| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202506201706.IUsC9LOI-lkp@intel.com>
Date: Fri, 20 Jun 2025 18:02:52 +0800
From: kernel test robot <lkp@...el.com>
To: Dominique Martinet via B4 Relay <devnull+asmadeus.codewreck.org@...nel.org>,
Eric Van Hensbergen <ericvh@...nel.org>,
Latchesar Ionkov <lucho@...kov.net>,
Christian Schoenebeck <linux_oss@...debyte.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Michael Grzeschik <m.grzeschik@...gutronix.de>
Cc: llvm@...ts.linux.dev, oe-kbuild-all@...ts.linux.dev,
stable@...r.kernel.org, Yuhao Jiang <danisjiang@...il.com>,
v9fs@...ts.linux.dev, linux-kernel@...r.kernel.org,
Dominique Martinet <asmadeus@...ewreck.org>
Subject: Re: [PATCH v2] net/9p: Fix buffer overflow in USB transport layer
Hi Dominique,
kernel test robot noticed the following build errors:
[auto build test ERROR on 74b4cc9b8780bfe8a3992c9ac0033bf22ac01f19]
url: https://github.com/intel-lab-lkp/linux/commits/Dominique-Martinet-via-B4-Relay/net-9p-Fix-buffer-overflow-in-USB-transport-layer/20250620-052411
base: 74b4cc9b8780bfe8a3992c9ac0033bf22ac01f19
patch link: https://lore.kernel.org/r/20250620-9p-usb_overflow-v2-1-026c6109c7a1%40codewreck.org
patch subject: [PATCH v2] net/9p: Fix buffer overflow in USB transport layer
config: i386-randconfig-004-20250620 (https://download.01.org/0day-ci/archive/20250620/202506201706.IUsC9LOI-lkp@intel.com/config)
compiler: clang version 20.1.2 (https://github.com/llvm/llvm-project 58df0ef89dd64126512e4ee27b4ac3fd8ddf6247)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250620/202506201706.IUsC9LOI-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202506201706.IUsC9LOI-lkp@intel.com/
All errors (new ones prefixed by >>):
>> net/9p/trans_usbg.c:257:23: error: use of undeclared identifier 'req_sizel'; did you mean 'req_size'?
257 | p9_rx_req->rc.size = req_sizel;
| ^~~~~~~~~
| req_size
net/9p/trans_usbg.c:234:15: note: 'req_size' declared here
234 | unsigned int req_size = req->actual;
| ^
1 error generated.
vim +257 net/9p/trans_usbg.c
228
229 static void usb9pfs_rx_complete(struct usb_ep *ep, struct usb_request *req)
230 {
231 struct f_usb9pfs *usb9pfs = ep->driver_data;
232 struct usb_composite_dev *cdev = usb9pfs->function.config->cdev;
233 struct p9_req_t *p9_rx_req;
234 unsigned int req_size = req->actual;
235 int status = REQ_STATUS_RCVD;
236
237 if (req->status) {
238 dev_err(&cdev->gadget->dev, "%s usb9pfs complete --> %d, %d/%d\n",
239 ep->name, req->status, req->actual, req->length);
240 return;
241 }
242
243 p9_rx_req = usb9pfs_rx_header(usb9pfs, req->buf);
244 if (!p9_rx_req)
245 return;
246
247 if (req_size > p9_rx_req->rc.capacity) {
248 dev_err(&cdev->gadget->dev,
249 "%s received data size %u exceeds buffer capacity %zu\n",
250 ep->name, req_size, p9_rx_req->rc.capacity);
251 req_size = 0;
252 status = REQ_STATUS_ERROR;
253 }
254
255 memcpy(p9_rx_req->rc.sdata, req->buf, req_size);
256
> 257 p9_rx_req->rc.size = req_sizel;
258
259 p9_client_cb(usb9pfs->client, p9_rx_req, status);
260 p9_req_put(usb9pfs->client, p9_rx_req);
261
262 complete(&usb9pfs->received);
263 }
264
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists