If the length field of the iterator (|pos.p| or |err|) is past the end
of the chunk, we shouldn't access it.
This bug has been detected by KMSAN. For the following pair of system
calls:
socket(PF_INET6, SOCK_STREAM, 0x84 /* IPPROTO_??? */) = 3
sendto(3, "A", 1, MSG_OOB, {sa_family=AF_INET6, sin6_port=htons(0),
inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 1
the tool has reported a use of uninitialized memory:
==================================================================
BUG: KMSAN: use of uninitialized memory in sctp_rcv+0x17b8/0x43b0
CPU: 1 PID: 2940 Comm: probe Not tainted 4.11.0-rc5+ #2926
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:16
dump_stack+0x172/0x1c0 lib/dump_stack.c:52
kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:927
__msan_warning_32+0x61/0xb0 mm/kmsan/kmsan_instr.c:469
__sctp_rcv_init_lookup net/sctp/input.c:1074
__sctp_rcv_lookup_harder net/sctp/input.c:1233
__sctp_rcv_lookup net/sctp/input.c:1255
sctp_rcv+0x17b8/0x43b0 net/sctp/input.c:170
sctp6_rcv+0x32/0x70 net/sctp/ipv6.c:984
ip6_input_finish+0x82f/0x1ee0 net/ipv6/ip6_input.c:279
NF_HOOK ./include/linux/netfilter.h:257
ip6_input+0x239/0x290 net/ipv6/ip6_input.c:322
dst_input ./include/net/dst.h:492
ip6_rcv_finish net/ipv6/ip6_input.c:69
NF_HOOK ./include/linux/netfilter.h:257
ipv6_rcv+0x1dbd/0x22e0 net/ipv6/ip6_input.c:203
__netif_receive_skb_core+0x2f6f/0x3a20 net/core/dev.c:4208
__netif_receive_skb net/core/dev.c:4246
process_backlog+0x667/0xba0 net/core/dev.c:4866
napi_poll net/core/dev.c:5268
net_rx_action+0xc95/0x1590 net/core/dev.c:5333
__do_softirq+0x485/0x942 kernel/softirq.c:284
do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:902
</IRQ>
do_softirq kernel/softirq.c:328
__local_bh_enable_ip+0x25b/0x290 kernel/softirq.c:181
local_bh_enable+0x37/0x40 ./include/linux/bottom_half.h:31
rcu_read_unlock_bh ./include/linux/rcupdate.h:931
ip6_finish_output2+0x19b2/0x1cf0 net/ipv6/ip6_output.c:124
ip6_finish_output+0x764/0x970 net/ipv6/ip6_output.c:149
NF_HOOK_COND ./include/linux/netfilter.h:246
ip6_output+0x456/0x520 net/ipv6/ip6_output.c:163
dst_output ./include/net/dst.h:486
NF_HOOK ./include/linux/netfilter.h:257
ip6_xmit+0x1841/0x1c00 net/ipv6/ip6_output.c:261
sctp_v6_xmit+0x3b7/0x470 net/sctp/ipv6.c:225
sctp_packet_transmit+0x38cb/0x3a20 net/sctp/output.c:632
sctp_outq_flush+0xeb3/0x46e0 net/sctp/outqueue.c:885
sctp_outq_uncork+0xb2/0xd0 net/sctp/outqueue.c:750
sctp_side_effects net/sctp/sm_sideeffect.c:1773
sctp_do_sm+0x6962/0x6ec0 net/sctp/sm_sideeffect.c:1147
sctp_primitive_ASSOCIATE+0x12c/0x160 net/sctp/primitive.c:88
sctp_sendmsg+0x43e5/0x4f90 net/sctp/socket.c:1954
inet_sendmsg+0x498/0x670 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:633
sock_sendmsg net/socket.c:643
SYSC_sendto+0x608/0x710 net/socket.c:1696
SyS_sendto+0x8a/0xb0 net/socket.c:1664
do_syscall_64+0xe6/0x130 arch/x86/entry/common.c:285
entry_SYSCALL64_slow_path+0x25/0x25 arch/x86/entry/entry_64.S:246
RIP: 0033:0x401133
RSP: 002b:00007fff6d99cd38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00000000004002b0 RCX: 0000000000401133
RDX: 0000000000000001 RSI: 0000000000494088 RDI: 0000000000000003
RBP: 00007fff6d99cd90 R08: 00007fff6d99cd50 R09: 000000000000001c
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000004063d0 R14: 0000000000406460 R15: 0000000000000000
origin:
save_stack_trace+0x37/0x40 arch/x86/kernel/stacktrace.c:59
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:302
kmsan_internal_poison_shadow+0xb1/0x1a0 mm/kmsan/kmsan.c:198
kmsan_poison_shadow+0x6d/0xc0 mm/kmsan/kmsan.c:211
slab_alloc_node mm/slub.c:2743
__kmalloc_node_track_caller+0x200/0x360 mm/slub.c:4351
__kmalloc_reserve net/core/skbuff.c:138
__alloc_skb+0x26b/0x840 net/core/skbuff.c:231
alloc_skb ./include/linux/skbuff.h:933
sctp_packet_transmit+0x31e/0x3a20 net/sctp/output.c:570
sctp_outq_flush+0xeb3/0x46e0 net/sctp/outqueue.c:885
sctp_outq_uncork+0xb2/0xd0 net/sctp/outqueue.c:750
sctp_side_effects net/sctp/sm_sideeffect.c:1773
sctp_do_sm+0x6962/0x6ec0 net/sctp/sm_sideeffect.c:1147
sctp_primitive_ASSOCIATE+0x12c/0x160 net/sctp/primitive.c:88
sctp_sendmsg+0x43e5/0x4f90 net/sctp/socket.c:1954
inet_sendmsg+0x498/0x670 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:633
sock_sendmsg net/socket.c:643
SYSC_sendto+0x608/0x710 net/socket.c:1696
SyS_sendto+0x8a/0xb0 net/socket.c:1664
do_syscall_64+0xe6/0x130 arch/x86/entry/common.c:285
return_from_SYSCALL_64+0x0/0x6a arch/x86/entry/entry_64.S:246
==================================================================
Signed-off-by: Alexander Potapenko <[email protected]>
---
v2: per comment from David Miller, make sure the whole iterator->length
fits into the remaining buffer.
---
include/net/sctp/sctp.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index a9519a06a23b..9f6164a15715 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -469,6 +469,8 @@ _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
#define _sctp_walk_params(pos, chunk, end, member)\
for (pos.v = chunk->member;\
+ (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
+ (void *)chunk + end) &&\
pos.v <= (void *)chunk + end - ntohs(pos.p->length) &&\
ntohs(pos.p->length) >= sizeof(struct sctp_paramhdr);\
pos.v += SCTP_PAD4(ntohs(pos.p->length)))
@@ -479,6 +481,8 @@ _sctp_walk_errors((err), (chunk_hdr), ntohs((chunk_hdr)->length))
#define _sctp_walk_errors(err, chunk_hdr, end)\
for (err = (sctp_errhdr_t *)((void *)chunk_hdr + \
sizeof(struct sctp_chunkhdr));\
+ ((void *)err + offsetof(sctp_errhdr_t, length) + sizeof(err->length) <\
+ (void *)chunk_hdr + end) &&\
(void *)err <= (void *)chunk_hdr + end - ntohs(err->length) &&\
ntohs(err->length) >= sizeof(sctp_errhdr_t); \
err = (sctp_errhdr_t *)((void *)err + SCTP_PAD4(ntohs(err->length))))
--
2.13.2.932.g7449e964c-goog
From: Alexander Potapenko <[email protected]>
Date: Fri, 14 Jul 2017 12:03:29 +0200
> v2: per comment from David Miller, make sure the whole iterator->length
> fits into the remaining buffer.
Please compile and functionally test your changes:
In file included from ./include/linux/compiler.h:58:0,
from ./include/uapi/linux/stddef.h:1,
from ./include/linux/stddef.h:4,
from ./include/uapi/linux/posix_types.h:4,
from ./include/uapi/linux/types.h:13,
from ./include/linux/types.h:5,
from net/sctp/sm_statefuns.c:48:
net/sctp/sm_statefuns.c: In function ?sctp_sf_do_reconf?:
./include/net/sctp/sctp.h:472:24: error: unknown type name ?sctp_paramhdr_t?
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
On Fri, Jul 14, 2017 at 5:58 PM, David Miller <[email protected]> wrote:
> From: Alexander Potapenko <[email protected]>
> Date: Fri, 14 Jul 2017 12:03:29 +0200
>
>> v2: per comment from David Miller, make sure the whole iterator->length
>> fits into the remaining buffer.
>
> Please compile and functionally test your changes:
>
> In file included from ./include/linux/compiler.h:58:0,
> from ./include/uapi/linux/stddef.h:1,
> from ./include/linux/stddef.h:4,
> from ./include/uapi/linux/posix_types.h:4,
> from ./include/uapi/linux/types.h:13,
> from ./include/linux/types.h:5,
> from net/sctp/sm_statefuns.c:48:
> net/sctp/sm_statefuns.c: In function ‘sctp_sf_do_reconf’:
> ./include/net/sctp/sctp.h:472:24: error: unknown type name ‘sctp_paramhdr_t’
> (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
> ^
Oops. Fixed.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
From: Alexander Potapenko <[email protected]>
Date: Fri, 14 Jul 2017 18:33:01 +0200
> On Fri, Jul 14, 2017 at 5:58 PM, David Miller <[email protected]> wrote:
>> From: Alexander Potapenko <[email protected]>
>> Date: Fri, 14 Jul 2017 12:03:29 +0200
>>
>>> v2: per comment from David Miller, make sure the whole iterator->length
>>> fits into the remaining buffer.
>>
>> Please compile and functionally test your changes:
>>
>> In file included from ./include/linux/compiler.h:58:0,
>> from ./include/uapi/linux/stddef.h:1,
>> from ./include/linux/stddef.h:4,
>> from ./include/uapi/linux/posix_types.h:4,
>> from ./include/uapi/linux/types.h:13,
>> from ./include/linux/types.h:5,
>> from net/sctp/sm_statefuns.c:48:
>> net/sctp/sm_statefuns.c: In function ?sctp_sf_do_reconf?:
>> ./include/net/sctp/sctp.h:472:24: error: unknown type name ?sctp_paramhdr_t?
>> (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
>> ^
> Oops. Fixed.
Did you functionally test the new version or just do a quick compile
check and resubmit?
I really want you to test this if the logic has been changed.
On Fri, Jul 14, 2017 at 7:23 PM, David Miller <[email protected]> wrote:
> From: Alexander Potapenko <[email protected]>
> Date: Fri, 14 Jul 2017 18:33:01 +0200
>
>> On Fri, Jul 14, 2017 at 5:58 PM, David Miller <[email protected]> wrote:
>>> From: Alexander Potapenko <[email protected]>
>>> Date: Fri, 14 Jul 2017 12:03:29 +0200
>>>
>>>> v2: per comment from David Miller, make sure the whole iterator->length
>>>> fits into the remaining buffer.
>>>
>>> Please compile and functionally test your changes:
>>>
>>> In file included from ./include/linux/compiler.h:58:0,
>>> from ./include/uapi/linux/stddef.h:1,
>>> from ./include/linux/stddef.h:4,
>>> from ./include/uapi/linux/posix_types.h:4,
>>> from ./include/uapi/linux/types.h:13,
>>> from ./include/linux/types.h:5,
>>> from net/sctp/sm_statefuns.c:48:
>>> net/sctp/sm_statefuns.c: In function ‘sctp_sf_do_reconf’:
>>> ./include/net/sctp/sctp.h:472:24: error: unknown type name ‘sctp_paramhdr_t’
>>> (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
>>> ^
>> Oops. Fixed.
>
> Did you functionally test the new version or just do a quick compile
> check and resubmit?
I've checked that the kernel still works, but unfortunately I couldn't
check whether or not this affected the uninit memory, as KMSAN
currently works on a fixed kernel revision. The compilation error was
actually caused by me failing to test the kernel when porting the fix
from that revision to upstream.
> I really want you to test this if the logic has been changed.
Do you mean any specific tests in addition to, say, running the
reproducer on which the uninit use was reported?
Thanks
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
From: Alexander Potapenko <[email protected]>
Date: Fri, 14 Jul 2017 19:33:54 +0200
> On Fri, Jul 14, 2017 at 7:23 PM, David Miller <[email protected]> wrote:
>> From: Alexander Potapenko <[email protected]>
>> Date: Fri, 14 Jul 2017 18:33:01 +0200
>>
>>> On Fri, Jul 14, 2017 at 5:58 PM, David Miller <[email protected]> wrote:
>>>> From: Alexander Potapenko <[email protected]>
>>>> Date: Fri, 14 Jul 2017 12:03:29 +0200
>>>>
>>>>> v2: per comment from David Miller, make sure the whole iterator->length
>>>>> fits into the remaining buffer.
>>>>
>>>> Please compile and functionally test your changes:
>>>>
>>>> In file included from ./include/linux/compiler.h:58:0,
>>>> from ./include/uapi/linux/stddef.h:1,
>>>> from ./include/linux/stddef.h:4,
>>>> from ./include/uapi/linux/posix_types.h:4,
>>>> from ./include/uapi/linux/types.h:13,
>>>> from ./include/linux/types.h:5,
>>>> from net/sctp/sm_statefuns.c:48:
>>>> net/sctp/sm_statefuns.c: In function ?sctp_sf_do_reconf?:
>>>> ./include/net/sctp/sctp.h:472:24: error: unknown type name ?sctp_paramhdr_t?
>>>> (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
>>>> ^
>>> Oops. Fixed.
>>
>> Did you functionally test the new version or just do a quick compile
>> check and resubmit?
> I've checked that the kernel still works, but unfortunately I couldn't
> check whether or not this affected the uninit memory, as KMSAN
> currently works on a fixed kernel revision. The compilation error was
> actually caused by me failing to test the kernel when porting the fix
> from that revision to upstream.
>
>> I really want you to test this if the logic has been changed.
> Do you mean any specific tests in addition to, say, running the
> reproducer on which the uninit use was reported?
I mean the reproducer.
Hi Alexander,
[auto build test ERROR on net-next/master]
[also build test ERROR on next-20170714]
[cannot apply to v4.12]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Alexander-Potapenko/sctp-don-t-dereference-ptr-before-leaving-_sctp_walk_-params-errors/20170715-013318
config: x86_64-rhel (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All error/warnings (new ones prefixed by >>):
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from net/sctp/sm_statefuns.c:48:
net/sctp/sm_statefuns.c: In function 'sctp_sf_do_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
>> net/sctp/sm_statefuns.c:3871:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from arch/x86/include/asm/atomic.h:4,
from include/linux/atomic.h:4,
from include/linux/crypto.h:20,
from include/crypto/hash.h:16,
from net/sctp/sm_make_chunk.c:48:
net/sctp/sm_make_chunk.c: In function 'sctp_verify_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
>> net/sctp/sm_make_chunk.c:2262:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:2285:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_process_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:2338:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_verify_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:3148:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, addip, addip_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_process_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:3248:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, addip, addip_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_verify_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:3800:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from net/sctp/input.c:44:
net/sctp/input.c: In function '__sctp_rcv_init_lookup':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
>> net/sctp/input.c:1076:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(params, init, init_hdr.params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from include/net/sctp/sctp.h:58,
from net/sctp/stream.c:35:
net/sctp/stream.c: In function 'sctp_chunk_lookup_strreset_param':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
>> net/sctp/stream.c:319:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from net//sctp/sm_statefuns.c:48:
net//sctp/sm_statefuns.c: In function 'sctp_sf_do_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_statefuns.c:3871:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
--
In file included from include/linux/compiler.h:58:0,
from arch/x86/include/asm/atomic.h:4,
from include/linux/atomic.h:4,
from include/linux/crypto.h:20,
from include/crypto/hash.h:16,
from net//sctp/sm_make_chunk.c:48:
net//sctp/sm_make_chunk.c: In function 'sctp_verify_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:2262:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:2285:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c: In function 'sctp_process_init':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:2338:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c: In function 'sctp_verify_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:3148:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, addip, addip_hdr.params) {
^~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c: In function 'sctp_process_asconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:3248:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, addip, addip_hdr.params) {
^~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c: In function 'sctp_verify_reconf':
>> include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
>> include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
>> include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net//sctp/sm_make_chunk.c:3800:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
..
vim +/sctp_paramhdr_t +472 include/net/sctp/sctp.h
461
462 /* Walk through a list of TLV parameters. Don't trust the
463 * individual parameter lengths and instead depend on
464 * the chunk length to indicate when to stop. Make sure
465 * there is room for a param header too.
466 */
467 #define sctp_walk_params(pos, chunk, member)\
> 468 _sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
469
470 #define _sctp_walk_params(pos, chunk, end, member)\
471 for (pos.v = chunk->member;\
> 472 (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
473 (void *)chunk + end) &&\
474 pos.v <= (void *)chunk + end - ntohs(pos.p->length) &&\
475 ntohs(pos.p->length) >= sizeof(struct sctp_paramhdr);\
476 pos.v += SCTP_PAD4(ntohs(pos.p->length)))
477
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
Hi Alexander,
[auto build test WARNING on net-next/master]
[also build test WARNING on next-20170714]
[cannot apply to v4.12]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Alexander-Potapenko/sctp-don-t-dereference-ptr-before-leaving-_sctp_walk_-params-errors/20170715-013318
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
include/linux/compiler.h:260:8: sparse: attribute 'no_sanitize_address': unknown attribute
net/sctp/sm_statefuns.c:3871:9: sparse: Expected , in __builtin_offset
net/sctp/sm_statefuns.c:3871:9: sparse: got sctp_paramhdr_t
>> builtin:0:0: sparse: No right hand side of '+'-expression
net/sctp/sm_statefuns.c:3871:9: sparse: Expected ) in 'for'
net/sctp/sm_statefuns.c:3871:9: sparse: got ;
net/sctp/sm_statefuns.c:3871:9: sparse: Expected ; at end of statement
net/sctp/sm_statefuns.c:3871:9: sparse: got )
>> net/sctp/sm_statefuns.c:3903:9: sparse: Trying to use reserved word 'return' as identifier
net/sctp/sm_statefuns.c:3903:16: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3903:16: sparse: got SCTP_DISPOSITION_CONSUME
net/sctp/sm_statefuns.c:3904:1: sparse: Expected ; at the end of type declaration
net/sctp/sm_statefuns.c:3904:1: sparse: got }
net/sctp/sm_statefuns.c:3933:13: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:3933:13: sparse: got !
>> net/sctp/sm_statefuns.c:3933:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_statefuns.c:3936:17: sparse: Trying to use reserved word 'return' as identifier
net/sctp/sm_statefuns.c:3936:24: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3936:24: sparse: got sctp_sf_pdiscard
net/sctp/sm_statefuns.c:3937:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_statefuns.c:3937:9: sparse: got }
net/sctp/sm_statefuns.c:3943:13: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:3943:13: sparse: got !
net/sctp/sm_statefuns.c:3943:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_statefuns.c:3948:14: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3948:14: sparse: got ->
net/sctp/sm_statefuns.c:3950:13: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3950:13: sparse: got -=
net/sctp/sm_statefuns.c:3951:23: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:3951:23: sparse: got ->
>> net/sctp/sm_statefuns.c:3954:9: sparse: Trying to use reserved word 'do' as identifier
net/sctp/sm_statefuns.c:3954:9: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3954:9: sparse: got {
net/sctp/sm_statefuns.c:3954:9: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:3954:9: sparse: got (
net/sctp/sm_statefuns.c:3954:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_statefuns.c:3954:9: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:3954:9: sparse: got (
net/sctp/sm_statefuns.c:3954:9: sparse: Trying to use reserved word 'if' as identifier
>> net/sctp/sm_statefuns.c:3954:9: sparse: Trying to use reserved word 'else' as identifier
net/sctp/sm_statefuns.c:3954:9: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3954:9: sparse: got if
>> net/sctp/sm_statefuns.c:3954:9: sparse: Trying to use reserved word 'else' as identifier
net/sctp/sm_statefuns.c:3954:9: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3954:9: sparse: got branch
net/sctp/sm_statefuns.c:3954:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_statefuns.c:3954:9: sparse: got }
net/sctp/sm_statefuns.c:3954:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_statefuns.c:3954:9: sparse: got }
net/sctp/sm_statefuns.c:3959:30: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:3959:30: sparse: got (
net/sctp/sm_statefuns.c:3959:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_statefuns.c:3963:9: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:3963:9: sparse: got (
>> net/sctp/sm_statefuns.c:3963:9: sparse: Trying to use reserved word 'for' as identifier
net/sctp/sm_statefuns.c:3963:9: sparse: Expected ) in nested declarator
net/sctp/sm_statefuns.c:3963:9: sparse: got *
>> net/sctp/sm_statefuns.c:3963:9: sparse: Trying to use reserved word 'void' as identifier
net/sctp/sm_statefuns.c:3963:9: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3963:9: sparse: got ++
net/sctp/sm_statefuns.c:3966:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_statefuns.c:3966:9: sparse: got }
net/sctp/sm_statefuns.c:3969:17: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:3969:17: sparse: got >
net/sctp/sm_statefuns.c:3969:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_statefuns.c:3974:17: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:3974:17: sparse: got ->
net/sctp/sm_statefuns.c:3974:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_statefuns.c:3977:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_statefuns.c:3977:9: sparse: got }
net/sctp/sm_statefuns.c:3984:9: sparse: Trying to use reserved word 'return' as identifier
net/sctp/sm_statefuns.c:3984:16: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3984:16: sparse: got SCTP_DISPOSITION_CONSUME
net/sctp/sm_statefuns.c:3986:16: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:3986:16: sparse: got :
net/sctp/sm_statefuns.c:3988:1: sparse: Expected ; at the end of type declaration
net/sctp/sm_statefuns.c:3988:1: sparse: got }
net/sctp/sm_statefuns.c:4004:13: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:4004:13: sparse: got !
net/sctp/sm_statefuns.c:4004:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_statefuns.c:4007:17: sparse: Trying to use reserved word 'return' as identifier
net/sctp/sm_statefuns.c:4007:24: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:4007:24: sparse: got sctp_sf_pdiscard
net/sctp/sm_statefuns.c:4008:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_statefuns.c:4008:9: sparse: got }
net/sctp/sm_statefuns.c:4014:13: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:4014:13: sparse: got !
net/sctp/sm_statefuns.c:4014:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_statefuns.c:4019:14: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:4019:14: sparse: got ->
net/sctp/sm_statefuns.c:4021:13: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:4021:13: sparse: got -=
net/sctp/sm_statefuns.c:4022:23: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:4022:23: sparse: got ->
net/sctp/sm_statefuns.c:4025:9: sparse: Trying to use reserved word 'do' as identifier
net/sctp/sm_statefuns.c:4025:9: sparse: Expected ; at end of declaration
net/sctp/sm_statefuns.c:4025:9: sparse: got {
net/sctp/sm_statefuns.c:4025:9: sparse: Expected ) in function declarator
net/sctp/sm_statefuns.c:4025:9: sparse: got (
net/sctp/sm_statefuns.c:4025:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_statefuns.c:4025:9: sparse: Expected ) in function declarator
>> net/sctp/sm_statefuns.c:4025:9: sparse: too many errors
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from net/sctp/sm_statefuns.c:48:
net/sctp/sm_statefuns.c: In function 'sctp_sf_do_reconf':
include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_statefuns.c:3871:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
--
include/linux/compiler.h:260:8: sparse: attribute 'no_sanitize_address': unknown attribute
net/sctp/sm_make_chunk.c:2262:9: sparse: Expected , in __builtin_offset
net/sctp/sm_make_chunk.c:2262:9: sparse: got sctp_paramhdr_t
>> builtin:0:0: sparse: No right hand side of '+'-expression
net/sctp/sm_make_chunk.c:2262:9: sparse: Expected ) in 'for'
net/sctp/sm_make_chunk.c:2262:9: sparse: got ;
net/sctp/sm_make_chunk.c:2262:9: sparse: Expected ; at end of statement
net/sctp/sm_make_chunk.c:2262:9: sparse: got )
net/sctp/sm_make_chunk.c:2274:18: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2274:18: sparse: got .
>> net/sctp/sm_make_chunk.c:2274:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2280:13: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2280:13: sparse: got (
net/sctp/sm_make_chunk.c:2280:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2285:9: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2285:9: sparse: got (
>> net/sctp/sm_make_chunk.c:2285:9: sparse: Trying to use reserved word 'for' as identifier
net/sctp/sm_make_chunk.c:2285:9: sparse: Expected ) in nested declarator
net/sctp/sm_make_chunk.c:2285:9: sparse: got .
net/sctp/sm_make_chunk.c:2285:9: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2285:9: sparse: got .
>> net/sctp/sm_make_chunk.c:2288:17: sparse: Trying to use reserved word 'switch' as identifier
>> net/sctp/sm_make_chunk.c:2289:17: sparse: not in switch scope
net/sctp/sm_make_chunk.c:2290:17: sparse: not in switch scope
net/sctp/sm_make_chunk.c:2292:17: sparse: not in switch scope
net/sctp/sm_make_chunk.c:2294:17: sparse: not in switch scope
net/sctp/sm_make_chunk.c:2295:17: sparse: not in switch scope
>> net/sctp/sm_make_chunk.c:2296:25: sparse: break/continue not in iterator scope
net/sctp/sm_make_chunk.c:2299:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_make_chunk.c:2299:9: sparse: got }
net/sctp/sm_make_chunk.c:2302:1: sparse: Expected ; at the end of type declaration
net/sctp/sm_make_chunk.c:2302:1: sparse: got }
net/sctp/sm_make_chunk.c:2331:13: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2331:13: sparse: got !
net/sctp/sm_make_chunk.c:2331:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2334:32: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2334:32: sparse: got (
net/sctp/sm_make_chunk.c:2334:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2338:9: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2338:9: sparse: got (
net/sctp/sm_make_chunk.c:2338:9: sparse: Trying to use reserved word 'for' as identifier
net/sctp/sm_make_chunk.c:2338:9: sparse: Expected ) in nested declarator
net/sctp/sm_make_chunk.c:2338:9: sparse: got .
net/sctp/sm_make_chunk.c:2338:9: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2338:9: sparse: got .
net/sctp/sm_make_chunk.c:2342:27: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2342:27: sparse: got ->
net/sctp/sm_make_chunk.c:2344:48: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2344:48: sparse: got (
net/sctp/sm_make_chunk.c:2344:25: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2346:17: sparse: Expected ; at the end of type declaration
net/sctp/sm_make_chunk.c:2346:17: sparse: got }
net/sctp/sm_make_chunk.c:2350:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_make_chunk.c:2350:9: sparse: got }
net/sctp/sm_make_chunk.c:2359:17: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2359:17: sparse: got ->
net/sctp/sm_make_chunk.c:2359:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2369:13: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2369:13: sparse: got !
net/sctp/sm_make_chunk.c:2369:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2374:21: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2374:21: sparse: got ->
>> net/sctp/sm_make_chunk.c:2375:17: sparse: Trying to use reserved word 'goto' as identifier
net/sctp/sm_make_chunk.c:2375:22: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2375:22: sparse: got clean_up
net/sctp/sm_make_chunk.c:2376:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_make_chunk.c:2376:9: sparse: got }
net/sctp/sm_make_chunk.c:2379:9: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2379:9: sparse: got !=
net/sctp/sm_make_chunk.c:2379:9: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2379:9: sparse: got )
net/sctp/sm_make_chunk.c:2380:29: sparse: Expected ) in nested declarator
net/sctp/sm_make_chunk.c:2380:29: sparse: got sctp_transport
>> net/sctp/sm_make_chunk.c:2380:29: sparse: Trying to use reserved word 'struct' as identifier
net/sctp/sm_make_chunk.c:2380:29: sparse: Expected ; at the end of type declaration
net/sctp/sm_make_chunk.c:2380:29: sparse: got }
net/sctp/sm_make_chunk.c:2381:30: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2381:30: sparse: got ->
net/sctp/sm_make_chunk.c:2381:17: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2383:17: sparse: Expected ; at the end of type declaration
net/sctp/sm_make_chunk.c:2383:17: sparse: got }
net/sctp/sm_make_chunk.c:2391:13: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2391:13: sparse: got ->
net/sctp/sm_make_chunk.c:2393:13: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2393:13: sparse: got ->
net/sctp/sm_make_chunk.c:2395:13: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2395:13: sparse: got ->
net/sctp/sm_make_chunk.c:2397:13: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2397:13: sparse: got ->
net/sctp/sm_make_chunk.c:2400:13: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2400:13: sparse: got ->
net/sctp/sm_make_chunk.c:2405:17: sparse: Expected ) in function declarator
net/sctp/sm_make_chunk.c:2405:17: sparse: got ->
net/sctp/sm_make_chunk.c:2405:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2409:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_make_chunk.c:2409:9: sparse: got }
net/sctp/sm_make_chunk.c:2415:9: sparse: Expected ; at the end of type declaration
net/sctp/sm_make_chunk.c:2415:9: sparse: got }
net/sctp/sm_make_chunk.c:2421:13: sparse: Expected ; at end of declaration
net/sctp/sm_make_chunk.c:2421:13: sparse: got ->
net/sctp/sm_make_chunk.c:2425:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/sm_make_chunk.c:2435:9: sparse: too many errors
In file included from include/linux/compiler.h:58:0,
from arch/x86/include/asm/atomic.h:4,
from include/linux/atomic.h:4,
from include/linux/crypto.h:20,
from include/crypto/hash.h:16,
from net/sctp/sm_make_chunk.c:48:
net/sctp/sm_make_chunk.c: In function 'sctp_verify_init':
include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:2262:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:2285:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_process_init':
include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:2338:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, peer_init, init_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_verify_asconf':
include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c:3148:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, addip, addip_hdr.params) {
^~~~~~~~~~~~~~~~
net/sctp/sm_make_chunk.c: In function 'sctp_process_asconf':
include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
--
include/linux/compiler.h:260:8: sparse: attribute 'no_sanitize_address': unknown attribute
net/sctp/input.c:1076:9: sparse: Expected , in __builtin_offset
net/sctp/input.c:1076:9: sparse: got sctp_paramhdr_t
>> builtin:0:0: sparse: No right hand side of '+'-expression
net/sctp/input.c:1076:9: sparse: Expected ) in 'for'
net/sctp/input.c:1076:9: sparse: got ;
net/sctp/input.c:1076:9: sparse: Expected ; at end of statement
net/sctp/input.c:1076:9: sparse: got )
>> net/sctp/input.c:1081:25: sparse: break/continue not in iterator scope
net/sctp/input.c:1090:16: sparse: Expected ) in function declarator
net/sctp/input.c:1090:16: sparse: got (
>> net/sctp/input.c:1090:9: sparse: Trying to use reserved word 'return' as identifier
net/sctp/input.c:1091:1: sparse: Expected ; at the end of type declaration
net/sctp/input.c:1091:1: sparse: got }
net/sctp/input.c:1123:13: sparse: Expected ) in function declarator
net/sctp/input.c:1123:13: sparse: got (
>> net/sctp/input.c:1123:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1126:11: sparse: Expected ; at end of declaration
net/sctp/input.c:1126:11: sparse: got ->
net/sctp/input.c:1128:9: sparse: Trying to use reserved word 'return' as identifier
net/sctp/input.c:1128:16: sparse: Expected ; at end of declaration
net/sctp/input.c:1128:16: sparse: got __sctp_lookup_association
net/sctp/input.c:1129:1: sparse: Expected ; at the end of type declaration
net/sctp/input.c:1129:1: sparse: got }
>> net/sctp/input.c:1156:9: sparse: Trying to use reserved word 'do' as identifier
net/sctp/input.c:1156:12: sparse: Expected ; at end of declaration
net/sctp/input.c:1156:12: sparse: got {
net/sctp/input.c:1162:28: sparse: Expected ) in function declarator
net/sctp/input.c:1162:28: sparse: got >
net/sctp/input.c:1162:17: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1165:27: sparse: Expected ) in function declarator
net/sctp/input.c:1165:27: sparse: got ->
>> net/sctp/input.c:1165:17: sparse: Trying to use reserved word 'switch' as identifier
>> net/sctp/input.c:1168:25: sparse: Trying to use reserved word 'break' as identifier
>> net/sctp/input.c:1170:17: sparse: Trying to use reserved word 'case' as identifier
net/sctp/input.c:1170:22: sparse: Expected ; at end of declaration
net/sctp/input.c:1170:22: sparse: got SCTP_CID_COOKIE_ECHO
net/sctp/input.c:1180:25: sparse: Trying to use reserved word 'break' as identifier
net/sctp/input.c:1182:17: sparse: Trying to use reserved word 'case' as identifier
net/sctp/input.c:1182:22: sparse: Expected ; at end of declaration
net/sctp/input.c:1182:22: sparse: got SCTP_CID_ASCONF
>> net/sctp/input.c:1188:17: sparse: Trying to use reserved word 'default' as identifier
net/sctp/input.c:1188:24: sparse: Expected ; at end of declaration
net/sctp/input.c:1188:24: sparse: got :
net/sctp/input.c:1190:17: sparse: Expected ; at the end of type declaration
net/sctp/input.c:1190:17: sparse: got }
net/sctp/input.c:1196:26: sparse: Expected ; at end of declaration
net/sctp/input.c:1196:26: sparse: got ++
net/sctp/input.c:1197:9: sparse: Expected ; at the end of type declaration
net/sctp/input.c:1197:9: sparse: got }
net/sctp/input.c:1199:9: sparse: Trying to use reserved word 'return' as identifier
net/sctp/input.c:1199:16: sparse: Expected ; at end of declaration
net/sctp/input.c:1199:16: sparse: got asoc
net/sctp/input.c:1200:1: sparse: Expected ; at the end of type declaration
net/sctp/input.c:1200:1: sparse: got }
net/sctp/input.c:1220:13: sparse: Expected ) in function declarator
net/sctp/input.c:1220:13: sparse: got (
net/sctp/input.c:1220:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1230:13: sparse: Expected ) in function declarator
net/sctp/input.c:1230:13: sparse: got (
net/sctp/input.c:1230:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1234:15: sparse: Expected ) in function declarator
net/sctp/input.c:1234:15: sparse: got ->
net/sctp/input.c:1234:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1237:9: sparse: Trying to use reserved word 'return' as identifier
net/sctp/input.c:1237:16: sparse: Expected ; at end of declaration
net/sctp/input.c:1237:16: sparse: got __sctp_rcv_walk_lookup
net/sctp/input.c:1238:1: sparse: Expected ; at the end of type declaration
net/sctp/input.c:1238:1: sparse: got }
net/sctp/input.c:1250:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1251:17: sparse: Expected ; at end of declaration
net/sctp/input.c:1251:17: sparse: got goto
net/sctp/input.c:1258:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1259:17: sparse: Expected ; at end of declaration
net/sctp/input.c:1259:17: sparse: got goto
net/sctp/input.c:1261:18: sparse: Expected ) in function declarator
net/sctp/input.c:1261:18: sparse: got ->
net/sctp/input.c:1261:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1262:17: sparse: Expected ) in function declarator
net/sctp/input.c:1262:17: sparse: got (
net/sctp/input.c:1262:17: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1262:17: sparse: Expected ) in function declarator
net/sctp/input.c:1262:17: sparse: got (
net/sctp/input.c:1262:17: sparse: Trying to use reserved word 'if' as identifier
>> net/sctp/input.c:1262:17: sparse: Trying to use reserved word 'else' as identifier
net/sctp/input.c:1262:17: sparse: Expected ; at end of declaration
net/sctp/input.c:1262:17: sparse: got if
>> net/sctp/input.c:1262:17: sparse: Trying to use reserved word 'else' as identifier
net/sctp/input.c:1262:17: sparse: Expected ; at end of declaration
net/sctp/input.c:1262:17: sparse: got branch
net/sctp/input.c:1262:17: sparse: Expected ; at the end of type declaration
net/sctp/input.c:1262:17: sparse: got }
net/sctp/input.c:1262:17: sparse: Expected ; at the end of type declaration
net/sctp/input.c:1262:17: sparse: got }
net/sctp/input.c:1265:9: sparse: Trying to use reserved word 'else' as identifier
net/sctp/input.c:1266:17: sparse: Expected ; at end of declaration
net/sctp/input.c:1266:17: sparse: got do
net/sctp/input.c:1266:17: sparse: Expected ) in function declarator
net/sctp/input.c:1266:17: sparse: got (
net/sctp/input.c:1266:17: sparse: Trying to use reserved word 'if' as identifier
net/sctp/input.c:1266:17: sparse: Expected ) in function declarator
>> net/sctp/input.c:1266:17: sparse: too many errors
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from net/sctp/input.c:44:
net/sctp/input.c: In function '__sctp_rcv_init_lookup':
include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/input.c:1076:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(params, init, init_hdr.params) {
^~~~~~~~~~~~~~~~
--
include/linux/compiler.h:260:8: sparse: attribute 'no_sanitize_address': unknown attribute
net/sctp/stream.c:319:9: sparse: Expected , in __builtin_offset
net/sctp/stream.c:319:9: sparse: got sctp_paramhdr_t
>> builtin:0:0: sparse: No right hand side of '+'-expression
net/sctp/stream.c:319:9: sparse: Expected ) in 'for'
net/sctp/stream.c:319:9: sparse: got ;
net/sctp/stream.c:319:9: sparse: Expected ; at end of statement
net/sctp/stream.c:319:9: sparse: got )
net/sctp/stream.c:331:16: sparse: Expected ) in function declarator
net/sctp/stream.c:331:16: sparse: got (
>> net/sctp/stream.c:331:9: sparse: Trying to use reserved word 'return' as identifier
net/sctp/stream.c:332:1: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:332:1: sparse: got }
net/sctp/stream.c:338:13: sparse: Expected ; at end of declaration
net/sctp/stream.c:338:13: sparse: got ->
net/sctp/stream.c:339:1: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:339:1: sparse: got }
net/sctp/stream.c:354:13: sparse: Expected ) in function declarator
net/sctp/stream.c:354:13: sparse: got (
>> net/sctp/stream.c:354:9: sparse: Trying to use reserved word 'if' as identifier
>> net/sctp/stream.c:357:17: sparse: Trying to use reserved word 'goto' as identifier
net/sctp/stream.c:357:22: sparse: Expected ; at end of declaration
net/sctp/stream.c:357:22: sparse: got err
net/sctp/stream.c:358:9: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:358:9: sparse: got }
net/sctp/stream.c:360:13: sparse: Expected ) in function declarator
net/sctp/stream.c:360:13: sparse: got &
>> net/sctp/stream.c:360:13: sparse: Trying to use reserved word 'void' as identifier
net/sctp/stream.c:360:13: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:360:13: sparse: got 1
net/sctp/stream.c:360:13: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:360:13: sparse: got }
net/sctp/stream.c:360:13: sparse: Expected ) in function declarator
net/sctp/stream.c:360:13: sparse: got &
>> net/sctp/stream.c:360:13: sparse: Trying to use reserved word 'void' as identifier
net/sctp/stream.c:360:13: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:360:13: sparse: got 1
net/sctp/stream.c:360:13: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:360:13: sparse: got }
net/sctp/stream.c:361:13: sparse: Expected ) in function declarator
net/sctp/stream.c:361:13: sparse: got &
net/sctp/stream.c:361:13: sparse: Trying to use reserved word 'void' as identifier
net/sctp/stream.c:361:13: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:361:13: sparse: got 1
net/sctp/stream.c:361:13: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:361:13: sparse: got }
net/sctp/stream.c:361:13: sparse: Expected ) in function declarator
net/sctp/stream.c:361:13: sparse: got &
net/sctp/stream.c:361:13: sparse: Trying to use reserved word 'void' as identifier
net/sctp/stream.c:361:13: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:361:13: sparse: got 1
net/sctp/stream.c:361:13: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:361:13: sparse: got }
net/sctp/stream.c:363:17: sparse: Trying to use reserved word 'goto' as identifier
net/sctp/stream.c:363:22: sparse: Expected ; at end of declaration
net/sctp/stream.c:363:22: sparse: got err
net/sctp/stream.c:364:9: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:364:9: sparse: got }
net/sctp/stream.c:364:20: sparse: Expected ) in function declarator
net/sctp/stream.c:364:20: sparse: got &
net/sctp/stream.c:364:20: sparse: Trying to use reserved word 'void' as identifier
net/sctp/stream.c:364:20: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:364:20: sparse: got 1
net/sctp/stream.c:364:20: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:364:20: sparse: got }
net/sctp/stream.c:364:20: sparse: Expected ) in function declarator
net/sctp/stream.c:364:20: sparse: got &
net/sctp/stream.c:364:20: sparse: Trying to use reserved word 'void' as identifier
net/sctp/stream.c:364:20: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:364:20: sparse: got 1
net/sctp/stream.c:364:20: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:364:20: sparse: got }
net/sctp/stream.c:367:17: sparse: Trying to use reserved word 'goto' as identifier
net/sctp/stream.c:367:22: sparse: Expected ; at end of declaration
net/sctp/stream.c:367:22: sparse: got err
net/sctp/stream.c:368:9: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:368:9: sparse: got }
net/sctp/stream.c:375:13: sparse: Expected ) in function declarator
net/sctp/stream.c:375:13: sparse: got !
net/sctp/stream.c:375:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/stream.c:378:17: sparse: Expected ) in function declarator
net/sctp/stream.c:378:17: sparse: got ->
net/sctp/stream.c:378:9: sparse: Trying to use reserved word 'if' as identifier
net/sctp/stream.c:384:25: sparse: Trying to use reserved word 'goto' as identifier
net/sctp/stream.c:384:30: sparse: Expected ; at end of declaration
net/sctp/stream.c:384:30: sparse: got out
net/sctp/stream.c:385:17: sparse: Expected ; at the end of type declaration
net/sctp/stream.c:385:17: sparse: got }
net/sctp/stream.c:388:21: sparse: Expected ; at end of declaration
net/sctp/stream.c:388:21: sparse: got ->
net/sctp/stream.c:390:21: sparse: Expected ) in function declarator
net/sctp/stream.c:390:21: sparse: got !
net/sctp/stream.c:390:17: sparse: Trying to use reserved word 'if' as identifier
net/sctp/stream.c:394:38: sparse: Expected ) in function declarator
net/sctp/stream.c:394:38: sparse: got (
net/sctp/stream.c:394:25: sparse: Trying to use reserved word 'if' as identifier
net/sctp/stream.c:397:44: sparse: Expected ) in function declarator
net/sctp/stream.c:397:44: sparse: got ->
net/sctp/stream.c:398:29: sparse: Expected ; at end of declaration
net/sctp/stream.c:398:29: sparse: got ->
net/sctp/stream.c:399:17: sparse: Expected ; at the end of type declaration
>> net/sctp/stream.c:399:17: sparse: too many errors
In file included from include/linux/compiler.h:58:0,
from include/uapi/linux/stddef.h:1,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from include/net/sctp/sctp.h:58,
from net/sctp/stream.c:35:
net/sctp/stream.c: In function 'sctp_chunk_lookup_strreset_param':
include/net/sctp/sctp.h:472:24: error: unknown type name 'sctp_paramhdr_t'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^
include/linux/compiler-gcc.h:161:21: note: in definition of macro '__compiler_offsetof'
__builtin_offsetof(a, b)
^
include/net/sctp/sctp.h:472:15: note: in expansion of macro 'offsetof'
(pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
^~~~~~~~
include/net/sctp/sctp.h:468:1: note: in expansion of macro '_sctp_walk_params'
_sctp_walk_params((pos), (chunk), ntohs((chunk)->chunk_hdr.length), member)
^~~~~~~~~~~~~~~~~
net/sctp/stream.c:319:2: note: in expansion of macro 'sctp_walk_params'
sctp_walk_params(param, hdr, params) {
^~~~~~~~~~~~~~~~
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
On Fri, Jul 14, 2017 at 7:54 PM, David Miller <[email protected]> wrote:
> From: Alexander Potapenko <[email protected]>
> Date: Fri, 14 Jul 2017 19:33:54 +0200
>
>> On Fri, Jul 14, 2017 at 7:23 PM, David Miller <[email protected]> wrote:
>>> From: Alexander Potapenko <[email protected]>
>>> Date: Fri, 14 Jul 2017 18:33:01 +0200
>>>
>>>> On Fri, Jul 14, 2017 at 5:58 PM, David Miller <[email protected]> wrote:
>>>>> From: Alexander Potapenko <[email protected]>
>>>>> Date: Fri, 14 Jul 2017 12:03:29 +0200
>>>>>
>>>>>> v2: per comment from David Miller, make sure the whole iterator->length
>>>>>> fits into the remaining buffer.
>>>>>
>>>>> Please compile and functionally test your changes:
>>>>>
>>>>> In file included from ./include/linux/compiler.h:58:0,
>>>>> from ./include/uapi/linux/stddef.h:1,
>>>>> from ./include/linux/stddef.h:4,
>>>>> from ./include/uapi/linux/posix_types.h:4,
>>>>> from ./include/uapi/linux/types.h:13,
>>>>> from ./include/linux/types.h:5,
>>>>> from net/sctp/sm_statefuns.c:48:
>>>>> net/sctp/sm_statefuns.c: In function ‘sctp_sf_do_reconf’:
>>>>> ./include/net/sctp/sctp.h:472:24: error: unknown type name ‘sctp_paramhdr_t’
>>>>> (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\
>>>>> ^
>>>> Oops. Fixed.
>>>
>>> Did you functionally test the new version or just do a quick compile
>>> check and resubmit?
>> I've checked that the kernel still works, but unfortunately I couldn't
>> check whether or not this affected the uninit memory, as KMSAN
>> currently works on a fixed kernel revision. The compilation error was
>> actually caused by me failing to test the kernel when porting the fix
>> from that revision to upstream.
>>
>>> I really want you to test this if the logic has been changed.
>> Do you mean any specific tests in addition to, say, running the
>> reproducer on which the uninit use was reported?
>
> I mean the reproducer.
Yes, I've ran the reproducer, and just double-checked that. Sorry for the delay.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg