Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp68122pxj; Wed, 9 Jun 2021 16:45:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzny9C4ZSvCboNt9CqQJYICVkfdr2rEF8XM9nFOUiv66KMtQnfzniKhAwANtzFRALDMgkQK X-Received: by 2002:a17:906:55cb:: with SMTP id z11mr1936739ejp.475.1623282343402; Wed, 09 Jun 2021 16:45:43 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gj23si1126027ejb.7.2021.06.09.16.45.19; Wed, 09 Jun 2021 16:45:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=btRwceTq; arc=fail (body hash mismatch); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fb.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229722AbhFIXnY (ORCPT + 99 others); Wed, 9 Jun 2021 19:43:24 -0400 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:64856 "EHLO mx0b-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229507AbhFIXnX (ORCPT ); Wed, 9 Jun 2021 19:43:23 -0400 Received: from pps.filterd (m0148460.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 159NeR95000705; Wed, 9 Jun 2021 16:40:52 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=subject : to : cc : references : from : message-id : date : in-reply-to : content-type : content-transfer-encoding : mime-version; s=facebook; bh=Du0sY51MRIhSmoiC+kepXyELz0s0ft0Wd/yNkGn481Y=; b=btRwceTqg2s+CO8K/RvYXYbkh1zebeQYYGWw+LGYVFJlXpkr8lqts9u+fWzQkJpdwR85 f5RCk3hxRBrxz44rwn94hxt1udgTf2tM4euIcwLCO7K27/iW9SlcFhC1y1cn4QxCLwoi L/JSWQIYcg2Sp+xBALR+tPqFgh7sVG7J+pg= Received: from maileast.thefacebook.com ([163.114.130.16]) by mx0a-00082601.pphosted.com with ESMTP id 392qx66003-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 09 Jun 2021 16:40:51 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (100.104.31.183) by o365-in.thefacebook.com (100.104.36.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Wed, 9 Jun 2021 16:40:50 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FVWS9CSEa9tqQptxbuLExNxBfe8n1tX118Kqy80E8dOtnwpXvqN/W4E0EqkkCAY7cW3HmEq55vf+gphYzL4vkDwyr4rsVg+uBYmPjcEPuo2jZAlCoEg9wyyag6XGhTdktB92hgUrirPPzcj3tHLO37uUL9Za0Vg75Obk3xqPFlUp2HgfyWzgiJFbhDx6aYxttOm1XlXt6lL7Bxx+hYHU4F7+q0jnvkQPrO++9LJSrocUkcsK9W0Bql6+iWXTsQFRltYemcxVXrYUMjCttOs16oA7P5if+xWSvU+zGDnQuMeCPzoZGQLw4JqsKBPkgmQMXhpYfP63rf+wt4/++t3GtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aLm8UJJcf/u86UsQdjfqIjRuDBg9IUXiPfmTBObf0II=; b=EZe9CI0AD8yr6bqL2enilfiN6ody00kIj4GU4clJ7j84rQbCyaeU2vDm8NEBU2ryo6teAzJn7TmOjbAQAxfv+ECfdLKakCjsC8EtNUs7i9SvTWrBxefoPLENnvR1U3mlqFlQw2FJ4qufC3DDZNfCKVlFL9bwM4/71/AoryBYFCEGCCzzgOdtaKd1Txj/qcFaIcEMgomKzID+kUUnLBMqg/tRwn/s63I8ZmgpUVyGsY8jFatySY/NYL6yW0fcxi3V6RoJnznlbBYW5fMNtw7OqCAYXfCr2+kEm1LhBDh+fFMC83UZHhfWX1zo+E0JlWFIpW1DJ133EOftU5W1b8DnwA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fb.com; dmarc=pass action=none header.from=fb.com; dkim=pass header.d=fb.com; arc=none Authentication-Results: googlegroups.com; dkim=none (message not signed) header.d=none;googlegroups.com; dmarc=none action=none header.from=fb.com; Received: from SN6PR1501MB2064.namprd15.prod.outlook.com (2603:10b6:805:d::27) by SN6PR15MB2335.namprd15.prod.outlook.com (2603:10b6:805:24::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.21; Wed, 9 Jun 2021 23:40:50 +0000 Received: from SN6PR1501MB2064.namprd15.prod.outlook.com ([fe80::d886:b658:e2eb:a906]) by SN6PR1501MB2064.namprd15.prod.outlook.com ([fe80::d886:b658:e2eb:a906%5]) with mapi id 15.20.4219.022; Wed, 9 Jun 2021 23:40:50 +0000 Subject: Re: [PATCH v4] bpf: core: fix shift-out-of-bounds in ___bpf_prog_run To: Kees Cook , Dmitry Vyukov CC: Alexei Starovoitov , Kurt Manucredo , , Andrii Nakryiko , Alexei Starovoitov , bpf , Daniel Borkmann , "David S. Miller" , Jesper Dangaard Brouer , John Fastabend , Martin KaFai Lau , KP Singh , Jakub Kicinski , LKML , Network Development , Song Liu , syzkaller-bugs , , Nick Desaulniers , Clang-Built-Linux ML , , Shuah Khan , Greg Kroah-Hartman , Kernel Hardening , kasan-dev References: <000000000000c2987605be907e41@google.com> <20210602212726.7-1-fuzzybritches0@gmail.com> <87609-531187-curtm@phaethon> <6a392b66-6f26-4532-d25f-6b09770ce366@fb.com> <202106091119.84A88B6FE7@keescook> From: Yonghong Song Message-ID: <752cb1ad-a0b1-92b7-4c49-bbb42fdecdbe@fb.com> Date: Wed, 9 Jun 2021 16:40:45 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <202106091119.84A88B6FE7@keescook> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US X-Originating-IP: [2620:10d:c090:400::5:92ff] X-ClientProxiedBy: SJ0PR13CA0218.namprd13.prod.outlook.com (2603:10b6:a03:2c1::13) To SN6PR1501MB2064.namprd15.prod.outlook.com (2603:10b6:805:d::27) X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [IPv6:2620:10d:c085:21c8::11dd] (2620:10d:c090:400::5:92ff) by SJ0PR13CA0218.namprd13.prod.outlook.com (2603:10b6:a03:2c1::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.9 via Frontend Transport; Wed, 9 Jun 2021 23:40:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 46b54bda-eebc-4982-d77a-08d92ba00324 X-MS-TrafficTypeDiagnostic: SN6PR15MB2335: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-FB-Source: Internal X-MS-Oob-TLC-OOBClassifiers: OLM:3276; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3dtUXY5I1KLPmhWRbz1tYU/sQO+1ugYnzL0Gkd6VPHszBac4SK3AwFr3RLQ5v8sJw/x86rjKkMzoTNMDSDwJ1cSXrarYJw/BMxSObWH718AFxDhKYU6Zz/vdf43TNO0B65UcLdzrig75BnwEsPw2JI/qGo4HOzs8Oep8ZadttE0EsY/zT9rb4CXaue8IxoclYxMEEl4DNkqdnegAZHSlrSdXBPQz1OHZOzjQt4b3+VLjwmtU30cMW2iouCh8f1a/9PkfNiYs4quIWaP3EQTA2yayaNEMiGsU8Kk00C5JNM6+wkf1sls8iljmyU38a0PHAcutW8YyDs9ZnwDnYv6t45IL2fK2Ai0t9LB5AFNJn0uoDeGX86Trys7F/xYx3Z6tjR9ayzFuuY/lZQ+IAjKfLJT0UnB//3es5nYNqwicx6z0RTuXoSXZyyRwN+RHDbnLwoI2Z0WYpFOOCEwUq1/Rx4n1uWYIAcfifLg7jJUGROo1DeMLujEaAf3Yx+T/co3Hw1+issd96A5YF+mnsteFn0a5k9esf/xjf3GR/j1LWkNDB9Rs37WORB3ieb8VtryCFO7+c4wTCwzB0So0UK0Bxm42kjiVUe9LjF5ZkrKg+tgYuu+a13lug+PAxOlNH8UUEHBOPZc/xp7VO1TVMSTRjCMAFrRtWt9Gi4xuZELwWQ0i/kmf5cMbqpQ2pIado1e8tI+xfPIZmNdyfAOKKtKs++VEL58IGftQeHiBsOQznDtHFRCoys5YNMWUG/LMyEioqXj2Q9C7vDh7j15inHvoHAm94vzfKMscVEClKtHIAzRksBpq5ZteMR6rQfIeCMQJaH8d4ttIURa0isnB/93uDZq+hGtinFMN11PWALmrstg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR1501MB2064.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(396003)(39860400002)(376002)(136003)(366004)(316002)(2906002)(2616005)(52116002)(6666004)(54906003)(110136005)(5660300002)(36756003)(86362001)(38100700002)(478600001)(966005)(31686004)(53546011)(7416002)(6486002)(8936002)(8676002)(186003)(16526019)(4326008)(66556008)(66476007)(83380400001)(31696002)(66946007)(101420200003)(99710200001)(45980500001)(43740500002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NnNKWWlCRkpQb0lBWk12M3YxR3I1SUNCUDd5ODh1cklNUDRlNUYrREhBWlV4?= =?utf-8?B?eWtEWkQ2eUx4V2x3eGRpc1dKY3ZnQUJxMGg4VnlaQVYwZ2tkbGVwWDd3KzFS?= =?utf-8?B?eTh2THlSdU9qczRJTERTek02a2szcXJ6M0MreGtkM3p4UFZTNjN4SUdvVW93?= =?utf-8?B?WWc0b2NjZm9IeExjMURzZ3ltUXNmMFlpbzdORjZIbTRCbzZncjZRZEdsdndT?= =?utf-8?B?Wm5GSSs1K2hDZnB5QWw5aVFRdk1sQ0ViZDROU2VaakJUZGZlYllrVFIrTFdK?= =?utf-8?B?TDN0RWlrUVVCWURjY2kySW93THJzc0ZPT0Z3TVErMk5rREpESExIc0UvNGYz?= =?utf-8?B?WER6akJYY3cvVWx0YXFIeEZzaTlVVDY0c1JQZXVWV1M4ek45d3RDcmM3SU9r?= =?utf-8?B?VXFoTWs5MDFSdGRYNnZYY0NqOTQzZnNjc1hnb1RTL1c4ejhJQjZDV2VqcFM0?= =?utf-8?B?ZldPeTBKdDg3SGI3K0hjd09SV2JGZVV4Y2lyZlR2dVVUMHJ0RWEwamhGK3Qw?= =?utf-8?B?bnp6SzVhS1l3R1BWMW41anlKT0JVSGdSa2hRTTJuMjU1Uy9oZWlzN0RiRS80?= =?utf-8?B?dGZQaVVDdCtmY1p2R00wdVlobDBzZDg0MHcxMGFTSXI2YmovV0RqcmZJR0ZM?= =?utf-8?B?QmFKQWZKWHUrRHJZYjUzZmNQdVc5TmJubXlHQ05id0Q5bCt6NWZGdHplRUZq?= =?utf-8?B?cjNodVU0TVBRdTlrdHFVL24wN0x0MzZFSXpCdDdsOUkwT0IzWTloUmttNmpi?= =?utf-8?B?K05idTh6TFViTm54YTd5RTRDU1I5RGVPekphd2tFYXhOT2tJWTV0UVN3bFMx?= =?utf-8?B?SFBqMFl3anhPalcwWWFVdkRqNklyNmVoWEpGVlduK084NVlHT25jZnVoc2Rp?= =?utf-8?B?bFpKL3VWUzFLTlR2ZXNDVzhTbDJaQTVCSnFrRFN0WHNIREpOMmNpWGRPMTBB?= =?utf-8?B?cERNeW95RjZQRlh0d1JsWFJKTlN3TkY3aGhTUWpoQU9LYitVT3NKTWFSd2lE?= =?utf-8?B?SHhLSVRFazBCTzF4UjRXS09XeWpObCsyZlZPZFpYKzcrckx3YVRLTm11WktI?= =?utf-8?B?d1lMSC8yTnlxMmdtQ201ZXRnMUVEQmlJTVpBdXVHYnlvNklWZzJlZzlRR054?= =?utf-8?B?MHRaekdVRTVscE8rWFllbnRwaDNERUF0SG15cGdOWUdLNU02SjB3SXBlT3Nl?= =?utf-8?B?ZFJlU215RHUwaC9pQngvTUtKSXRra2d2Mkd2My9IQ1NhRDl2UzNETW5JVVlm?= =?utf-8?B?ZVdKSVZqaGI5dHZ1VDNoc0NPY1RZT0xtR0dnY0NvYmRxV3BqRjN1YXRTYWRs?= =?utf-8?B?MmxlS3l1L1BoRzF1WHMyOFViSno4d09DMTRaZ3ZmTHdkbW9rMTcwczYwd3JW?= =?utf-8?B?WjdjZXdRV0ZpbllpSWN5dWZ1Q3BndU9jeCtlRlpuanFEUHhZVXZmbitva0hN?= =?utf-8?B?SFBGeitKZ3Y2b0pSdEpCRm9tRGxJUXRFenZ0UHBUM2FYa0E5dFI0OFVqOW15?= =?utf-8?B?Wng1cXIyakJHMVZ4WEhNN0M2R0dsRmlad3FHR0VNcGFpYTViL2RvOFplelRP?= =?utf-8?B?NGNsdU5CVHNVYjJEZXIrUGlhQUlwMTVwcnVBSXMycURyTzhXcmdxTXE5bE83?= =?utf-8?B?a25XNmZyWVEwS0dQTEdKQllGc3hpYUpxNWNhZmRhMjJiWVpickhXNFNCZHNl?= =?utf-8?B?cG1UdmRxdTh1ZCtHclZieXpiakFFTXJhcDhZSXEvOGEreDVxQm82TU11Rm1u?= =?utf-8?B?aVIxZ1NpYllRZTZZQlpKVlVac3AvSFd2aTVET0xpay9xWG1kSmxsRkdtejRo?= =?utf-8?B?STRkRzJadmtHKzJFMmxaUT09?= X-MS-Exchange-CrossTenant-Network-Message-Id: 46b54bda-eebc-4982-d77a-08d92ba00324 X-MS-Exchange-CrossTenant-AuthSource: SN6PR1501MB2064.namprd15.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2021 23:40:49.8723 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vnoDSh0OwdjJ71c9WomxDCp+9Gj2RNfj1PPyapwN5OE93fB15+rxccyiUL4h55oJ X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR15MB2335 X-OriginatorOrg: fb.com X-Proofpoint-ORIG-GUID: KGs3Q8Bz63QtT7jyWOzz7jUOq8zatVY8 X-Proofpoint-GUID: KGs3Q8Bz63QtT7jyWOzz7jUOq8zatVY8 Content-Transfer-Encoding: 7bit X-Proofpoint-UnRewURL: 1 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-06-09_07:2021-06-04,2021-06-09 signatures=0 X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 impostorscore=0 bulkscore=0 adultscore=0 suspectscore=0 mlxscore=0 clxscore=1011 mlxlogscore=999 spamscore=0 priorityscore=1501 phishscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2106090127 X-FB-Internal: deliver Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/9/21 11:20 AM, Kees Cook wrote: > On Mon, Jun 07, 2021 at 09:38:43AM +0200, 'Dmitry Vyukov' via Clang Built Linux wrote: >> On Sat, Jun 5, 2021 at 9:10 PM Alexei Starovoitov >> wrote: >>> On Sat, Jun 5, 2021 at 10:55 AM Yonghong Song wrote: >>>> On 6/5/21 8:01 AM, Kurt Manucredo wrote: >>>>> Syzbot detects a shift-out-of-bounds in ___bpf_prog_run() >>>>> kernel/bpf/core.c:1414:2. >>>> >>>> This is not enough. We need more information on why this happens >>>> so we can judge whether the patch indeed fixed the issue. >>>> >>>>> >>>>> I propose: In adjust_scalar_min_max_vals() move boundary check up to avoid >>>>> missing them and return with error when detected. >>>>> >>>>> Reported-and-tested-by: syzbot+bed360704c521841c85d@syzkaller.appspotmail.com >>>>> Signed-off-by: Kurt Manucredo >>>>> --- >>>>> >>>>> https://syzkaller.appspot.com/bug?id=edb51be4c9a320186328893287bb30d5eed09231 >>>>> >>>>> Changelog: >>>>> ---------- >>>>> v4 - Fix shift-out-of-bounds in adjust_scalar_min_max_vals. >>>>> Fix commit message. >>>>> v3 - Make it clearer what the fix is for. >>>>> v2 - Fix shift-out-of-bounds in ___bpf_prog_run() by adding boundary >>>>> check in check_alu_op() in verifier.c. >>>>> v1 - Fix shift-out-of-bounds in ___bpf_prog_run() by adding boundary >>>>> check in ___bpf_prog_run(). >>>>> >>>>> thanks >>>>> >>>>> kind regards >>>>> >>>>> Kurt >>>>> >>>>> kernel/bpf/verifier.c | 30 +++++++++--------------------- >>>>> 1 file changed, 9 insertions(+), 21 deletions(-) >>>>> >>>>> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c >>>>> index 94ba5163d4c5..ed0eecf20de5 100644 >>>>> --- a/kernel/bpf/verifier.c >>>>> +++ b/kernel/bpf/verifier.c >>>>> @@ -7510,6 +7510,15 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, >>>>> u32_min_val = src_reg.u32_min_value; >>>>> u32_max_val = src_reg.u32_max_value; >>>>> >>>>> + if ((opcode == BPF_LSH || opcode == BPF_RSH || opcode == BPF_ARSH) && >>>>> + umax_val >= insn_bitness) { >>>>> + /* Shifts greater than 31 or 63 are undefined. >>>>> + * This includes shifts by a negative number. >>>>> + */ >>>>> + verbose(env, "invalid shift %lld\n", umax_val); >>>>> + return -EINVAL; >>>>> + } >>>> >>>> I think your fix is good. I would like to move after >>> >>> I suspect such change will break valid programs that do shift by register. >>> >>>> the following code though: >>>> >>>> if (!src_known && >>>> opcode != BPF_ADD && opcode != BPF_SUB && opcode != BPF_AND) { >>>> __mark_reg_unknown(env, dst_reg); >>>> return 0; >>>> } >>>> >>>>> + >>>>> if (alu32) { >>>>> src_known = tnum_subreg_is_const(src_reg.var_off); >>>>> if ((src_known && >>>>> @@ -7592,39 +7601,18 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, >>>>> scalar_min_max_xor(dst_reg, &src_reg); >>>>> break; >>>>> case BPF_LSH: >>>>> - if (umax_val >= insn_bitness) { >>>>> - /* Shifts greater than 31 or 63 are undefined. >>>>> - * This includes shifts by a negative number. >>>>> - */ >>>>> - mark_reg_unknown(env, regs, insn->dst_reg); >>>>> - break; >>>>> - } >>>> >>>> I think this is what happens. For the above case, we simply >>>> marks the dst reg as unknown and didn't fail verification. >>>> So later on at runtime, the shift optimization will have wrong >>>> shift value (> 31/64). Please correct me if this is not right >>>> analysis. As I mentioned in the early please write detailed >>>> analysis in commit log. >>> >>> The large shift is not wrong. It's just undefined. >>> syzbot has to ignore such cases. >> >> Hi Alexei, >> >> The report is produced by KUBSAN. I thought there was an agreement on >> cleaning up KUBSAN reports from the kernel (the subset enabled on >> syzbot at least). >> What exactly cases should KUBSAN ignore? >> +linux-hardening/kasan-dev for KUBSAN false positive > > Can check_shl_overflow() be used at all? Best to just make things > readable and compiler-happy, whatever the implementation. :) This is not a compile issue. If the shift amount is a constant, compiler should have warned and user should fix the warning. This is because user code has something like a << s; where s is a unknown variable and verifier just marked the result of a << s as unknown value. Verifier may not reject the code depending on how a << s result is used. If bpf program writer uses check_shl_overflow() or some kind of checking for shift value and won't do shifting if the shifting may cause an undefined result, there should not be any kubsan warning. >