
>    In file included from include/linux/kasan-checks.h:5,
>                     from include/asm-generic/rwonce.h:26,
>                     from ./arch/x86/include/generated/asm/rwonce.h:1,
>                     from include/linux/compiler.h:246,
>                     from include/linux/build_bug.h:5,
>                     from include/linux/bits.h:21,
>                     from include/linux/ioport.h:13,
>                     from include/linux/acpi.h:12,
>                     from drivers/gpio/gpio-pca953x.c:11:
>    drivers/gpio/gpio-pca953x.c:1032:17: note: while referencing 'val'
>     1032 |  DECLARE_BITMAP(val, MAX_LINE);
>          |                 ^~~
>    include/linux/types.h:11:16: note: in definition of macro 'DECLARE_BITMAP'
>       11 |  unsigned long name[BITS_TO_LONGS(bits)]
>          |                ^~~~
> 
> 
> vim +642 include/linux/bitmap.h
> 
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  603  
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  604  /**
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  605   * bitmap_write - write n-bit value within a memory region
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  606   * @map: address to the bitmap memory region
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  607   * @value: value to write, clamped to nbits
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  608   * @start: bit offset of the n-bit value
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  609   * @nbits: size of value in bits, nonzero, up to BITS_PER_LONG.
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  610   *
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  611   * bitmap_write() behaves as-if implemented as @nbits calls of __assign_bit(),
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  612   * i.e. bits beyond @nbits are ignored:
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  613   *
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  614   *   for (bit = 0; bit < nbits; bit++)
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  615   *           __assign_bit(start + bit, bitmap, val & BIT(bit));
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  616   */
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  617  static inline void bitmap_write(unsigned long *map,
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  618  				unsigned long value,
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  619  				unsigned long start, unsigned long nbits)
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  620  {
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  621  	size_t index;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  622  	unsigned long offset;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  623  	unsigned long space;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  624  	unsigned long mask;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  625  	bool fit;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  626  
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  627  	if (unlikely(!nbits))
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  628  		return;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  629  
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  630  	mask = BITMAP_LAST_WORD_MASK(nbits);
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  631  	value &= mask;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  632  	offset = start % BITS_PER_LONG;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  633  	space = BITS_PER_LONG - offset;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  634  	fit = space >= nbits;

For that particular case, @offset is not a compile-time constant, thus
the compiler can't assume anything. @space and @fit are as well due to that.

> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  635  	index = BIT_WORD(start);
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  636  
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  637  	map[index] &= (fit ? (~(mask << offset)) : ~BITMAP_FIRST_WORD_MASK(start));
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  638  	map[index] |= value << offset;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  639  	if (fit)
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  640  		return;

...which means the compiler doesn't know whether this condition will
return from the function or not.

> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  641  
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 @642  	map[index + 1] &= BITMAP_FIRST_WORD_MASK(start + nbits);
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  643  	map[index + 1] |= (value >> space);

However, it knows that the bitmap has only 1 long and indexes above 0
are not valid.

Not sure how to approach this :z It was also captured on the version you
sent 2 weeks ago, so this could've been resolved already.

> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  644  }
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11  645  
> 
> :::::: The code at line 642 was first introduced by commit
> :::::: c8ac468adba7fe930ec22f392d5f127b768deccc lib/bitmap: add bitmap_{read,write}()
> 
> :::::: TO: Syed Nayyar Waris <syednwaris@...il.com>
> :::::: CC: Alexander Lobakin <aleksander.lobakin@...el.com>
> 

Thanks,
Olek

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ