net/sched/sch_cake.c:1094 cake_tcph_may_drop() warn: masked condition '(((tcph)->words[3]) & (__builtin_bswap32(((255787008))))) != 4096' is always true.

All of lore.kernel.org
 help / color / mirror / Atom feed

* net/sched/sch_cake.c:1094 cake_tcph_may_drop() warn: masked condition '(((tcph)->words[3]) & (__builtin_bswap32(((255787008))))) != 4096' is always true.
@ 2021-11-10 19:28 kernel test robot
  0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2021-11-10 19:28 UTC (permalink / raw)
  To: kbuild

[-- Attachment #1: Type: text/plain, Size: 8024 bytes --]

CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   cb690f5238d71f543f4ce874aa59237cf53a877c
commit: d991bb1c8da842a2a0b9dc83b1005e655783f861 include/linux/compiler-gcc.h: sparse can do constant folding of __builtin_bswap*()
date:   6 months ago
:::::: branch date: 24 hours ago
:::::: commit date: 6 months ago
config: mips-randconfig-m031-20211012 (attached as .config)
compiler: mips64el-linux-gcc (GCC) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
net/sched/sch_cake.c:1094 cake_tcph_may_drop() warn: masked condition '(((tcph)->words[3]) & (__builtin_bswap32(((255787008))))) != 4096' is always true.

Old smatch warnings:
net/sched/sch_cake.c:776 cake_hash() error: buffer overflow 'q->flows' 1024 <= 1030
net/sched/sch_cake.c:788 cake_hash() error: buffer overflow 'q->flows' 1024 <= 1030
net/sched/sch_cake.c:811 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:814 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:834 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:837 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:1353 cake_overhead() warn: should 'off << 16' be a 64 bit type?

vim +1094 net/sched/sch_cake.c

8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1076  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1077  static bool cake_tcph_may_drop(const struct tcphdr *tcph,
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1078  			       u32 tstamp_new, u32 tsecr_new)
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1079  {
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1080  	/* inspired by tcp_parse_options in tcp_input.c */
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1081  	int length = __tcp_hdrlen(tcph) - sizeof(struct tcphdr);
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1082  	const u8 *ptr = (const u8 *)(tcph + 1);
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1083  	u32 tstamp, tsecr;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1084  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1085  	/* 3 reserved flags must be unset to avoid future breakage
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1086  	 * ACK must be set
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1087  	 * ECE/CWR are handled separately
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1088  	 * All other flags URG/PSH/RST/SYN/FIN must be unset
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1089  	 * 0x0FFF0000 = all TCP flags (confirm ACK=1, others zero)
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1090  	 * 0x00C00000 = CWR/ECE (handled separately)
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1091  	 * 0x0F3F0000 = 0x0FFF0000 & ~0x00C00000
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1092  	 */
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1093  	if (((tcp_flag_word(tcph) &
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06 @1094  	      cpu_to_be32(0x0F3F0000)) != TCP_FLAG_ACK))
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1095  		return false;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1096  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1097  	while (length > 0) {
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1098  		int opcode = *ptr++;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1099  		int opsize;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1100  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1101  		if (opcode == TCPOPT_EOL)
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1102  			break;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1103  		if (opcode == TCPOPT_NOP) {
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1104  			length--;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1105  			continue;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1106  		}
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1107  		opsize = *ptr++;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1108  		if (opsize < 2 || opsize > length)
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1109  			break;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1110  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1111  		switch (opcode) {
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1112  		case TCPOPT_MD5SIG: /* doesn't influence state */
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1113  			break;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1114  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1115  		case TCPOPT_SACK: /* stricter checking performed later */
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1116  			if (opsize % 8 != 2)
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1117  				return false;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1118  			break;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1119  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1120  		case TCPOPT_TIMESTAMP:
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1121  			/* only drop timestamps lower than new */
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1122  			if (opsize != TCPOLEN_TIMESTAMP)
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1123  				return false;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1124  			tstamp = get_unaligned_be32(ptr);
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1125  			tsecr = get_unaligned_be32(ptr + 4);
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1126  			if (after(tstamp, tstamp_new) ||
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1127  			    after(tsecr, tsecr_new))
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1128  				return false;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1129  			break;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1130  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1131  		case TCPOPT_MSS:  /* these should only be set on SYN */
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1132  		case TCPOPT_WINDOW:
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1133  		case TCPOPT_SACK_PERM:
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1134  		case TCPOPT_FASTOPEN:
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1135  		case TCPOPT_EXP:
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1136  		default: /* don't drop if any unknown options are present */
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1137  			return false;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1138  		}
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1139  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1140  		ptr += opsize - 2;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1141  		length -= opsize;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1142  	}
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1143  
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1144  	return true;
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1145  }
8b7138814f29933 Toke Høiland-Jørgensen 2018-07-06  1146  

:::::: The code at line 1094 was first introduced by commit
:::::: 8b7138814f29933898ecd31dfc83e35a30ee69f5 sch_cake: Add optional ACK filter

:::::: TO: Toke Høiland-Jørgensen <toke@toke.dk>
:::::: CC: David S. Miller <davem@davemloft.net>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 31951 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* net/sched/sch_cake.c:1094 cake_tcph_may_drop() warn: masked condition '(((tcph)->words[3]) & (__builtin_bswap32(((255787008))))) != 4096' is always true.
@ 2021-12-03 19:43 kernel test robot
  0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2021-12-03 19:43 UTC (permalink / raw)
  To: kbuild

[-- Attachment #1: Type: text/plain, Size: 8025 bytes --]

CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   5f58da2befa58edf3a70b91ed87ed9bf77f1e70e
commit: d991bb1c8da842a2a0b9dc83b1005e655783f861 include/linux/compiler-gcc.h: sparse can do constant folding of __builtin_bswap*()
date:   7 months ago
:::::: branch date: 21 hours ago
:::::: commit date: 7 months ago
config: x86_64-randconfig-m001-20211203 (https://download.01.org/0day-ci/archive/20211204/202112040327.ywgPBpDI-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
net/sched/sch_cake.c:1094 cake_tcph_may_drop() warn: masked condition '(((tcph)->words[3]) & (__builtin_bswap32(((255787008))))) != 4096' is always true.

Old smatch warnings:
net/sched/sch_cake.c:776 cake_hash() error: buffer overflow 'q->flows' 1024 <= 1030
net/sched/sch_cake.c:788 cake_hash() error: buffer overflow 'q->flows' 1024 <= 1030
net/sched/sch_cake.c:811 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:814 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:834 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:837 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:1353 cake_overhead() warn: should 'off << 16' be a 64 bit type?

vim +1094 net/sched/sch_cake.c

8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1076  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1077  static bool cake_tcph_may_drop(const struct tcphdr *tcph,
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1078  			       u32 tstamp_new, u32 tsecr_new)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1079  {
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1080  	/* inspired by tcp_parse_options in tcp_input.c */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1081  	int length = __tcp_hdrlen(tcph) - sizeof(struct tcphdr);
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1082  	const u8 *ptr = (const u8 *)(tcph + 1);
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1083  	u32 tstamp, tsecr;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1084  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1085  	/* 3 reserved flags must be unset to avoid future breakage
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1086  	 * ACK must be set
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1087  	 * ECE/CWR are handled separately
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1088  	 * All other flags URG/PSH/RST/SYN/FIN must be unset
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1089  	 * 0x0FFF0000 = all TCP flags (confirm ACK=1, others zero)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1090  	 * 0x00C00000 = CWR/ECE (handled separately)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1091  	 * 0x0F3F0000 = 0x0FFF0000 & ~0x00C00000
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1092  	 */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1093  	if (((tcp_flag_word(tcph) &
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06 @1094  	      cpu_to_be32(0x0F3F0000)) != TCP_FLAG_ACK))
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1095  		return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1096  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1097  	while (length > 0) {
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1098  		int opcode = *ptr++;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1099  		int opsize;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1100  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1101  		if (opcode == TCPOPT_EOL)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1102  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1103  		if (opcode == TCPOPT_NOP) {
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1104  			length--;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1105  			continue;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1106  		}
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1107  		opsize = *ptr++;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1108  		if (opsize < 2 || opsize > length)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1109  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1110  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1111  		switch (opcode) {
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1112  		case TCPOPT_MD5SIG: /* doesn't influence state */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1113  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1114  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1115  		case TCPOPT_SACK: /* stricter checking performed later */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1116  			if (opsize % 8 != 2)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1117  				return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1118  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1119  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1120  		case TCPOPT_TIMESTAMP:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1121  			/* only drop timestamps lower than new */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1122  			if (opsize != TCPOLEN_TIMESTAMP)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1123  				return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1124  			tstamp = get_unaligned_be32(ptr);
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1125  			tsecr = get_unaligned_be32(ptr + 4);
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1126  			if (after(tstamp, tstamp_new) ||
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1127  			    after(tsecr, tsecr_new))
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1128  				return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1129  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1130  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1131  		case TCPOPT_MSS:  /* these should only be set on SYN */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1132  		case TCPOPT_WINDOW:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1133  		case TCPOPT_SACK_PERM:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1134  		case TCPOPT_FASTOPEN:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1135  		case TCPOPT_EXP:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1136  		default: /* don't drop if any unknown options are present */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1137  			return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1138  		}
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1139  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1140  		ptr += opsize - 2;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1141  		length -= opsize;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1142  	}
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1143  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1144  	return true;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1145  }
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1146  

:::::: The code at line 1094 was first introduced by commit
:::::: 8b7138814f29933898ecd31dfc83e35a30ee69f5 sch_cake: Add optional ACK filter

:::::: TO: Toke Høiland-Jørgensen <toke@toke.dk>
:::::: CC: David S. Miller <davem@davemloft.net>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

^ permalink raw reply	[flat|nested] 3+ messages in thread

* net/sched/sch_cake.c:1094 cake_tcph_may_drop() warn: masked condition '(((tcph)->words[3]) & (__builtin_bswap32(((255787008))))) != 4096' is always true.
@ 2021-12-04 11:22 kernel test robot
  0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2021-12-04 11:22 UTC (permalink / raw)
  To: kbuild

[-- Attachment #1: Type: text/plain, Size: 8025 bytes --]

CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   12119cfa1052d512a92524e90ebee85029a918f8
commit: d991bb1c8da842a2a0b9dc83b1005e655783f861 include/linux/compiler-gcc.h: sparse can do constant folding of __builtin_bswap*()
date:   7 months ago
:::::: branch date: 15 hours ago
:::::: commit date: 7 months ago
config: x86_64-randconfig-m001-20211203 (https://download.01.org/0day-ci/archive/20211204/202112041945.YDFIS1o3-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
net/sched/sch_cake.c:1094 cake_tcph_may_drop() warn: masked condition '(((tcph)->words[3]) & (__builtin_bswap32(((255787008))))) != 4096' is always true.

Old smatch warnings:
net/sched/sch_cake.c:776 cake_hash() error: buffer overflow 'q->flows' 1024 <= 1030
net/sched/sch_cake.c:788 cake_hash() error: buffer overflow 'q->flows' 1024 <= 1030
net/sched/sch_cake.c:811 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:814 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:834 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:837 cake_hash() error: buffer overflow 'q->hosts' 1024 <= 1030
net/sched/sch_cake.c:1353 cake_overhead() warn: should 'off << 16' be a 64 bit type?

vim +1094 net/sched/sch_cake.c

8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1076  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1077  static bool cake_tcph_may_drop(const struct tcphdr *tcph,
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1078  			       u32 tstamp_new, u32 tsecr_new)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1079  {
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1080  	/* inspired by tcp_parse_options in tcp_input.c */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1081  	int length = __tcp_hdrlen(tcph) - sizeof(struct tcphdr);
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1082  	const u8 *ptr = (const u8 *)(tcph + 1);
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1083  	u32 tstamp, tsecr;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1084  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1085  	/* 3 reserved flags must be unset to avoid future breakage
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1086  	 * ACK must be set
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1087  	 * ECE/CWR are handled separately
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1088  	 * All other flags URG/PSH/RST/SYN/FIN must be unset
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1089  	 * 0x0FFF0000 = all TCP flags (confirm ACK=1, others zero)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1090  	 * 0x00C00000 = CWR/ECE (handled separately)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1091  	 * 0x0F3F0000 = 0x0FFF0000 & ~0x00C00000
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1092  	 */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1093  	if (((tcp_flag_word(tcph) &
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06 @1094  	      cpu_to_be32(0x0F3F0000)) != TCP_FLAG_ACK))
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1095  		return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1096  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1097  	while (length > 0) {
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1098  		int opcode = *ptr++;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1099  		int opsize;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1100  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1101  		if (opcode == TCPOPT_EOL)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1102  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1103  		if (opcode == TCPOPT_NOP) {
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1104  			length--;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1105  			continue;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1106  		}
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1107  		opsize = *ptr++;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1108  		if (opsize < 2 || opsize > length)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1109  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1110  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1111  		switch (opcode) {
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1112  		case TCPOPT_MD5SIG: /* doesn't influence state */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1113  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1114  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1115  		case TCPOPT_SACK: /* stricter checking performed later */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1116  			if (opsize % 8 != 2)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1117  				return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1118  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1119  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1120  		case TCPOPT_TIMESTAMP:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1121  			/* only drop timestamps lower than new */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1122  			if (opsize != TCPOLEN_TIMESTAMP)
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1123  				return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1124  			tstamp = get_unaligned_be32(ptr);
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1125  			tsecr = get_unaligned_be32(ptr + 4);
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1126  			if (after(tstamp, tstamp_new) ||
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1127  			    after(tsecr, tsecr_new))
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1128  				return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1129  			break;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1130  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1131  		case TCPOPT_MSS:  /* these should only be set on SYN */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1132  		case TCPOPT_WINDOW:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1133  		case TCPOPT_SACK_PERM:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1134  		case TCPOPT_FASTOPEN:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1135  		case TCPOPT_EXP:
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1136  		default: /* don't drop if any unknown options are present */
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1137  			return false;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1138  		}
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1139  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1140  		ptr += opsize - 2;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1141  		length -= opsize;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1142  	}
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1143  
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1144  	return true;
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1145  }
8b7138814f2993 Toke Høiland-Jørgensen 2018-07-06  1146  

:::::: The code at line 1094 was first introduced by commit
:::::: 8b7138814f29933898ecd31dfc83e35a30ee69f5 sch_cake: Add optional ACK filter

:::::: TO: Toke Høiland-Jørgensen <toke@toke.dk>
:::::: CC: David S. Miller <davem@davemloft.net>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-12-04 11:22 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-04 11:22 net/sched/sch_cake.c:1094 cake_tcph_may_drop() warn: masked condition '(((tcph)->words[3]) & (__builtin_bswap32(((255787008))))) != 4096' is always true kernel test robot
  -- strict thread matches above, loose matches on Subject: below --
2021-12-03 19:43 kernel test robot
2021-11-10 19:28 kernel test robot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.