From: kernel test robot <lkp@intel.com>
To: Andrey Konovalov <andreyknvl@google.com>
Cc: kbuild-all@lists.01.org,
Linux Memory Management List <linux-mm@kvack.org>,
Andrew Morton <akpm@linux-foundation.org>,
Marco Elver <elver@google.com>
Subject: [linux-next:master 6573/6679] mm/kasan/kasan_test.c:335:59: warning: array subscript 201 is outside array bounds of 'char[201]'
Date: Tue, 13 Sep 2022 15:59:16 +0800 [thread overview]
Message-ID: <202209131555.dMFROX4C-lkp@intel.com> (raw)
Hi Andrey,
First bad commit (maybe != root cause):
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 044b771be9c5de9d817dfafb829d2f049c71c3b4
commit: 9d72007f43e209ca4de65acbb8e8e13568b6c0c9 [6573/6679] kasan: move tests to mm/kasan/
config: x86_64-buildonly-randconfig-r004-20220912 (https://download.01.org/0day-ci/archive/20220913/202209131555.dMFROX4C-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-5) 11.3.0
reproduce (this is a W=1 build):
# https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=9d72007f43e209ca4de65acbb8e8e13568b6c0c9
git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git fetch --no-tags linux-next master
git checkout 9d72007f43e209ca4de65acbb8e8e13568b6c0c9
# save the config file
mkdir build_dir && cp config build_dir/.config
make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash mm/kasan/
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
mm/kasan/kasan_test.c: In function 'krealloc_less_oob_helper.constprop':
>> mm/kasan/kasan_test.c:335:59: warning: array subscript 201 is outside array bounds of 'char[201]' [-Warray-bounds]
335 | KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size2] = 'x');
| ~~~~~~~~~~~~^~~~~
mm/kasan/kasan_test.c:97:9: note: in definition of macro 'KUNIT_EXPECT_KASAN_FAIL'
97 | expression; \
| ^~~~~~~~~~
mm/kasan/kasan_test.c:327:16: note: referencing an object of size 201 allocated by 'krealloc'
327 | ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm/kasan/kasan_test.c:339:59: warning: array subscript 208 is outside array bounds of 'char[201]' [-Warray-bounds]
339 | ptr2[round_up(size2, KASAN_GRANULE_SIZE)] = 'x');
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~
mm/kasan/kasan_test.c:97:9: note: in definition of macro 'KUNIT_EXPECT_KASAN_FAIL'
97 | expression; \
| ^~~~~~~~~~
mm/kasan/kasan_test.c:327:16: note: referencing an object of size 201 allocated by 'krealloc'
327 | ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm/kasan/kasan_test.c:349:52: warning: array subscript 218 is outside array bounds of 'char[201]' [-Warray-bounds]
349 | KUNIT_EXPECT_KASAN_FAIL(test, ptr2[middle] = 'x');
| ~~~~~~~~~~~~~^~~~~
mm/kasan/kasan_test.c:97:9: note: in definition of macro 'KUNIT_EXPECT_KASAN_FAIL'
97 | expression; \
| ^~~~~~~~~~
mm/kasan/kasan_test.c:327:16: note: referencing an object of size 201 allocated by 'krealloc'
327 | ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm/kasan/kasan_test.c:350:55: warning: array subscript 234 is outside array bounds of 'char[201]' [-Warray-bounds]
350 | KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size1 - 1] = 'x');
| ~~~~~~~~~~~~~~~~^~~~~
mm/kasan/kasan_test.c:97:9: note: in definition of macro 'KUNIT_EXPECT_KASAN_FAIL'
97 | expression; \
| ^~~~~~~~~~
mm/kasan/kasan_test.c:327:16: note: referencing an object of size 201 allocated by 'krealloc'
327 | ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm/kasan/kasan_test.c:351:51: warning: array subscript 235 is outside array bounds of 'char[201]' [-Warray-bounds]
351 | KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size1] = 'x');
| ~~~~~~~~~~~~^~~~~
mm/kasan/kasan_test.c:97:9: note: in definition of macro 'KUNIT_EXPECT_KASAN_FAIL'
97 | expression; \
| ^~~~~~~~~~
mm/kasan/kasan_test.c:327:16: note: referencing an object of size 201 allocated by 'krealloc'
327 | ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm/kasan/kasan_test.c: In function 'krealloc_more_oob_helper.constprop':
mm/kasan/kasan_test.c:306:59: warning: array subscript 235 is outside array bounds of 'char[235]' [-Warray-bounds]
306 | KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size2] = 'x');
| ~~~~~~~~~~~~^~~~~
mm/kasan/kasan_test.c:97:9: note: in definition of macro 'KUNIT_EXPECT_KASAN_FAIL'
97 | expression; \
| ^~~~~~~~~~
mm/kasan/kasan_test.c:295:16: note: referencing an object of size 235 allocated by 'krealloc'
295 | ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm/kasan/kasan_test.c:310:59: warning: array subscript 240 is outside array bounds of 'char[235]' [-Warray-bounds]
310 | ptr2[round_up(size2, KASAN_GRANULE_SIZE)] = 'x');
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~
mm/kasan/kasan_test.c:97:9: note: in definition of macro 'KUNIT_EXPECT_KASAN_FAIL'
97 | expression; \
| ^~~~~~~~~~
mm/kasan/kasan_test.c:295:16: note: referencing an object of size 235 allocated by 'krealloc'
295 | ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kconfig warnings: (for reference only)
WARNING: unmet direct dependencies detected for PM_GENERIC_DOMAINS_OF
Depends on [n]: PM_GENERIC_DOMAINS [=y] && OF [=n]
Selected by [y]:
- QCOM_RPMPD [=y] && PM [=y] && QCOM_SMD_RPM [=y]
vim +335 mm/kasan/kasan_test.c
3f15801cdc2379 lib/test_kasan.c Andrey Ryabinin 2015-02-13 314
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 315 static void krealloc_less_oob_helper(struct kunit *test,
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 316 size_t size1, size_t size2)
3f15801cdc2379 lib/test_kasan.c Andrey Ryabinin 2015-02-13 317 {
3f15801cdc2379 lib/test_kasan.c Andrey Ryabinin 2015-02-13 318 char *ptr1, *ptr2;
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 319 size_t middle;
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 320
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 321 KUNIT_ASSERT_LT(test, size2, size1);
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 322 middle = size2 + (size1 - size2) / 2;
3f15801cdc2379 lib/test_kasan.c Andrey Ryabinin 2015-02-13 323
3f15801cdc2379 lib/test_kasan.c Andrey Ryabinin 2015-02-13 324 ptr1 = kmalloc(size1, GFP_KERNEL);
73228c7ecc5e40 lib/test_kasan.c Patricia Alfonso 2020-10-13 325 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1);
f33a01492a24a2 lib/test_kasan.c Walter Wu 2020-08-06 326
73228c7ecc5e40 lib/test_kasan.c Patricia Alfonso 2020-10-13 327 ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
73228c7ecc5e40 lib/test_kasan.c Patricia Alfonso 2020-10-13 328 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2);
f33a01492a24a2 lib/test_kasan.c Walter Wu 2020-08-06 329
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 330 /* Must be accessible for all modes. */
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 331 ptr2[size2 - 1] = 'x';
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 332
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 333 /* Generic mode is precise, so unaligned size2 must be inaccessible. */
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 334 if (IS_ENABLED(CONFIG_KASAN_GENERIC))
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 @335 KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size2] = 'x');
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 336
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 337 /* For all modes first aligned offset after size2 must be inaccessible. */
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 338 KUNIT_EXPECT_KASAN_FAIL(test,
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 339 ptr2[round_up(size2, KASAN_GRANULE_SIZE)] = 'x');
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 340
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 341 /*
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 342 * For all modes all size2, middle, and size1 should land in separate
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 343 * granules and thus the latter two offsets should be inaccessible.
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 344 */
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 345 KUNIT_EXPECT_LE(test, round_up(size2, KASAN_GRANULE_SIZE),
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 346 round_down(middle, KASAN_GRANULE_SIZE));
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 347 KUNIT_EXPECT_LE(test, round_up(middle, KASAN_GRANULE_SIZE),
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 348 round_down(size1, KASAN_GRANULE_SIZE));
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 349 KUNIT_EXPECT_KASAN_FAIL(test, ptr2[middle] = 'x');
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 350 KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size1 - 1] = 'x');
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 351 KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size1] = 'x');
b87c28b9a7ef64 lib/test_kasan.c Andrey Konovalov 2021-02-25 352
3f15801cdc2379 lib/test_kasan.c Andrey Ryabinin 2015-02-13 353 kfree(ptr2);
3f15801cdc2379 lib/test_kasan.c Andrey Ryabinin 2015-02-13 354 }
3f15801cdc2379 lib/test_kasan.c Andrey Ryabinin 2015-02-13 355
:::::: The code at line 335 was first introduced by commit
:::::: b87c28b9a7ef64590943435ea59f40092f2376d5 kasan: rework krealloc tests
:::::: TO: Andrey Konovalov <andreyknvl@google.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
reply other threads:[~2022-09-13 7:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202209131555.dMFROX4C-lkp@intel.com \
--to=lkp@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=elver@google.com \
--cc=kbuild-all@lists.01.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).