Received: by 2002:ab2:687:0:b0:1f4:6588:b3a7 with SMTP id s7csp125401lqe; Tue, 9 Apr 2024 17:28:23 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWOLRKKYMvpfFZRQQBAd2r2MLTd0b1kv/mkcG4Cb9w/wN/VPPcQn36HsHM090mMqIOCz5qdHWazbgWr9Naw2nnDwcZP2vyCOiOJMUbElA== X-Google-Smtp-Source: AGHT+IF5F2r92LI0ur64rwq7xOi99Zv4zVpGhkGsfMDNqOFPrFxUlJmkzi5+aClip8XuUnGrl9CK X-Received: by 2002:a05:6a00:1307:b0:6ed:41f4:1886 with SMTP id j7-20020a056a00130700b006ed41f41886mr1769601pfu.8.1712708903014; Tue, 09 Apr 2024 17:28:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712708903; cv=pass; d=google.com; s=arc-20160816; b=xYzwpfEv5V8YZAldQcIODjU6D+8RCbulJRUeViXlq9IvKdy9K4AuXWZEioZN3+3/IH UB+UgpHsU/2ePXEgwcHE9744o6l2/1jlXlBVNimYLVS4aUfLkiBLooHPdGCs7W5Na6OB o3tu7iqEAqzv+bUB8nE7KSfAuDSm0v7N0Ldv1xFlhcO99cVaw7pOn8MOW7kE9oLQtih/ TuUukfFb/f1GvfUqWayDt5+d+0+y1fblLE8yqvx08vXnr3FUYk4w1mF99uVz3B6nqi5E QdeasDfHGGIH8WgC73k1xBYKuKHU8MpHEJ+POEF6IJmyme5yNj5fA4kasKDHRvqpjxUH U6eQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=ovDthVW7r0uBySIExmKxz78q0JYqkQ5bKXWaw7WizAg=; fh=2rC8MX1+0GW6AbSlhC/m6vzhz4/9/Lhfmcama/mvPaQ=; b=Lkyv00Z5XMZom1NrrL+XiiW5Z5nnLSZ42/A3D1D4AGcTBg1U+n6ga4I5QdW6SKEnmU Si4pN4284cVDN4PoATVfwbdoj3EIIz+xjb3UxPg+mdzbKJpyY4LlxuBNVNUa9UdoOxj6 jLNz1laPulF7G8Ybl+Uki+PHf/4RAmrfzK4heBjfER/flC3TIqbaPBr8dot84pQdbT2T Sz+473I8fm3a93dubc9naLr/xnhs42IPElb+WXRuuYvmatcu5FdXY6DNMk+kTcqxAoYd c5pEvbwWnPyMQcPE+RJvRoBbRVecqGAt5K1p+qDVQyasf0DSD3IwjImcWjbk0J7jtPLn N8Hw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=s43aOJgZ; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-137765-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137765-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id r11-20020a63d90b000000b005dc42755289si9742425pgg.488.2024.04.09.17.28.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 17:28:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-137765-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=s43aOJgZ; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-137765-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137765-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A2D17283BDC for ; Wed, 10 Apr 2024 00:28:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 596E863E; Wed, 10 Apr 2024 00:28:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="s43aOJgZ" Received: from out162-62-57-252.mail.qq.com (out162-62-57-252.mail.qq.com [162.62.57.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B4DDE19F; Wed, 10 Apr 2024 00:28:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=162.62.57.252 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712708894; cv=none; b=jP0ER3w5cUO7ONRZLMgJXkq0R1xjj8y4ifjLJb/bxKdFkz4PgIDWYy7w9zRJut3pJl4F3wHpvoAJJffy+udIf6/8i1Tv82103jniN90kXMf8l45ScLGKD64BwkoU9Vav2PorrJN0OI5z5Te6xJVRjnF9T0RFZd9GHCbpjM220Kk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712708894; c=relaxed/simple; bh=W+pYLXuRXB0jH5q5NK82XfEzLZKFNQRH5v63Njz4D2o=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=Zg1/EPrpdmxBKoeLRaSiEPll6NVL2pE9Zc95jEbLMm6jIAVdAf3msvpDaCt3yBrv+r9FyRUB/mubvmxQK7qBPTKNXTP1lZ4JvAntbqoGa9btwaiJdGjpEhPGBmemEzwVJZB1vCFzV7pLvjPPEq+5MrPfpcaeFXe8xb0cvptYxCs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=s43aOJgZ; arc=none smtp.client-ip=162.62.57.252 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1712708885; bh=ovDthVW7r0uBySIExmKxz78q0JYqkQ5bKXWaw7WizAg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=s43aOJgZZE5lccYurgJjlLZrnGsonBdCd6x1V9v9PM+pcMuc4zj7hnomuzngN4Xaz rn3WF7lm18QD9TBDPEa265RJRyO5vRG38X2kRoh7TzLk9CeirGyAYk25flr4xifqA9 riRoVm7trSsARxUOP0z4gqtDmxOiA6cxFhk9z0R0= Received: from pek-lxu-l1.wrs.com ([111.198.228.153]) by newxmesmtplogicsvrszc19-0.qq.com (NewEsmtp) with SMTP id 701004C9; Wed, 10 Apr 2024 08:28:01 +0800 X-QQ-mid: xmsmtpt1712708881ta4aorxgu Message-ID: X-QQ-XMAILINFO: N5sfBKY/oC4kM+iGSm6/9VCLVz8SGTECWfptp5OikjMSRFNCCQNfxKXST3r33W DUPiklFjqBdyQutO5oxysWrhjgBej1LJjDMWS8LRdP7P8NF+U3+gOOCRxd3ul1RIj6fyGaDLAUWJ Cyw6qH5JBlfQcJhcychPjL7LB1dyqJbq9t39TK2mooK3ycFVzt1LFCi6m9LYbYmSuJV64tpbMBfl H2Jhwz0UisNyNfKavN8h2oz56RGgzk4GoyqKqZ8eh7Zt3yCsHE/VmIFq2FdI7YyhGDjGtFZkOT4r tGL/tBnLlx8ttq8CFkrJJadd4KypmeZe59v7wErxdJ+91h/S2su4ypgeNeflhCIh7rJ/Kuhw5B6P Ly9nW62wG61vrwHQGYpV3DJqziJpKChqLH8AkparwEm0DMlsZ9FKtAEG7MaTfAYXdYJLEvQQU183 yH0jnZPw3bj/d2gau3MZUXy3EPtsKAxF0N1h/IeKc4N9r6KTP2jT4CiCY9aD097qMPlYA/BiuP1J h8dTgeF1f6VJ2TvcRHkTTFXr/3fhDPVcAHn32PB8MmpYzkjjtc6Ey5M0eLU9nwH67ZZHFG916ntY d5rlqEA5xBoJ3iCMX0bjHnO8EfNvqOnTAt5LU7BRBjBrsxz7vIXbt420Zqbu8GywWAHwCtrtEeb7 Zw3e38wHADGvZyI9LE+Dz+irtAUsLMsPhzMetrI4QWUThiMXX0odv6fSj6eSzRndE4ozLvjKunyu MJl9k/whTFP9yAuG2NcyGPFiXQe9UoLndaGbK1ji/7rGeIajCPKU/11ho7+7fkCVUQs6MdcMkMih qTyuSi1w6d/4pRchxLOgtltkh9McWO8cNGSIC06k+qas4i+LJ4KJigbNx7xfdwB+GttQXYFwlq/0 IY3Z6TEzAJ4MfQ2AcrOO78x6WlMDUkNX49BP5LzdJsqO3cQpKGdzPACVb60Vjemsh8eG5+W8fDSt Y4+q9EIUs= X-QQ-XMRINFO: M/715EihBoGSf6IYSX1iLFg= From: Edward Adam Davis To: martin.lau@linux.dev Cc: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net, eadavis@qq.com, haoluo@google.com, john.fastabend@gmail.com, jolsa@kernel.org, kpsingh@kernel.org, linux-kernel@vger.kernel.org, sdf@google.com, song@kernel.org, syzbot+9b8be5e35747291236c8@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com, yonghong.song@linux.dev Subject: Re: [PATCH] bpf: fix uninit-value in strnchr Date: Wed, 10 Apr 2024 08:28:01 +0800 X-OQ-MSGID: <20240410002800.176768-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <3cbc70e6-04e9-4523-9d4d-84d0794cfc74@linux.dev> References: <3cbc70e6-04e9-4523-9d4d-84d0794cfc74@linux.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Tue, 9 Apr 2024 10:59:17 -0700, Martin KaFai Lau wrote: > > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c > > index 449b9a5d3fe3..07490eba24fe 100644 > > --- a/kernel/bpf/helpers.c > > +++ b/kernel/bpf/helpers.c > > @@ -826,7 +826,7 @@ int bpf_bprintf_prepare(char *fmt, u32 fmt_size, const u64 *raw_args, > > u64 cur_arg; > > char fmt_ptype, cur_ip[16], ip_spec[] = "%pXX"; > > > > - fmt_end = strnchr(fmt, fmt_size, 0); > > + fmt_end = strnchrnul(fmt, fmt_size, 0); > > I don't think it is correct either. > > > if (!fmt_end) > > e.g. what will strnchrnul return if fmt is not NULL terminated? > > The current code is correct as is. Comment snippet from strnchr: > > /* > * ... > * > * Note that the %NUL-terminator is considered part of the string, and can > * be searched for. > */ > char *strnchr(const char *s, size_t count, int c) lib/string.c 9 /** 8 * strnchr - Find a character in a length limited string 7 * @s: The string to be searched 6 * @count: The number of characters to be searched 5 * @c: The character to search for 4 * 3 * Note that the %NUL-terminator is considered part of the string, and can 2 * be searched for. 1 */ 384 char *strnchr(const char *s, size_t count, int c) 1 { 2 while (count--) { 3 if (*s == (char)c) // Only when the length of s is 1, can NUL char be obtained 4 return (char *)s; 5 if (*s++ == '\0') // When the length of s is greater than 1, the loop will terminate and return NULL, without obtaining a pointer to a NUL char 6 break; 7 } 8 return NULL; 9 } > > > > return -EINVAL; > > fmt_size = fmt_end - fmt;