| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Dec 2023 04:02:07 -0500
From: "Michael S. Tsirkin" <mst@...hat.com>
To: kernel test robot <lkp@...el.com>
Cc: Suwan Kim <suwan.kim027@...il.com>, oe-kbuild-all@...ts.linux.dev,
linux-kernel@...r.kernel.org,
Stefan Hajnoczi <stefanha@...hat.com>,
Christoph Hellwig <hch@....de>,
Max Gurtovoy <mgurtovoy@...dia.com>,
Chaitanya Kulkarni <kch@...dia.com>, pbonzini@...hat.com
Subject: Re: drivers/block/virtio_blk.c:570:68: warning: '%d' directive
output may be truncated writing between 1 and 11 bytes into a region of size
7
On Mon, Dec 04, 2023 at 04:56:35PM +0800, kernel test robot wrote:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: 33cc938e65a98f1d29d0a18403dbbee050dcad9a
> commit: 4e0400525691d0e676dbe002641f9a61261f1e1b virtio-blk: support polling I/O
> date: 1 year, 6 months ago
> config: x86_64-buildonly-randconfig-006-20230906 (https://download.01.org/0day-ci/archive/20231204/202312041509.DIyvEt9h-lkp@intel.com/config)
> compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231204/202312041509.DIyvEt9h-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202312041509.DIyvEt9h-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
> drivers/block/virtio_blk.c: In function 'init_vq':
> >> drivers/block/virtio_blk.c:570:68: warning: '%d' directive output may be truncated writing between 1 and 11 bytes into a region of size 7 [-Wformat-truncation=]
> 570 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i);
> | ^~
> drivers/block/virtio_blk.c:570:58: note: directive argument in the range [-2147483648, 65534]
> 570 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i);
> | ^~~~~~~~~~~~~
> drivers/block/virtio_blk.c:570:17: note: 'snprintf' output between 11 and 21 bytes into a destination of size 16
> 570 | snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> vim +570 drivers/block/virtio_blk.c
>
> 511
> 512 static int init_vq(struct virtio_blk *vblk)
> 513 {
> 514 int err;
> 515 int i;
> 516 vq_callback_t **callbacks;
> 517 const char **names;
> 518 struct virtqueue **vqs;
> 519 unsigned short num_vqs;
> 520 unsigned int num_poll_vqs;
> 521 struct virtio_device *vdev = vblk->vdev;
> 522 struct irq_affinity desc = { 0, };
> 523
> 524 err = virtio_cread_feature(vdev, VIRTIO_BLK_F_MQ,
> 525 struct virtio_blk_config, num_queues,
> 526 &num_vqs);
> 527 if (err)
> 528 num_vqs = 1;
> 529
> 530 if (!err && !num_vqs) {
> 531 dev_err(&vdev->dev, "MQ advertised but zero queues reported\n");
> 532 return -EINVAL;
> 533 }
> 534
> 535 num_vqs = min_t(unsigned int,
> 536 min_not_zero(num_request_queues, nr_cpu_ids),
> 537 num_vqs);
> 538
> 539 num_poll_vqs = min_t(unsigned int, poll_queues, num_vqs - 1);
> 540
> 541 vblk->io_queues[HCTX_TYPE_DEFAULT] = num_vqs - num_poll_vqs;
> 542 vblk->io_queues[HCTX_TYPE_READ] = 0;
> 543 vblk->io_queues[HCTX_TYPE_POLL] = num_poll_vqs;
> 544
> 545 dev_info(&vdev->dev, "%d/%d/%d default/read/poll queues\n",
> 546 vblk->io_queues[HCTX_TYPE_DEFAULT],
> 547 vblk->io_queues[HCTX_TYPE_READ],
> 548 vblk->io_queues[HCTX_TYPE_POLL]);
> 549
> 550 vblk->vqs = kmalloc_array(num_vqs, sizeof(*vblk->vqs), GFP_KERNEL);
> 551 if (!vblk->vqs)
> 552 return -ENOMEM;
> 553
> 554 names = kmalloc_array(num_vqs, sizeof(*names), GFP_KERNEL);
> 555 callbacks = kmalloc_array(num_vqs, sizeof(*callbacks), GFP_KERNEL);
> 556 vqs = kmalloc_array(num_vqs, sizeof(*vqs), GFP_KERNEL);
> 557 if (!names || !callbacks || !vqs) {
> 558 err = -ENOMEM;
> 559 goto out;
> 560 }
> 561
> 562 for (i = 0; i < num_vqs - num_poll_vqs; i++) {
> 563 callbacks[i] = virtblk_done;
> 564 snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i);
> 565 names[i] = vblk->vqs[i].name;
> 566 }
> 567
> 568 for (; i < num_vqs; i++) {
> 569 callbacks[i] = NULL;
> > 570 snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i);
> 571 names[i] = vblk->vqs[i].name;
> 572 }
> 573
> 574 /* Discover virtqueues and write information to configuration. */
> 575 err = virtio_find_vqs(vdev, num_vqs, vqs, callbacks, names, &desc);
> 576 if (err)
> 577 goto out;
> 578
> 579 for (i = 0; i < num_vqs; i++) {
> 580 spin_lock_init(&vblk->vqs[i].lock);
> 581 vblk->vqs[i].vq = vqs[i];
> 582 }
> 583 vblk->num_vqs = num_vqs;
> 584
> 585 out:
> 586 kfree(vqs);
> 587 kfree(callbacks);
> 588 kfree(names);
> 589 if (err)
> 590 kfree(vblk->vqs);
> 591 return err;
> 592 }
> 593
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
Stefan, Paolo,
It's a false positive but do we want to fix it? Make i unsigned?
--
MST
Powered by blists - more mailing lists