Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp2480135rdb; Wed, 21 Feb 2024 08:52:08 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUS3CjiuXR6/o/YOaTc69eaat4Pg0owQaxi1i6glBwLoTpc14nBFCtleFFTIfn2ch2LJFLo2irH+KrISnBwLh9bHQuT6luUgeC6GKLi0w== X-Google-Smtp-Source: AGHT+IF9FaO8f4crCcUAZua5Q+C1zf68w33EzHfsPS6WYKCY+WcVBKfI2ikFjTBvKaG0gYf5FlKG X-Received: by 2002:a05:6808:138f:b0:3c1:5515:2599 with SMTP id c15-20020a056808138f00b003c155152599mr12906655oiw.39.1708534327753; Wed, 21 Feb 2024 08:52:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708534327; cv=pass; d=google.com; s=arc-20160816; b=WxSG9k2jBj05zHPV3ajSUma1lssd42JQPJo611KCU9xLGkIoOqyPgv8CMZXY2XyFwX hqO/Ym07JyKiMOYokFIDfyG7vCt0VQlWKCVhKchzevBk/7HyJTjQryG6KmeTTA46Uq0C 58NjjxyiwbK3oK6gY0rkr+WiT9sCzljqiWt7/e8XjETRl63Th8wJ9hT9C6HOQw5Dspzb OTsU1gqghXl90pauAuxLu7i5fs5KfMLqDjmta3swNnHl3IMU1PzRvWE5ungWeL93viqL K9l/+Jj1Q/e5077DyiEsMDfgLeZO2LvM1xVOzSmScuQcC8zogEAMtmK19w9RiBj/Xh8d tVNQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:cc:to:from:date:references:in-reply-to:message-id :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :user-agent:feedback-id:dkim-signature:dkim-signature; bh=eSn5xhAHi3xo/ygEBFEx2vlBfX3dDaFRWNt84Lii+ww=; fh=Ejs2zR1IVS5AntE5wDAOA6ZG2rRkOM7i3pzDAJZGk+c=; b=t3PRex0/BvKF9aNzeatOV4VcKSU40TAVsXwuOdDxM375NNMoCRqdFWUkuRt3LncPqM eiKWUujgPNO3rgbaJ9pxcHO5D8StxM8RcCsh7OijIWJzXrxlidcisQmABgIcmxxxGqo4 oyxahKwM6KfVBK/lEGPS2R9jwdHrJ5rS+HiV/JLqXdRJXNJStjlzedlyx2eHjXWffzh9 z/CIF9stKxr7+KWbCWwRxqGCn+bdtKh7LHnCKKHzd7cB7pjqJAA9RGG728MJ3ay3pYzX KBm7xpcDPwFThVLFe8GJyuPta1NFPjdSqaxToIJcT1e7webdyOXWHZ5IJl55cp0sWWRr GXqg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@arndb.de header.s=fm3 header.b=TtIh+KFN; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=o7eS6y4Y; arc=pass (i=1 spf=pass spfdomain=arndb.de dkim=pass dkdomain=arndb.de dkim=pass dkdomain=messagingengine.com dmarc=pass fromdomain=arndb.de); spf=pass (google.com: domain of linux-kernel+bounces-75140-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75140-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=arndb.de Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id r14-20020a0562140c4e00b0068efc23afc5si6043988qvj.385.2024.02.21.08.52.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 08:52:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75140-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@arndb.de header.s=fm3 header.b=TtIh+KFN; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=o7eS6y4Y; arc=pass (i=1 spf=pass spfdomain=arndb.de dkim=pass dkdomain=arndb.de dkim=pass dkdomain=messagingengine.com dmarc=pass fromdomain=arndb.de); spf=pass (google.com: domain of linux-kernel+bounces-75140-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75140-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=arndb.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 213801C21613 for ; Wed, 21 Feb 2024 16:52:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 25F2C839FC; Wed, 21 Feb 2024 16:51:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arndb.de header.i=@arndb.de header.b="TtIh+KFN"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="o7eS6y4Y" Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF9BE7FBC4; Wed, 21 Feb 2024 16:51:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=64.147.123.21 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708534314; cv=none; b=YUC/cke21QQ4GnqVwIVNv+DHpmosemKUivEOtckGsc9EJd7BNSA7947pmE+ojSxdqL0/43KzQFzUvDrb0JJkSgK63MR4nJY4/C6KpYVE6kOYppQSa0BqdtF0TEQyQMeWB1a1WfJ9KxGoDP7X4jUeKxcVQQadc4eWfJIkCOiMekc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708534314; c=relaxed/simple; bh=2B3cm4x5f3k4huErcoSt8JiDBfGjHHMnN6/fCcegqYs=; h=MIME-Version:Message-Id:In-Reply-To:References:Date:From:To:Cc: Subject:Content-Type; b=T5SGrV7WiKz/1K6YpxUSxt0uwMcZjGX0fPljYCgftxpxkNefy0vnZuvuFREnI2vgp1c2wa4w2IpSBq2a48x3npZrExrnbouBy8gw9VKH0r3J9RdB5bAiBbve1t6lDCUc7xC9LdtJwUwRlHj5G9Hu9gmAKhjyeE66ckQCF0/AJMY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arndb.de; spf=pass smtp.mailfrom=arndb.de; dkim=pass (2048-bit key) header.d=arndb.de header.i=@arndb.de header.b=TtIh+KFN; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=o7eS6y4Y; arc=none smtp.client-ip=64.147.123.21 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arndb.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arndb.de Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 2EC6632000EB; Wed, 21 Feb 2024 11:51:51 -0500 (EST) Received: from imap51 ([10.202.2.101]) by compute5.internal (MEProxy); Wed, 21 Feb 2024 11:51:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arndb.de; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1708534310; x=1708620710; bh=eSn5xhAHi3 xo/ygEBFEx2vlBfX3dDaFRWNt84Lii+ww=; b=TtIh+KFNlcpoiMVT9JYs3TJ82h FCPBXrrg3YbThVJJaZP9ySk8dVkOATUzjT4qnlHVg07WHCKj93DD6iU5rUoJKQy2 AhnzsMWsvgIueFXt7FrzCvOQLoXFUovcf6wBgI1urfXhHfHnpVQWWWOEufO68dPM SF9Iikry56Gz3JEORdnvVEa7oyw4RuEsj7NyXLCglnOkT6H3HiJAF2V/uFh/Qpha 1YOS/fvEjVzNAmFD3AWGHap8UPkq3kDkmRgvIvkYz8hK73Nb3GugB1dEJUvGEAr+ 9QU0BHVXKpF/3d/e3IMLMgQMXN9B5qyQf8YnKr8QSu0KzsnzwANMKhjGKb1A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1708534310; x=1708620710; bh=eSn5xhAHi3xo/ygEBFEx2vlBfX3d DaFRWNt84Lii+ww=; b=o7eS6y4YROWJ2CBZaF1INj2TnQmpqx8/fP7QHjbujumf 7soDq96w8g3sXP4J4LMHom6ve8eCk41rWRnn4KuBBbiB+W3tAtTaLKtf+Uf7uxkn zBhcvuRrHxlE1vgSM7oC6TE+VYkpxnM2//tUJYhU44a2ipaSi2OwtQLxd5M0onQi stzcbznVgY3E91cm8elsgYSj3X7dVBbdLfS3pG6WTovxrxUR6Z/RQ52DDX4fXYub +EKF1erBq1+a9aWOJByCiWbHTw1Ik6kOFWKtN6/WEcA4uz47xI9Ag2fg2o8bLUuv uAXM0XC2BCpXlFPXJ+fdQmGfqVDrfi38Ati6ag+sGg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrfedvgdelfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdetrhhn ugcuuegvrhhgmhgrnhhnfdcuoegrrhhnugesrghrnhgusgdruggvqeenucggtffrrghtth gvrhhnpeffheeugeetiefhgeethfejgfdtuefggeejleehjeeutefhfeeggefhkedtkeet ffenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrrh hnugesrghrnhgusgdruggv X-ME-Proxy: Feedback-ID: i56a14606:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 45CEFB6008D; Wed, 21 Feb 2024 11:51:50 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-153-g7e3bb84806-fm-20240215.007-g7e3bb848 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <211c9e57-ed0b-4945-9194-ad776bc386bd@app.fastmail.com> In-Reply-To: References: Date: Wed, 21 Feb 2024 17:51:23 +0100 From: "Arnd Bergmann" To: "Naresh Kamboju" , "open list" , Netdev , lkft-triage@lists.linaro.org Cc: "Kees Cook" , "Hao Luo" , "Miguel Ojeda" , "Nathan Chancellor" , "Peter Zijlstra" , "Justin Stitt" Subject: Re: x86: fortify-string.h:63:33: error: '__builtin_memcmp' specified bound exceeds maximum object size Content-Type: text/plain On Wed, Feb 21, 2024, at 16:32, Naresh Kamboju wrote: > The x86 / i386 compilations encountered errors due to additional Kconfigs > incorporated from the selftests/net/*/config in the Linux next version. > The issue first appeared with the next-20240213 tag. This problem affects > the Linux next branch, but not the mainline Linus master branch. > > Reported-by: Linux Kernel Functional Testing > > The bisection points to the following commit id, > # first bad commit: [64259ce2a20ce2dcc585a2cb83d1366fb04a6008] ubsan: > reintroduce signed overflow sanitizer > > Build errors: > ------------- > In function 'memcmp', > inlined from 'nft_pipapo_insert' at > /builds/linux/net/netfilter/nft_set_pipapo.c:1258:7: > /builds/linux/include/linux/fortify-string.h:63:33: error: > '__builtin_memcmp' specified bound 18446744071562067968 exceeds > maximum object size 9223372036854775807 [-Werror=stringop-overread] > 63 | #define __underlying_memcmp __builtin_memcmp > | ^ > /builds/linux/include/linux/fortify-string.h:655:16: note: in > expansion of macro '__underlying_memcmp' > 655 | return __underlying_memcmp(p, q, size); > | ^~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors The size 18446744071562067968 is equal to (u64)INT_MIN, so something goes wrong with the length conversion when a negative length might be passed into memcmp(). I don't see any relevant changes to this file that are likely causes, but these warnings are sometimes sensitive to compiler optimization, so it's possible that some unrelated change such as 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout") just changed the inlining behavior in a way such that either a warning is now detected when it was previously hidden and the compiler now sees more about the state, or it seems less about the state and can no longer prove that this does not happen. I have so far not seen the same issue in randconfig builds on today's linux-next with gcc-13.2.0, but I would guess that a patch like diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c index aa1d9e93a9a0..c284522f64c4 100644 --- a/net/netfilter/nft_set_pipapo.c +++ b/net/netfilter/nft_set_pipapo.c @@ -1252,11 +1252,12 @@ static int nft_pipapo_insert(const struct net *net, const struct nft_set *set, start_p = start; end_p = end; nft_pipapo_for_each_field(f, i, m) { + unsigned length = f->groups / NFT_PIPAPO_GROUPS_PER_BYTE(f); + if (f->rules >= (unsigned long)NFT_PIPAPO_RULE0_MAX) return -ENOSPC; - if (memcmp(start_p, end_p, - f->groups / NFT_PIPAPO_GROUPS_PER_BYTE(f)) > 0) + if (memcmp(start_p, end_p, length)) > 0) return -EINVAL; start_p += NFT_PIPAPO_GROUPS_PADDED_SIZE(f); will hide the issue again. Arnd