lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1c1d57ba13c2497f99e5e0a9c5954667@AcuMS.aculab.com>
Date:   Tue, 5 Dec 2023 13:51:39 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Stefan Hajnoczi' <stefanha@...hat.com>,
        "Michael S. Tsirkin" <mst@...hat.com>
CC:     Xuan Zhuo <xuanzhuo@...ux.alibaba.com>,
        "virtualization@...ts.linux.dev" <virtualization@...ts.linux.dev>,
        Jason Wang <jasowang@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Jens Axboe <axboe@...nel.dk>,
        "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Suwan Kim <suwan.kim027@...il.com>,
        kernel test robot <lkp@...el.com>
Subject: RE: [PATCH] virtio_blk: fix snprintf truncation compiler warning

From: Stefan Hajnoczi
> Sent: 04 December 2023 14:08
> 
> Commit 4e0400525691 ("virtio-blk: support polling I/O") triggers the
> following gcc 13 W=1 warnings:
> 
> drivers/block/virtio_blk.c: In function ‘init_vq’:
> drivers/block/virtio_blk.c:1077:68: warning: ‘%d’ directive output may be truncated writing between 1
> and 11 bytes into a region of size 7 [-Wformat-truncation=]
>  1077 |                 snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i);
>       |                                                                    ^~
> drivers/block/virtio_blk.c:1077:58: note: directive argument in the range [-2147483648, 65534]
>  1077 |                 snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i);
>       |                                                          ^~~~~~~~~~~~~
> drivers/block/virtio_blk.c:1077:17: note: ‘snprintf’ output between 11 and 21 bytes into a destination
> of size 16
>  1077 |                 snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i);
>       |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> This is a false positive because the lower bound -2147483648 is
> incorrect. The true range of i is [0, num_vqs - 1] where 0 < num_vqs <
> 65536.
> 
> The code mixes int, unsigned short, and unsigned int types in addition
> to using "%d" for an unsigned value. Use unsigned short and "%u"
> consistently to solve the compiler warning.
> 
> Cc: Suwan Kim <suwan.kim027@...il.com>
> Reported-by: kernel test robot <lkp@...el.com>
> Closes: https://lore.kernel.org/oe-kbuild-all/202312041509.DIyvEt9h-lkp@intel.com/
> Signed-off-by: Stefan Hajnoczi <stefanha@...hat.com>
> ---
>  drivers/block/virtio_blk.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
> index d53d6aa8ee69..47556d8ccc32 100644
> --- a/drivers/block/virtio_blk.c
> +++ b/drivers/block/virtio_blk.c
> @@ -1019,12 +1019,12 @@ static void virtblk_config_changed(struct virtio_device *vdev)
>  static int init_vq(struct virtio_blk *vblk)
>  {
>  	int err;
> -	int i;
> +	unsigned short i;
>  	vq_callback_t **callbacks;
>  	const char **names;
>  	struct virtqueue **vqs;
>  	unsigned short num_vqs;
> -	unsigned int num_poll_vqs;
> +	unsigned short num_poll_vqs;
>  	struct virtio_device *vdev = vblk->vdev;
>  	struct irq_affinity desc = { 0, };
> 
> @@ -1068,13 +1068,13 @@ static int init_vq(struct virtio_blk *vblk)
> 
>  	for (i = 0; i < num_vqs - num_poll_vqs; i++) {

Ugg doing arithmetic on char/short is likely to generate horrid
code (especially on non-x86).
Hint, there will be explicit masking and/or sign/zero extension.

Even the array index might add extra code (although there'll be
an explicit sign extend to 64bit with the current code).

There really ought to be a better way to make gcc STFU.

In this case 'unsigned int i' might be enough since gcc seems
to have a small enough upper bound.

	David


>  		callbacks[i] = virtblk_done;
> -		snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i);
> +		snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%u", i);
>  		names[i] = vblk->vqs[i].name;
>  	}
> 
>  	for (; i < num_vqs; i++) {
>  		callbacks[i] = NULL;
> -		snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%d", i);
> +		snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req_poll.%u", i);
>  		names[i] = vblk->vqs[i].name;
>  	}
> 
> --
> 2.43.0

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ