Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Date:   Mon, 26 Sep 2022 13:18:25 +0300
From:   Dan Carpenter <dan.carpenter@oracle.com>
To:     Jamal Hadi Salim <jhs@mojatatu.com>
Cc:     syzbot <syzbot+a2c4601efc75848ba321@syzkaller.appspotmail.com>,
        davem@davemloft.net, edumazet@google.com, jiri@resnulli.us,
        kuba@kernel.org, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, pabeni@redhat.com,
        syzkaller-bugs@googlegroups.com, xiyou.wangcong@gmail.com
Subject: Re: [syzbot] WARNING in u32_change
Message-ID: <YzF8cdiKQKG9l73k@kadam>
References: <000000000000a96c0b05e97f0444@google.com>
 <CAM0EoMnJ=STtk5BnZ9oJtnkXY2Q+Px2cKa4gowFRGpp40UNKww@mail.gmail.com>
 <CAM0EoMm9uBQQepMb5bda1vR-Okw-tPp2nnf6TvfA0FzPu_D_2A@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAM0EoMm9uBQQepMb5bda1vR-Okw-tPp2nnf6TvfA0FzPu_D_2A@mail.gmail.com>
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?V8SvV0DxzuWQ/Qux3/Hks0AsVpv2Wew64nqtJy6aYe2qkFZt1YiLFViLuUyg?=
 =?us-ascii?Q?AqdaRKWvNRBrR+jqiUtrRb09WpYB5xAMHEN8ApjZFKqQYgKO5h1EsBLwyUqN?=
 =?us-ascii?Q?Fo/A1muxTzgXAAVlH/J0HWCmm+ramUcSE7gO6osAzQr/6RV/vs7W9ZZd4+og?=
 =?us-ascii?Q?pr2chYIECGcOX9cVa18ycnQ0KS04hz73gO8qjKViN1w+iWlwBTxCFbEDDqNj?=
 =?us-ascii?Q?e2Xk4YpbUk+FCjQ1ITvyEl4xar8AZOq2kfqDSy3Q5LdF7y/XF6XhKDq3/9e1?=
 =?us-ascii?Q?8GkFdIe2dNaRRclBDWHkIOzGU0ggJlBIpmZpjgoY+jmL+q0aoGB+hv44x0tJ?=
 =?us-ascii?Q?hvWa6vsoX6ZyW1FusV11jlMKAv5u8VVvyuKFyOL/EFYXbuSGdNcmolaBv+tE?=
 =?us-ascii?Q?zkCOqMSkOPVh1GBMifPiKOVKeBwboXO2Pktyo2oozCXLtlhnImQ3mPSQNVsD?=
 =?us-ascii?Q?CrwKtDwSLg3+Tnn7xzyGZMaxJvJN19XvjzCmX2JrpCTn8g4tOU8ul6QmzURe?=
 =?us-ascii?Q?oBrODAj6DjKU6J5IorNyYqplRGfWHXX4an8H39S4T8agCQazGL+W3OvY67ez?=
 =?us-ascii?Q?/cosweuhE+HN5BRj5frwNIjkW6/QA7vshnpOD3+ffL5C7JO3VWcNsz5SbQZh?=
 =?us-ascii?Q?GKctPVsF8IthBlDB8dfmRnTzeCTxIsP49gzWIFcAv982nKA1e/EXz01LGae5?=
 =?us-ascii?Q?BJb/vDZwpUrCTmA1PJukqjKhM4FmpK66m+BPeyVOboxCxTxvqzY1/zFfuJ+9?=
 =?us-ascii?Q?wLifuiqvn8SQdD0w00zFHL4nb7dxq8HNQfPmNz0e6BODnXt5dyk/0EdhwRQs?=
 =?us-ascii?Q?nEvRrc/xsM98j/X5y+azXWOtXB0jAaKlQ+SIkjVpFhhvyb7Jd8wvBOXGKSzF?=
 =?us-ascii?Q?qRs+/YQ/40is4olLz1DB5yDrISt013Cb9G/Vixt0IbbBQQm5V3XKp+GuvbJu?=
 =?us-ascii?Q?bQJQqVPKg3p3S0xIokc/8ZYHtmcTLvx47kT6xe5QAikQ1dcmWzDgjo8RuW7p?=
 =?us-ascii?Q?/aDcr7U4wfgAH4rk7lt4zB04KWlJtbmuDw51p2S+L2ksbRIZqBcC+tIShXG3?=
 =?us-ascii?Q?IckW1flJmvNxojsaH9V9uHPx26QlMQXb/EnS8W7BRVzer8LzGN7zJjdjDw00?=
 =?us-ascii?Q?owFpFf9fermsjuvvoVNI6hJ3Xhu4Hlx4EovwJG4G6795+/KCAqibBXWU/cnN?=
 =?us-ascii?Q?j1kDWweTfmYZqWDytayQSKgeJMJTzFQ2tsofEEuYvis2g7HNGebn4ynGHLkd?=
 =?us-ascii?Q?8hHbg3aHPAchZ+pBmpWpAwYSS5EKrkV8sBC82kPEgNuvbAMsr4AyKqCiv3lu?=
 =?us-ascii?Q?cZoYAIgNwtXIiDexrrOkh8ZzhYBRNux+yVDAbHr/Ec60O9GfWa6UyhvyX4rT?=
 =?us-ascii?Q?Uv0wNUtwC/6nYBQrFuXUkdGd8PZ62UiG16oLi9X0JHpBGYQEoDxLTmfSD0Hb?=
 =?us-ascii?Q?bFVamIGuVRhG9PDWqK91tad7NkD4IkSWTHYZwvsGWYqzOFCasC5rkZDMHJwf?=
 =?us-ascii?Q?DgkHohjaBm/VTNzq30oY1ipujwpDclihIjyDZdYIaCDCZfqqfpcqmLDp74s4?=
 =?us-ascii?Q?c5tLJHrtAiEjwtXQMcrC3EpBuGeGmuuRWJ5xJWOg?=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b5241d76-a948-405b-84f0-08da9fa87c49
X-MS-Exchange-CrossTenant-AuthSource: MWHPR1001MB2365.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Sep 2022 10:18:41.7517
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 2s1q2M2mCKM3aqyHAMH6HAM7dxWoIYkf7nKq1EO9HYlEp8haBpDZ8RoaGRc0I5ns5Fz/dmLgToz9KMo77wJPDtRM0pm+ABPmXFLgon7NKZY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR10MB5794
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1
 definitions=2022-09-26_08,2022-09-22_02,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 adultscore=0
 suspectscore=0 phishscore=0 mlxscore=0 mlxlogscore=999 spamscore=0
 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2209130000 definitions=main-2209260065
X-Proofpoint-GUID: xk1oJwikq05gZxPzuAxQ1BfSftH7NBlE
X-Proofpoint-ORIG-GUID: xk1oJwikq05gZxPzuAxQ1BfSftH7NBlE
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Sep 25, 2022 at 12:14:44PM -0400, Jamal Hadi Salim wrote:
> On Sun, Sep 25, 2022 at 11:38 AM Jamal Hadi Salim <jhs@mojatatu.com> wrote:
> >
> > Is there a way to tell the boat "looking into it?"
> 
> 
> I guess I have to swim across to it to get the message;->
> 
> I couldnt see the warning message  but it is obvious by inspection that
> the memcpy is broken. We should add more test coverage.
> This should fix it. Will send a formal patch later:
> 
> diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
> index 4d27300c2..591cbbf27 100644
> --- a/net/sched/cls_u32.c
> +++ b/net/sched/cls_u32.c
> @@ -1019,7 +1019,7 @@ static int u32_change(struct net *net, struct
> sk_buff *in_skb,
>         }
> 
>         s = nla_data(tb[TCA_U32_SEL]);
> -       sel_size = struct_size(s, keys, s->nkeys);
> +       sel_size = struct_size(s, keys, s->nkeys) + sizeof(n->sel);

Smatch will soon start complaining about these.  Can we instead do:

	sel_size = size_add(struct_size(s, keys, s->nkeys), sizeof(n->sel));

Probably eventually Smatch will be able to detect some times when
struct_size() is used for readability and not for safety so maybe it
won't warn...

regards,
dan carpenter