lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 28 Apr 2020 14:02:28 +0800
From:   kbuild test robot <lkp@...el.com>
To:     Yonghong Song <yhs@...com>, Andrii Nakryiko <andriin@...com>,
        bpf@...r.kernel.org, Martin KaFai Lau <kafai@...com>,
        netdev@...r.kernel.org
Cc:     kbuild-all@...ts.01.org, Alexei Starovoitov <ast@...com>,
        Daniel Borkmann <daniel@...earbox.net>, kernel-team@...com
Subject: Re: [PATCH bpf-next v1 12/19] bpf: add bpf_seq_printf and
 bpf_seq_write helpers

Hi Yonghong,

I love your patch! Perhaps something to improve:

[auto build test WARNING on bpf-next/master]
[cannot apply to bpf/master net/master vhost/linux-next net-next/master linus/master v5.7-rc3 next-20200424]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]

url:    https://github.com/0day-ci/linux/commits/Yonghong-Song/bpf-implement-bpf-iterator-for-kernel-data/20200428-115101
base:   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
config: sh-allmodconfig (attached as .config)
compiler: sh4-linux-gcc (GCC) 9.3.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day GCC_VERSION=9.3.0 make.cross ARCH=sh 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

   In file included from kernel/trace/bpf_trace.c:10:
   kernel/trace/bpf_trace.c: In function 'bpf_seq_printf':
>> kernel/trace/bpf_trace.c:463:35: warning: the frame size of 1672 bytes is larger than 1024 bytes [-Wframe-larger-than=]
     463 | BPF_CALL_5(bpf_seq_printf, struct seq_file *, m, char *, fmt, u32, fmt_size,
         |                                   ^~~~~~~~
   include/linux/filter.h:456:30: note: in definition of macro '__BPF_CAST'
     456 |           (unsigned long)0, (t)0))) a
         |                              ^
>> include/linux/filter.h:449:27: note: in expansion of macro '__BPF_MAP_5'
     449 | #define __BPF_MAP(n, ...) __BPF_MAP_##n(__VA_ARGS__)
         |                           ^~~~~~~~~~
>> include/linux/filter.h:474:35: note: in expansion of macro '__BPF_MAP'
     474 |   return ((btf_##name)____##name)(__BPF_MAP(x,__BPF_CAST,__BPF_N,__VA_ARGS__));\
         |                                   ^~~~~~~~~
>> include/linux/filter.h:484:31: note: in expansion of macro 'BPF_CALL_x'
     484 | #define BPF_CALL_5(name, ...) BPF_CALL_x(5, name, __VA_ARGS__)
         |                               ^~~~~~~~~~
>> kernel/trace/bpf_trace.c:463:1: note: in expansion of macro 'BPF_CALL_5'
     463 | BPF_CALL_5(bpf_seq_printf, struct seq_file *, m, char *, fmt, u32, fmt_size,
         | ^~~~~~~~~~

vim +463 kernel/trace/bpf_trace.c

   462	
 > 463	BPF_CALL_5(bpf_seq_printf, struct seq_file *, m, char *, fmt, u32, fmt_size,
   464		   const void *, data, u32, data_len)
   465	{
   466		char bufs[MAX_SEQ_PRINTF_VARARGS][MAX_SEQ_PRINTF_STR_LEN];
   467		u64 params[MAX_SEQ_PRINTF_VARARGS];
   468		int i, copy_size, num_args;
   469		const u64 *args = data;
   470		int fmt_cnt = 0;
   471	
   472		/*
   473		 * bpf_check()->check_func_arg()->check_stack_boundary()
   474		 * guarantees that fmt points to bpf program stack,
   475		 * fmt_size bytes of it were initialized and fmt_size > 0
   476		 */
   477		if (fmt[--fmt_size] != 0)
   478			return -EINVAL;
   479	
   480		if (data_len & 7)
   481			return -EINVAL;
   482	
   483		for (i = 0; i < fmt_size; i++) {
   484			if (fmt[i] == '%' && (!data || !data_len))
   485				return -EINVAL;
   486		}
   487	
   488		num_args = data_len / 8;
   489	
   490		/* check format string for allowed specifiers */
   491		for (i = 0; i < fmt_size; i++) {
   492			if ((!isprint(fmt[i]) && !isspace(fmt[i])) || !isascii(fmt[i]))
   493				return -EINVAL;
   494	
   495			if (fmt[i] != '%')
   496				continue;
   497	
   498			if (fmt_cnt >= MAX_SEQ_PRINTF_VARARGS)
   499				return -E2BIG;
   500	
   501			if (fmt_cnt >= num_args)
   502				return -EINVAL;
   503	
   504			/* fmt[i] != 0 && fmt[last] == 0, so we can access fmt[i + 1] */
   505			i++;
   506	
   507			/* skip optional "[0+-][num]" width formating field */
   508			while (fmt[i] == '0' || fmt[i] == '+'  || fmt[i] == '-')
   509				i++;
   510			if (fmt[i] >= '1' && fmt[i] <= '9') {
   511				i++;
   512				while (fmt[i] >= '0' && fmt[i] <= '9')
   513					i++;
   514			}
   515	
   516			if (fmt[i] == 's') {
   517				/* disallow any further format extensions */
   518				if (fmt[i + 1] != 0 &&
   519				    !isspace(fmt[i + 1]) &&
   520				    !ispunct(fmt[i + 1]))
   521					return -EINVAL;
   522	
   523				/* try our best to copy */
   524				bufs[fmt_cnt][0] = 0;
   525				strncpy_from_unsafe(bufs[fmt_cnt],
   526						    (void *) (long) args[fmt_cnt],
   527						    MAX_SEQ_PRINTF_STR_LEN);
   528				params[fmt_cnt] = (u64)(long)bufs[fmt_cnt];
   529	
   530				fmt_cnt++;
   531				continue;
   532			}
   533	
   534			if (fmt[i] == 'p') {
   535				if (fmt[i + 1] == 0 ||
   536				    fmt[i + 1] == 'K' ||
   537				    fmt[i + 1] == 'x') {
   538					/* just kernel pointers */
   539					params[fmt_cnt] = args[fmt_cnt];
   540					fmt_cnt++;
   541					continue;
   542				}
   543	
   544				/* only support "%pI4", "%pi4", "%pI6" and "pi6". */
   545				if (fmt[i + 1] != 'i' && fmt[i + 1] != 'I')
   546					return -EINVAL;
   547				if (fmt[i + 2] != '4' && fmt[i + 2] != '6')
   548					return -EINVAL;
   549	
   550				copy_size = (fmt[i + 2] == '4') ? 4 : 16;
   551	
   552				/* try our best to copy */
   553				probe_kernel_read(bufs[fmt_cnt],
   554						  (void *) (long) args[fmt_cnt], copy_size);
   555				params[fmt_cnt] = (u64)(long)bufs[fmt_cnt];
   556	
   557				i += 2;
   558				fmt_cnt++;
   559				continue;
   560			}
   561	
   562			if (fmt[i] == 'l') {
   563				i++;
   564				if (fmt[i] == 'l')
   565					i++;
   566			}
   567	
   568			if (fmt[i] != 'i' && fmt[i] != 'd' &&
   569			    fmt[i] != 'u' && fmt[i] != 'x')
   570				return -EINVAL;
   571	
   572			params[fmt_cnt] = args[fmt_cnt];
   573			fmt_cnt++;
   574		}
   575	
   576		/* Maximumly we can have MAX_SEQ_PRINTF_VARARGS parameter, just give
   577		 * all of them to seq_printf().
   578		 */
   579		seq_printf(m, fmt, params[0], params[1], params[2], params[3],
   580			   params[4], params[5], params[6], params[7], params[8],
   581			   params[9], params[10], params[11]);
   582	
   583		return seq_has_overflowed(m) ? -EOVERFLOW : 0;
   584	}
   585	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (54692 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ