Re: [PATCH net] xfrm: fix integer overflow in xfrm_replay_state_esn_len()
From: kernel test robot
Date: Fri Jan 31 2025 - 15:32:00 EST
Hi Dan,
kernel test robot noticed the following build warnings:
[auto build test WARNING on net/main]
url: https://github.com/intel-lab-lkp/linux/commits/Dan-Carpenter/xfrm-fix-integer-overflow-in-xfrm_replay_state_esn_len/20250121-191827
base: net/main
patch link: https://lore.kernel.org/r/018ecf13-e371-4b39-8946-c7510baf916b%40stanley.mountain
patch subject: [PATCH net] xfrm: fix integer overflow in xfrm_replay_state_esn_len()
config: i386-randconfig-016-20250201 (https://download.01.org/0day-ci/archive/20250201/202502010449.iTcpQDX9-lkp@xxxxxxxxx/config)
compiler: gcc-11 (Debian 11.3.0-12) 11.3.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250201/202502010449.iTcpQDX9-lkp@xxxxxxxxx/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-kbuild-all/202502010449.iTcpQDX9-lkp@xxxxxxxxx/
All warnings (new ones prefixed by >>):
In file included from include/linux/string.h:389,
from arch/x86/include/asm/page_32.h:18,
from arch/x86/include/asm/page.h:14,
from arch/x86/include/asm/thread_info.h:12,
from include/linux/thread_info.h:60,
from include/linux/spinlock.h:60,
from include/net/xfrm.h:7,
from net/xfrm/xfrm_replay.c:10:
In function 'memcmp',
inlined from 'xfrm_replay_notify_bmp' at net/xfrm/xfrm_replay.c:336:7:
>> include/linux/fortify-string.h:120:33: warning: '__builtin_memcmp_eq' specified bound 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overread]
120 | #define __underlying_memcmp __builtin_memcmp
| ^
include/linux/fortify-string.h:727:16: note: in expansion of macro '__underlying_memcmp'
727 | return __underlying_memcmp(p, q, size);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'xfrm_replay_notify_bmp':
net/xfrm/xfrm_replay.c:308:39: note: source object allocated here
308 | struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
| ^~~~~~~~~~
In file included from include/linux/string.h:389,
from arch/x86/include/asm/page_32.h:18,
from arch/x86/include/asm/page.h:14,
from arch/x86/include/asm/thread_info.h:12,
from include/linux/thread_info.h:60,
from include/linux/spinlock.h:60,
from include/net/xfrm.h:7,
from net/xfrm/xfrm_replay.c:10:
In function 'memcmp',
inlined from 'xfrm_replay_notify_esn' at net/xfrm/xfrm_replay.c:402:7:
>> include/linux/fortify-string.h:120:33: warning: '__builtin_memcmp_eq' specified bound 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overread]
120 | #define __underlying_memcmp __builtin_memcmp
| ^
include/linux/fortify-string.h:727:16: note: in expansion of macro '__underlying_memcmp'
727 | return __underlying_memcmp(p, q, size);
| ^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h: In function 'xfrm_replay_notify_esn':
net/xfrm/xfrm_replay.c:360:39: note: source object allocated here
360 | struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
| ^~~~~~~~~~
vim +/__builtin_memcmp_eq +120 include/linux/fortify-string.h
78a498c3a227f2 Alexander Potapenko 2022-10-24 118
78a498c3a227f2 Alexander Potapenko 2022-10-24 119 #define __underlying_memchr __builtin_memchr
78a498c3a227f2 Alexander Potapenko 2022-10-24 @120 #define __underlying_memcmp __builtin_memcmp
a28a6e860c6cf2 Francis Laniel 2021-02-25 121 #define __underlying_strcat __builtin_strcat
a28a6e860c6cf2 Francis Laniel 2021-02-25 122 #define __underlying_strcpy __builtin_strcpy
a28a6e860c6cf2 Francis Laniel 2021-02-25 123 #define __underlying_strlen __builtin_strlen
a28a6e860c6cf2 Francis Laniel 2021-02-25 124 #define __underlying_strncat __builtin_strncat
a28a6e860c6cf2 Francis Laniel 2021-02-25 125 #define __underlying_strncpy __builtin_strncpy
2e577732e8d28b Andrey Konovalov 2024-05-17 126
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki