Re: [PATCH] net/mlx5: fix a -Wstringop-truncation warning
From: Qian Cai
Date: Tue Aug 27 2019 - 16:12:21 EST
On Mon, 2019-08-26 at 21:11 +0000, Saeed Mahameed wrote:
> On Fri, 2019-08-23 at 15:56 -0400, Qian Cai wrote:
> > In file included from ./arch/powerpc/include/asm/paca.h:15,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom ./arch/powerpc/include/asm/current.h:13,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom ./include/linux/thread_info.h:21,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom ./include/asm-generic/preempt.h:5,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom
> > ./arch/powerpc/include/generated/asm/preempt.h:1,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom ./include/linux/preempt.h:78,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom ./include/linux/spinlock.h:51,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom ./include/linux/wait.h:9,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom ./include/linux/completion.h:12,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom ./include/linux/mlx5/driver.h:37,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom
> > drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h:6,
> > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂfrom
> > drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c:33:
> > In function 'strncpy',
> > ÂÂÂÂinlined from 'mlx5_fw_tracer_save_trace' at
> > drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c:549:2,
> > ÂÂÂÂinlined from 'mlx5_tracer_print_trace' at
> > drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c:574:2:
> > ./include/linux/string.h:305:9: warning: '__builtin_strncpy' output
> > may
> > be truncated copying 256 bytes from a string of length 511
> > [-Wstringop-truncation]
> > Â return __builtin_strncpy(p, q, size);
> > ÂÂÂÂÂÂÂÂÂ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > Fix it by using the new strscpy_pad() since the commit 458a3bf82df4
> > ("lib/string: Add strscpy_pad() function") which will always
> > NUL-terminate the string, and avoid possibly leak data through the
> > ring
> > buffer where non-admin account might enable these events through
> > perf.
> >
> > Fixes: fd1483fe1f9f ("net/mlx5: Add support for FW reporter dump")
> > Signed-off-by: Qian Cai <cai@xxxxxx>
>
>
> Hi Qian and thanks for your patch,
>
> We already have a patch that handles this issue, please check it out:
> https://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux.git/commit/?h=net-
> next-mlx5
>
That commit will make "struct mlx5_fw_tracer" too large and trigger a warning in
__alloc_pages_nodemask(),
ÂÂÂÂÂÂÂÂ/*
ÂÂÂÂÂÂÂÂÂ* There are several places where we assume that the order value is sane
ÂÂÂÂÂÂÂÂÂ* so bail out early if the request is out of bound.
ÂÂÂÂÂÂÂÂÂ*/
ÂÂÂÂÂÂÂÂif (unlikely(order >= MAX_ORDER)) {
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂWARN_ON_ONCE(!(gfp_mask & __GFP_NOWARN));
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂreturn NULL;
ÂÂÂÂÂÂÂÂ}
[ÂÂÂ98.339576][ÂÂT914] WARNING: CPU: 0 PID: 914 at mm/page_alloc.c:4705
__alloc_pages_nodemask+0x441/0x1bb0
[ÂÂÂ98.349174][ÂÂT914] Modules linked in: smartpqi(+) scsi_transport_sas tg3
mlx5_core(+) libphy firmware_class dm_mirror dm_region_hash dm_log dm_mod
efivarfs
[ÂÂÂ98.363495][ÂÂT914] CPU: 0 PID: 914 Comm: kworker/0:2 Not tainted 5.3.0-rc6-
next-20190827+ #14
[ÂÂÂ98.372243][ÂÂT914] Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385
Gen10, BIOS A40 07/10/2019
[ÂÂÂ98.381627][ÂÂT914] Workqueue: events work_for_cpu_fn
[ÂÂÂ98.386720][ÂÂT914] RIP: 0010:__alloc_pages_nodemask+0x441/0x1bb0
[ÂÂÂ98.392917][ÂÂT914] Code: 17 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d
c3 89 85 3c fe ff ff bb 01 00 00 00 e9 96 fd ff ff 81 e7 00 20 00 00 75 02 <0f>
0b 48 c7 85 50 fe ff ff 00 00 00 00 eb 82 31 d2 be 36 12 00 00
[ÂÂÂ98.412740][ÂÂT914] RSP: 0018:ffff88853418f948 EFLAGS: 00010246
[ÂÂÂ98.418704][ÂÂT914] RAX: 0000000000000000 RBX: ffffffff9571a860 RCX:
1ffff110a6831f3e
[ÂÂÂ98.426652][ÂÂT914] RDX: 0000000000000000 RSI: 000000000000000b RDI:
0000000000000000
[ÂÂÂ98.434661][ÂÂT914] RBP: ffff88853418fb58 R08: ffffed1108808465 R09:
ffffed1108808465
[ÂÂÂ98.442613][ÂÂT914] R10: ffffed1108808464 R11: ffff888844042323 R12:
0000000000000000
[ÂÂÂ98.450548][ÂÂT914] R13: 000000000000000b R14: 0000000000000000 R15:
0000000000000001
[ÂÂÂ98.458434][ÂÂT914] FS:ÂÂ0000000000000000(0000) GS:ffff888844000000(0000)
knlGS:0000000000000000
[ÂÂÂ98.467350][ÂÂT914] CS:ÂÂ0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ÂÂÂ98.473911][ÂÂT914] CR2: 0000555c64680148 CR3: 0000000550412000 CR4:
00000000003406b0
[ÂÂÂ98.481838][ÂÂT914] Call Trace:
[ÂÂÂ98.485011][ÂÂT914]ÂÂ? find_next_bit+0x2c/0xa0
[ÂÂÂ98.489490][ÂÂT914]ÂÂ? __kasan_check_write+0x14/0x20
[ÂÂÂ98.494506][ÂÂT914]ÂÂ? graph_lock+0xb8/0x120
[ÂÂÂ98.498811][ÂÂT914]ÂÂ? __free_zapped_classes+0x740/0x740
[ÂÂÂ98.504239][ÂÂT914]ÂÂ? gfp_pfmemalloc_allowed+0xc0/0xc0
[ÂÂÂ98.509504][ÂÂT914]ÂÂ? __kasan_check_read+0x11/0x20
[ÂÂÂ98.514443][ÂÂT914]ÂÂ? register_lock_class+0x5ef/0x960
[ÂÂÂ98.519624][ÂÂT914]ÂÂ? rcu_read_lock_sched_held+0xac/0xe0
[ÂÂÂ98.525152][ÂÂT914]ÂÂ? rcu_read_lock_any_held.part.5+0x20/0x20
[ÂÂÂ98.531130][ÂÂT914]ÂÂ? find_next_bit+0x2c/0xa0
[ÂÂÂ98.535610][ÂÂT914]ÂÂalloc_pages_current+0x9c/0x110
[ÂÂÂ98.540638][ÂÂT914]ÂÂkmalloc_order+0x22/0x70
[ÂÂÂ98.544943][ÂÂT914]ÂÂkmalloc_order_trace+0x23/0x100
[ÂÂÂ98.550072][ÂÂT914]ÂÂmlx5_fw_tracer_create+0x51/0x870 [mlx5_core]
[ÂÂÂ98.556213][ÂÂT914]ÂÂ? __mutex_init+0x94/0xa0
[ÂÂÂ98.560744][ÂÂT914]ÂÂ? mlx5_init_rl_table+0x144/0x210 [mlx5_core]
[ÂÂÂ98.566929][ÂÂT914]ÂÂmlx5_load_one+0x199/0x980 [mlx5_core]
[ÂÂÂ98.572637][ÂÂT914]ÂÂinit_one+0x494/0x760 [mlx5_core]
[ÂÂÂ98.577771][ÂÂT914]ÂÂ? mlx5_pci_resume+0xd0/0xd0 [mlx5_core]
[ÂÂÂ98.583574][ÂÂT914]ÂÂlocal_pci_probe+0x7a/0xc0
[ÂÂÂ98.588054][ÂÂT914]ÂÂ? pci_dma_configure+0xa0/0xa0
[ÂÂÂ98.592938][ÂÂT914]ÂÂwork_for_cpu_fn+0x2e/0x50
[ÂÂÂ98.597416][ÂÂT914]ÂÂprocess_one_work+0x53b/0xa70
[ÂÂÂ98.602220][ÂÂT914]ÂÂ? pwq_dec_nr_in_flight+0x170/0x170
[ÂÂÂ98.607485][ÂÂT914]ÂÂ? move_linked_works+0x113/0x150
[ÂÂÂ98.612497][ÂÂT914]ÂÂworker_thread+0x363/0x5b0
[ÂÂÂ98.616976][ÂÂT914]ÂÂkthread+0x1df/0x200
[ÂÂÂ98.620932][ÂÂT914]ÂÂ? process_one_work+0xa70/0xa70
[ÂÂÂ98.625847][ÂÂT914]ÂÂ? kthread_park+0xd0/0xd0
[ÂÂÂ98.630240][ÂÂT914]ÂÂret_from_fork+0x22/0x40