Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp493823rwe; Thu, 25 Aug 2022 04:19:42 -0700 (PDT) X-Google-Smtp-Source: AA6agR5mYJUwtNvz1vhpZQd1MbeMSs2xI5Mm7qqoCrI5vU5Z3emZDYT1udHgiXwJHcBsq6RVAubu X-Received: by 2002:a17:906:9749:b0:730:aaee:30e2 with SMTP id o9-20020a170906974900b00730aaee30e2mr2138830ejy.248.1661426382291; Thu, 25 Aug 2022 04:19:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1661426382; cv=pass; d=google.com; s=arc-20160816; b=CWBqzvH1J1yb2+Fbbh4ezPIDZosgF8X4xcJTS9smWs3rwnUhKaX6uUkbXqzgz8aQJv xk9YNXrlOilTYYDV8avTWEtlqpVz+ZOqIAmWgKCB6guyGhFlj60+iK8NUdoC9XTQoby5 1UtDGe8ocSqVJB7+/C10ZI08ziktClxtsxdR1232Tv5/JIDs91gENz4ohUqeuV8GUQlL 8SNjuZR5hD61xSumkeK+rpPXxASxdPOkdPhtIEFjwr9x2bHWXtEppMkdR2xxC6nKkrBx 32j/JnXqKWaAIy536U9K+K35e6szNiP9rDEytYlaUlBB2Mpk3fF5mZbJpBD+xHFdXlAc IF2A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:date:subject:message-id:cc:to:from :dkim-signature; bh=9JxgGzgLM2PUoGaAxTFaglhLU1RtXeL8IA+pkc6Il8E=; b=vXsC+Siys7oPdD1si6MC6dAI43om6/QN2T4CYLInmCMxdhNbDzbuY2+v2bDSUsWfap qpy3tzY9DeT3ZjZdNpw0H7y4srsZeJUNA8VYqTOvDlgTx4Qz9TMIoGfnA11Bffviinvm nJbPdB9jK8pYPHQX9dHV5q4tCNK3IAkav1xOxC8RFO2TeGIZCv5JEFV+7XY2rzAitfxy fK9pyBV+pdjf9PxY5KlrmIvZYbPR8rxUW/AQpyla3wPU9to61v2IZGp038gRe4c4d+44 APdqmbfeU1bWGTEH3be/rJgUX8PIUwUsxltlqng99v7lYgOi5krdZ4F+Un1WNdW24j84 0xWw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=XPuaZ1y8; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siddh.me Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z18-20020a05640235d200b0043aa8412572si7135661edc.257.2022.08.25.04.19.15; Thu, 25 Aug 2022 04:19:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=XPuaZ1y8; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siddh.me Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240859AbiHYLCU (ORCPT + 99 others); Thu, 25 Aug 2022 07:02:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235750AbiHYLCT (ORCPT ); Thu, 25 Aug 2022 07:02:19 -0400 Received: from sender-of-o50.zoho.in (sender-of-o50.zoho.in [103.117.158.50]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CCD7AC24C for ; Thu, 25 Aug 2022 04:02:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661425293; cv=none; d=zohomail.in; s=zohoarc; b=PTNA1UHlvOVwnV5XyDcc1CCQcHbtGJfqbf0nV9+LOum8uolxI1RFds4YpBNDpxFtAApeYkta5+AJAYm1UxLiWckdDiWPoGX13iFuNg7DuA+V/OdFCVm39g5gJNbJuT8Ju4DB0sjqopi8cbpuew9C5Ow/zeAokubjIkHTiEO8IYo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in; s=zohoarc; t=1661425293; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=9JxgGzgLM2PUoGaAxTFaglhLU1RtXeL8IA+pkc6Il8E=; b=eEmht/DR2NhwfUTwXF+kq7/6Qr4NdZiIsxz/0YHVeJKLcf466GlmVjHujDu/cImqfXOzhduPhh5CqDxI1LOcQPRv9d7GrB3tEpKAzHzDxP/xKwFEePFBGg3qu2SEV/OXcgwvYTabL0KWpsex4SyY36y1NJCtr7/N8y0pSQTIzok= ARC-Authentication-Results: i=1; mx.zohomail.in; dkim=pass header.i=siddh.me; spf=pass smtp.mailfrom=code@siddh.me; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1661425293; s=zmail; d=siddh.me; i=code@siddh.me; h=From:From:To:To:Cc:Cc:Message-ID:Subject:Subject:Date:Date:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Content-Type:Message-Id:Reply-To; bh=9JxgGzgLM2PUoGaAxTFaglhLU1RtXeL8IA+pkc6Il8E=; b=XPuaZ1y84SdZwdDBQicREDiv6mas0ZZ4GZ2u8H7vsSMKNOhusJNTYGjG+9OC1YDe fD8jE6xjsbptLiggaUuR9XtFequYTTytbx7HvrYU9uuw8wCbYKtiXPAGaigYmbWoHoU BmjJDHntf5ssssWlrBMWcwwY/Sc2hglOD1Jhbxmk= Received: from localhost.localdomain (103.249.233.18 [103.249.233.18]) by mx.zoho.in with SMTPS id 1661425291526471.8840215182329; Thu, 25 Aug 2022 16:31:31 +0530 (IST) From: Siddh Raman Pant To: palmer@rivosinc.com Cc: davem@davemloft.net, edumazet@google.com, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rivosinc.com, luiz.dentz@gmail.com, marcel@holtmann.org, netdev@vger.kernel.org, pabeni@redhat.com Message-ID: <20220825110108.157350-1-code@siddh.me> Subject: Re: [PATCH] Bluetooth: L2CAP: Elide a string overflow warning Date: Thu, 25 Aug 2022 16:31:08 +0530 X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220812055249.8037-1-palmer@rivosinc.com> References: <20220812055249.8037-1-palmer@rivosinc.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External Content-Type: text/plain; charset=utf8 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 12 Aug 2022 11:22:49 +0530 Palmer Dabbelt wrote: > From: Palmer Dabbelt >=20 > Without this I get a string op warning related to copying from a > possibly NULL pointer. I think the warning is spurious, but it's > tripping up allmodconfig. I think it is not spurious, and is due to the following commit: d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_pu= t") The following commit fixes a similar problem (added the NULL check on line = 1996): 332f1795ca20 ("Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression") > In file included from /scratch/merges/ko-linux-next/linux/include/linux/s= tring.h:253, > from /scratch/merges/ko-linux-next/linux/include/linux/b= itmap.h:11, > from /scratch/merges/ko-linux-next/linux/include/linux/c= pumask.h:12, > from /scratch/merges/ko-linux-next/linux/include/linux/m= m_types_task.h:14, > from /scratch/merges/ko-linux-next/linux/include/linux/m= m_types.h:5, > from /scratch/merges/ko-linux-next/linux/include/linux/b= uildid.h:5, > from /scratch/merges/ko-linux-next/linux/include/linux/m= odule.h:14, > from /scratch/merges/ko-linux-next/linux/net/bluetooth/l= 2cap_core.c:31: > In function 'memcmp', > inlined from 'bacmp' at /scratch/merges/ko-linux-next/linux/include/n= et/bluetooth/bluetooth.h:347:9, > inlined from 'l2cap_global_chan_by_psm' at /scratch/merges/ko-linux-n= ext/linux/net/bluetooth/l2cap_core.c:2003:15: > /scratch/merges/ko-linux-next/linux/include/linux/fortify-string.h:44:33:= error: '__builtin_memcmp' specified bound 6 exceeds source size 0 [-Werror= =3Dstringop-overread] > 44 | #define __underlying_memcmp __builtin_memcmp > | ^ > /scratch/merges/ko-linux-next/linux/include/linux/fortify-string.h:420:16= : note: in expansion of macro '__underlying_memcmp' > 420 | return __underlying_memcmp(p, q, size); > | ^~~~~~~~~~~~~~~~~~~ > In function 'memcmp', > inlined from 'bacmp' at /scratch/merges/ko-linux-next/linux/include/n= et/bluetooth/bluetooth.h:347:9, > inlined from 'l2cap_global_chan_by_psm' at /scratch/merges/ko-linux-n= ext/linux/net/bluetooth/l2cap_core.c:2004:15: > /scratch/merges/ko-linux-next/linux/include/linux/fortify-string.h:44:33:= error: '__builtin_memcmp' specified bound 6 exceeds source size 0 [-Werror= =3Dstringop-overread] > 44 | #define __underlying_memcmp __builtin_memcmp > | ^ > /scratch/merges/ko-linux-next/linux/include/linux/fortify-string.h:420:16= : note: in expansion of macro '__underlying_memcmp' > 420 | return __underlying_memcmp(p, q, size); > | ^~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors >=20 > Signed-off-by: Palmer Dabbelt Tested-by: Siddh Raman Pant > --- > net/bluetooth/l2cap_core.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) >=20 > diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c > index cbe0cae73434..be7f47e52119 100644 > --- a/net/bluetooth/l2cap_core.c > +++ b/net/bluetooth/l2cap_core.c > @@ -2000,11 +2000,13 @@ static struct l2cap_chan *l2cap_global_chan_by_ps= m(int state, __le16 psm, > =09=09=09} > =20 > =09=09=09/* Closest match */ > -=09=09=09src_any =3D !bacmp(&c->src, BDADDR_ANY); > -=09=09=09dst_any =3D !bacmp(&c->dst, BDADDR_ANY); > -=09=09=09if ((src_match && dst_any) || (src_any && dst_match) || > -=09=09=09 (src_any && dst_any)) > -=09=09=09=09c1 =3D c; > +=09=09=09if (c) { > +=09=09=09=09src_any =3D !bacmp(&c->src, BDADDR_ANY); > +=09=09=09=09dst_any =3D !bacmp(&c->dst, BDADDR_ANY); > +=09=09=09=09if ((src_match && dst_any) || (src_any && dst_match) || > +=09=09=09=09 (src_any && dst_any)) > +=09=09=09=09=09c1 =3D c; > +=09=09=09} > =09=09} > =09} > =20