The "l + 3" addition can have integer overflow on 32 bit systems
when it is used in __xdr_inline_decode(). The overflowed value
would be zero and the check "nwords > xdr->nwords" would not work
as intended.
Fixes: ba8e452a4fe6 ("SUNRPC: Add a helper function xdr_inline_peek")
Signed-off-by: Dan Carpenter <[email protected]>
---
include/linux/sunrpc/xdr.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
index 2f8dc47f1eb0..585059f2afca 100644
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -14,6 +14,7 @@
#include <linux/uio.h>
#include <asm/byteorder.h>
#include <asm/unaligned.h>
+#include <linux/overflow.h>
#include <linux/scatterlist.h>
struct bio_vec;
@@ -29,7 +30,7 @@ struct rpc_rqst;
/*
* Buffer adjustment
*/
-#define XDR_QUADLEN(l) (((l) + 3) >> 2)
+#define XDR_QUADLEN(l) (size_add(l, 3) >> 2)
/*
* Generic opaque `network object.'
--
2.43.0
Hi Dan,
kernel test robot noticed the following build errors:
[auto build test ERROR on trondmy-nfs/linux-next]
[also build test ERROR on linus/master v6.9-rc7 next-20240509]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Dan-Carpenter/SUNRPC-prevent-integer-overflow-in-XDR_QUADLEN/20240509-185141
base: git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next
patch link: https://lore.kernel.org/r/bbf929d6-18d2-4b7e-a660-a19460af0a3c%40moroto.mountain
patch subject: [PATCH 1/2] SUNRPC: prevent integer overflow in XDR_QUADLEN()
config: alpha-defconfig (https://download.01.org/0day-ci/archive/20240510/[email protected]/config)
compiler: alpha-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240510/[email protected]/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
All errors (new ones prefixed by >>):
In file included from include/linux/sunrpc/clnt.h:22,
from net/sunrpc/auth_unix.c:15:
>> include/linux/sunrpc/auth.h:33:25: error: initializer element is not constant
33 | #define UNX_CALLSLACK (21 + XDR_QUADLEN(UNX_MAXNODENAME))
| ^
net/sunrpc/auth_unix.c:225:27: note: in expansion of macro 'UNX_CALLSLACK'
225 | .au_cslack = UNX_CALLSLACK,
| ^~~~~~~~~~~~~
include/linux/sunrpc/auth.h:33:25: note: (near initialization for 'unix_auth.au_cslack')
33 | #define UNX_CALLSLACK (21 + XDR_QUADLEN(UNX_MAXNODENAME))
| ^
net/sunrpc/auth_unix.c:225:27: note: in expansion of macro 'UNX_CALLSLACK'
225 | .au_cslack = UNX_CALLSLACK,
| ^~~~~~~~~~~~~
--
>> net/sunrpc/rpcb_clnt.c:100:33: error: initializer element is not constant
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:996:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
996 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:100:33: note: (near initialization for 'rpcb_procedures3[1].p_arglen')
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:996:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
996 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
>> net/sunrpc/rpcb_clnt.c:100:33: error: initializer element is not constant
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1006:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1006 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:100:33: note: (near initialization for 'rpcb_procedures3[2].p_arglen')
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1006:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1006 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
>> net/sunrpc/rpcb_clnt.c:100:33: error: initializer element is not constant
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1016:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1016 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:100:33: note: (near initialization for 'rpcb_procedures3[3].p_arglen')
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1016:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1016 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:92:33: error: initializer element is not constant
92 | #define RPCB_addr_sz (1 + XDR_QUADLEN(RPCBIND_MAXUADDRLEN))
| ^
net/sunrpc/rpcb_clnt.c:111:33: note: in expansion of macro 'RPCB_addr_sz'
111 | #define RPCB_getaddrres_sz RPCB_addr_sz
| ^~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:1017:35: note: in expansion of macro 'RPCB_getaddrres_sz'
1017 | .p_replen = RPCB_getaddrres_sz,
| ^~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:92:33: note: (near initialization for 'rpcb_procedures3[3].p_replen')
92 | #define RPCB_addr_sz (1 + XDR_QUADLEN(RPCBIND_MAXUADDRLEN))
| ^
net/sunrpc/rpcb_clnt.c:111:33: note: in expansion of macro 'RPCB_addr_sz'
111 | #define RPCB_getaddrres_sz RPCB_addr_sz
| ^~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:1017:35: note: in expansion of macro 'RPCB_getaddrres_sz'
1017 | .p_replen = RPCB_getaddrres_sz,
| ^~~~~~~~~~~~~~~~~~
>> net/sunrpc/rpcb_clnt.c:100:33: error: initializer element is not constant
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1029:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1029 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:100:33: note: (near initialization for 'rpcb_procedures4[1].p_arglen')
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1029:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1029 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
>> net/sunrpc/rpcb_clnt.c:100:33: error: initializer element is not constant
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1039:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1039 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:100:33: note: (near initialization for 'rpcb_procedures4[2].p_arglen')
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1039:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1039 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
>> net/sunrpc/rpcb_clnt.c:100:33: error: initializer element is not constant
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1049:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1049 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:100:33: note: (near initialization for 'rpcb_procedures4[3].p_arglen')
100 | #define RPCB_getaddrargs_sz (RPCB_program_sz + RPCB_version_sz + \
| ^
net/sunrpc/rpcb_clnt.c:1049:35: note: in expansion of macro 'RPCB_getaddrargs_sz'
1049 | .p_arglen = RPCB_getaddrargs_sz,
| ^~~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:92:33: error: initializer element is not constant
92 | #define RPCB_addr_sz (1 + XDR_QUADLEN(RPCBIND_MAXUADDRLEN))
| ^
net/sunrpc/rpcb_clnt.c:111:33: note: in expansion of macro 'RPCB_addr_sz'
111 | #define RPCB_getaddrres_sz RPCB_addr_sz
| ^~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:1050:35: note: in expansion of macro 'RPCB_getaddrres_sz'
1050 | .p_replen = RPCB_getaddrres_sz,
| ^~~~~~~~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:92:33: note: (near initialization for 'rpcb_procedures4[3].p_replen')
92 | #define RPCB_addr_sz (1 + XDR_QUADLEN(RPCBIND_MAXUADDRLEN))
| ^
net/sunrpc/rpcb_clnt.c:111:33: note: in expansion of macro 'RPCB_addr_sz'
111 | #define RPCB_getaddrres_sz RPCB_addr_sz
| ^~~~~~~~~~~~
net/sunrpc/rpcb_clnt.c:1050:35: note: in expansion of macro 'RPCB_getaddrres_sz'
1050 | .p_replen = RPCB_getaddrres_sz,
| ^~~~~~~~~~~~~~~~~~
--
>> fs/lockd/svcproc.c:548:17: error: initializer element is not constant
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:571:34: note: in expansion of macro 'Ck'
571 | .pc_xdrressize = Ck+St+2+No+Rg,
| ^~
fs/lockd/svcproc.c:548:17: note: (near initialization for 'nlmsvc_procedures[1].pc_xdrressize')
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:571:34: note: in expansion of macro 'Ck'
571 | .pc_xdrressize = Ck+St+2+No+Rg,
| ^~
>> fs/lockd/svcproc.c:548:17: error: initializer element is not constant
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:581:34: note: in expansion of macro 'Ck'
581 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svcproc.c:548:17: note: (near initialization for 'nlmsvc_procedures[2].pc_xdrressize')
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:581:34: note: in expansion of macro 'Ck'
581 | .pc_xdrressize = Ck+St,
| ^~
>> fs/lockd/svcproc.c:548:17: error: initializer element is not constant
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:591:34: note: in expansion of macro 'Ck'
591 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svcproc.c:548:17: note: (near initialization for 'nlmsvc_procedures[3].pc_xdrressize')
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:591:34: note: in expansion of macro 'Ck'
591 | .pc_xdrressize = Ck+St,
| ^~
>> fs/lockd/svcproc.c:548:17: error: initializer element is not constant
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:601:34: note: in expansion of macro 'Ck'
601 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svcproc.c:548:17: note: (near initialization for 'nlmsvc_procedures[4].pc_xdrressize')
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:601:34: note: in expansion of macro 'Ck'
601 | .pc_xdrressize = Ck+St,
| ^~
>> fs/lockd/svcproc.c:548:17: error: initializer element is not constant
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:611:34: note: in expansion of macro 'Ck'
611 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svcproc.c:548:17: note: (near initialization for 'nlmsvc_procedures[5].pc_xdrressize')
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:611:34: note: in expansion of macro 'Ck'
611 | .pc_xdrressize = Ck+St,
| ^~
>> fs/lockd/svcproc.c:548:17: error: initializer element is not constant
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:761:34: note: in expansion of macro 'Ck'
761 | .pc_xdrressize = Ck+St+1,
| ^~
fs/lockd/svcproc.c:548:17: note: (near initialization for 'nlmsvc_procedures[20].pc_xdrressize')
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:761:34: note: in expansion of macro 'Ck'
761 | .pc_xdrressize = Ck+St+1,
| ^~
>> fs/lockd/svcproc.c:548:17: error: initializer element is not constant
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:771:34: note: in expansion of macro 'Ck'
771 | .pc_xdrressize = Ck+St+1,
| ^~
fs/lockd/svcproc.c:548:17: note: (near initialization for 'nlmsvc_procedures[21].pc_xdrressize')
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:771:34: note: in expansion of macro 'Ck'
771 | .pc_xdrressize = Ck+St+1,
| ^~
>> fs/lockd/svcproc.c:548:17: error: initializer element is not constant
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:781:34: note: in expansion of macro 'Ck'
781 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svcproc.c:548:17: note: (near initialization for 'nlmsvc_procedures[22].pc_xdrressize')
548 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svcproc.c:781:34: note: in expansion of macro 'Ck'
781 | .pc_xdrressize = Ck+St,
| ^~
--
>> fs/lockd/mon.c:536:25: error: initializer element is not constant
536 | #define SM_mon_sz (SM_mon_id_sz+SM_priv_sz)
| ^
fs/lockd/mon.c:545:35: note: in expansion of macro 'SM_mon_sz'
545 | .p_arglen = SM_mon_sz,
| ^~~~~~~~~
fs/lockd/mon.c:536:25: note: (near initialization for 'nsm_procedures[2].p_arglen')
536 | #define SM_mon_sz (SM_mon_id_sz+SM_priv_sz)
| ^
fs/lockd/mon.c:545:35: note: in expansion of macro 'SM_mon_sz'
545 | .p_arglen = SM_mon_sz,
| ^~~~~~~~~
fs/lockd/mon.c:534:25: error: initializer element is not constant
534 | #define SM_mon_id_sz (SM_mon_name_sz+SM_my_id_sz)
| ^
fs/lockd/mon.c:554:35: note: in expansion of macro 'SM_mon_id_sz'
554 | .p_arglen = SM_mon_id_sz,
| ^~~~~~~~~~~~
fs/lockd/mon.c:534:25: note: (near initialization for 'nsm_procedures[3].p_arglen')
534 | #define SM_mon_id_sz (SM_mon_name_sz+SM_my_id_sz)
| ^
fs/lockd/mon.c:554:35: note: in expansion of macro 'SM_mon_id_sz'
554 | .p_arglen = SM_mon_id_sz,
| ^~~~~~~~~~~~
--
>> fs/lockd/svc4proc.c:514:17: error: initializer element is not constant
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:537:34: note: in expansion of macro 'Ck'
537 | .pc_xdrressize = Ck+St+2+No+Rg,
| ^~
fs/lockd/svc4proc.c:514:17: note: (near initialization for 'nlmsvc_procedures4[1].pc_xdrressize')
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:537:34: note: in expansion of macro 'Ck'
537 | .pc_xdrressize = Ck+St+2+No+Rg,
| ^~
>> fs/lockd/svc4proc.c:514:17: error: initializer element is not constant
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:547:34: note: in expansion of macro 'Ck'
547 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svc4proc.c:514:17: note: (near initialization for 'nlmsvc_procedures4[2].pc_xdrressize')
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:547:34: note: in expansion of macro 'Ck'
547 | .pc_xdrressize = Ck+St,
| ^~
>> fs/lockd/svc4proc.c:514:17: error: initializer element is not constant
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:557:34: note: in expansion of macro 'Ck'
557 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svc4proc.c:514:17: note: (near initialization for 'nlmsvc_procedures4[3].pc_xdrressize')
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:557:34: note: in expansion of macro 'Ck'
557 | .pc_xdrressize = Ck+St,
| ^~
>> fs/lockd/svc4proc.c:514:17: error: initializer element is not constant
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:567:34: note: in expansion of macro 'Ck'
567 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svc4proc.c:514:17: note: (near initialization for 'nlmsvc_procedures4[4].pc_xdrressize')
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:567:34: note: in expansion of macro 'Ck'
567 | .pc_xdrressize = Ck+St,
| ^~
>> fs/lockd/svc4proc.c:514:17: error: initializer element is not constant
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:577:34: note: in expansion of macro 'Ck'
577 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svc4proc.c:514:17: note: (near initialization for 'nlmsvc_procedures4[5].pc_xdrressize')
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:577:34: note: in expansion of macro 'Ck'
577 | .pc_xdrressize = Ck+St,
| ^~
>> fs/lockd/svc4proc.c:514:17: error: initializer element is not constant
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:727:34: note: in expansion of macro 'Ck'
727 | .pc_xdrressize = Ck+St+1,
| ^~
fs/lockd/svc4proc.c:514:17: note: (near initialization for 'nlmsvc_procedures4[20].pc_xdrressize')
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:727:34: note: in expansion of macro 'Ck'
727 | .pc_xdrressize = Ck+St+1,
| ^~
>> fs/lockd/svc4proc.c:514:17: error: initializer element is not constant
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:737:34: note: in expansion of macro 'Ck'
737 | .pc_xdrressize = Ck+St+1,
| ^~
fs/lockd/svc4proc.c:514:17: note: (near initialization for 'nlmsvc_procedures4[21].pc_xdrressize')
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:737:34: note: in expansion of macro 'Ck'
737 | .pc_xdrressize = Ck+St+1,
| ^~
>> fs/lockd/svc4proc.c:514:17: error: initializer element is not constant
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:747:34: note: in expansion of macro 'Ck'
747 | .pc_xdrressize = Ck+St,
| ^~
fs/lockd/svc4proc.c:514:17: note: (near initialization for 'nlmsvc_procedures4[22].pc_xdrressize')
514 | #define Ck (1+XDR_QUADLEN(NLM_MAXCOOKIELEN)) /* cookie */
| ^
fs/lockd/svc4proc.c:747:34: note: in expansion of macro 'Ck'
747 | .pc_xdrressize = Ck+St,
| ^~
..
vim +33 include/linux/sunrpc/auth.h
4500632f60fa0d Chuck Lever 2016-03-01 27
24a9a9610ce3ba Jeff Layton 2015-08-03 28 /*
24a9a9610ce3ba Jeff Layton 2015-08-03 29 * Size of the nodename buffer. RFC1831 specifies a hard limit of 255 bytes,
24a9a9610ce3ba Jeff Layton 2015-08-03 30 * but Linux hostnames are actually limited to __NEW_UTS_LEN bytes.
24a9a9610ce3ba Jeff Layton 2015-08-03 31 */
24a9a9610ce3ba Jeff Layton 2015-08-03 32 #define UNX_MAXNODENAME __NEW_UTS_LEN
4500632f60fa0d Chuck Lever 2016-03-01 @33 #define UNX_CALLSLACK (21 + XDR_QUADLEN(UNX_MAXNODENAME))
5786461bd8ea81 Kinglong Mee 2017-02-07 34 #define UNX_NGROUPS 16
^1da177e4c3f41 Linus Torvalds 2005-04-16 35
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Hi Dan,
kernel test robot noticed the following build errors:
[auto build test ERROR on trondmy-nfs/linux-next]
[also build test ERROR on linus/master v6.9-rc7 next-20240509]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Dan-Carpenter/SUNRPC-prevent-integer-overflow-in-XDR_QUADLEN/20240509-185141
base: git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next
patch link: https://lore.kernel.org/r/bbf929d6-18d2-4b7e-a660-a19460af0a3c%40moroto.mountain
patch subject: [PATCH 1/2] SUNRPC: prevent integer overflow in XDR_QUADLEN()
config: s390-defconfig (https://download.01.org/0day-ci/archive/20240510/[email protected]/config)
compiler: clang version 19.0.0git (https://github.com/llvm/llvm-project b910bebc300dafb30569cecc3017b446ea8eafa0)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240510/[email protected]/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
All errors (new ones prefixed by >>):
In file included from include/linux/highmem.h:10:
In file included from include/linux/mm.h:2188:
include/linux/vmstat.h:508:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion]
508 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~ ^
509 | item];
| ~~~~
include/linux/vmstat.h:515:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion]
515 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~ ^
516 | NR_VM_NUMA_EVENT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~~
include/linux/vmstat.h:522:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion]
522 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_"
| ~~~~~~~~~~~ ^ ~~~
include/linux/vmstat.h:527:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion]
527 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~ ^
528 | NR_VM_NUMA_EVENT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~~
include/linux/vmstat.h:536:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion]
536 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~ ^
537 | NR_VM_NUMA_EVENT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~~
In file included from fs/nfsd/nfs4callback.c:34:
In file included from include/linux/nfs4.h:19:
In file included from include/linux/sunrpc/msg_prot.h:205:
In file included from include/linux/inet.h:42:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:28:
In file included from include/linux/dma-mapping.h:11:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:78:
include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
547 | val = __raw_readb(PCI_IOBASE + addr);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
560 | val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
| ~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
37 | #define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
| ^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
102 | #define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
| ^
In file included from fs/nfsd/nfs4callback.c:34:
In file included from include/linux/nfs4.h:19:
In file included from include/linux/sunrpc/msg_prot.h:205:
In file included from include/linux/inet.h:42:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:28:
In file included from include/linux/dma-mapping.h:11:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:78:
include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
573 | val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
| ~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
35 | #define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
| ^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
115 | #define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
| ^
In file included from fs/nfsd/nfs4callback.c:34:
In file included from include/linux/nfs4.h:19:
In file included from include/linux/sunrpc/msg_prot.h:205:
In file included from include/linux/inet.h:42:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:28:
In file included from include/linux/dma-mapping.h:11:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:78:
include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
584 | __raw_writeb(value, PCI_IOBASE + addr);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
594 | __raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
604 | __raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:692:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
692 | readsb(PCI_IOBASE + addr, buffer, count);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:700:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
700 | readsw(PCI_IOBASE + addr, buffer, count);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:708:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
708 | readsl(PCI_IOBASE + addr, buffer, count);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:717:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
717 | writesb(PCI_IOBASE + addr, buffer, count);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:726:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
726 | writesw(PCI_IOBASE + addr, buffer, count);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:735:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
735 | writesl(PCI_IOBASE + addr, buffer, count);
| ~~~~~~~~~~ ^
>> fs/nfsd/nfs4callback.c:832:2: error: initializer element is not a compile-time constant
832 | PROC(CB_OFFLOAD, COMPOUND, cb_offload, cb_offload),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nfsd/nfs4callback.c:819:15: note: expanded from macro 'PROC'
819 | .p_arglen = NFS4_enc_##argtype##_sz, \
| ^~~~~~~~~~~~~~~~~~~~~~~
<scratch space>:133:1: note: expanded from here
133 | NFS4_enc_cb_offload_sz
| ^~~~~~~~~~~~~~~~~~~~~~
fs/nfsd/xdr4cb.h:43:33: note: expanded from macro 'NFS4_enc_cb_offload_sz'
43 | #define NFS4_enc_cb_offload_sz (cb_compound_enc_hdr_sz + \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
44 | cb_sequence_enc_sz + \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
45 | enc_nfs4_fh_sz + \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
46 | enc_stateid_sz + \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
47 | enc_cb_offload_info_sz)
| ~~~~~~~~~~~~~~~~~~~~~~~
17 warnings and 1 error generated.
vim +832 fs/nfsd/nfs4callback.c
^1da177e4c3f415 Linus Torvalds 2005-04-16 824
499b4988109e91b Christoph Hellwig 2017-05-12 825 static const struct rpc_procinfo nfs4_cb_procedures[] = {
7d93bd71cb3e262 Chuck Lever 2010-12-14 826 PROC(CB_NULL, NULL, cb_null, cb_null),
7d93bd71cb3e262 Chuck Lever 2010-12-14 827 PROC(CB_RECALL, COMPOUND, cb_recall, cb_recall),
c5c707f96fc9a6e Christoph Hellwig 2014-09-23 828 #ifdef CONFIG_NFSD_PNFS
c5c707f96fc9a6e Christoph Hellwig 2014-09-23 829 PROC(CB_LAYOUT, COMPOUND, cb_layout, cb_layout),
c5c707f96fc9a6e Christoph Hellwig 2014-09-23 830 #endif
a188620ebd294b1 Jeff Layton 2016-09-16 831 PROC(CB_NOTIFY_LOCK, COMPOUND, cb_notify_lock, cb_notify_lock),
9eb190fca8f9056 Olga Kornievskaia 2018-07-20 @832 PROC(CB_OFFLOAD, COMPOUND, cb_offload, cb_offload),
3959066b697b5df Dai Ngo 2022-11-16 833 PROC(CB_RECALL_ANY, COMPOUND, cb_recall_any, cb_recall_any),
^1da177e4c3f415 Linus Torvalds 2005-04-16 834 };
^1da177e4c3f415 Linus Torvalds 2005-04-16 835
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki