From: Siddh Raman Pant <code@siddh.me>
To: palmer@rivosinc.com
Cc: davem@davemloft.net, edumazet@google.com,
johan.hedberg@gmail.com, kuba@kernel.org,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
linux@rivosinc.com, luiz.dentz@gmail.com, marcel@holtmann.org,
netdev@vger.kernel.org, pabeni@redhat.com
Subject: Re: [PATCH] Bluetooth: L2CAP: Elide a string overflow warning
Date: Thu, 25 Aug 2022 16:31:08 +0530 [thread overview]
Message-ID: <20220825110108.157350-1-code@siddh.me> (raw)
In-Reply-To: <20220812055249.8037-1-palmer@rivosinc.com>
On Fri, 12 Aug 2022 11:22:49 +0530 Palmer Dabbelt wrote:
> From: Palmer Dabbelt <palmer@rivosinc.com>
>
> Without this I get a string op warning related to copying from a
> possibly NULL pointer. I think the warning is spurious, but it's
> tripping up allmodconfig.
I think it is not spurious, and is due to the following commit:
d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put")
The following commit fixes a similar problem (added the NULL check on line 1996):
332f1795ca20 ("Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression")
> In file included from /scratch/merges/ko-linux-next/linux/include/linux/string.h:253,
> from /scratch/merges/ko-linux-next/linux/include/linux/bitmap.h:11,
> from /scratch/merges/ko-linux-next/linux/include/linux/cpumask.h:12,
> from /scratch/merges/ko-linux-next/linux/include/linux/mm_types_task.h:14,
> from /scratch/merges/ko-linux-next/linux/include/linux/mm_types.h:5,
> from /scratch/merges/ko-linux-next/linux/include/linux/buildid.h:5,
> from /scratch/merges/ko-linux-next/linux/include/linux/module.h:14,
> from /scratch/merges/ko-linux-next/linux/net/bluetooth/l2cap_core.c:31:
> In function 'memcmp',
> inlined from 'bacmp' at /scratch/merges/ko-linux-next/linux/include/net/bluetooth/bluetooth.h:347:9,
> inlined from 'l2cap_global_chan_by_psm' at /scratch/merges/ko-linux-next/linux/net/bluetooth/l2cap_core.c:2003:15:
> /scratch/merges/ko-linux-next/linux/include/linux/fortify-string.h:44:33: error: '__builtin_memcmp' specified bound 6 exceeds source size 0 [-Werror=stringop-overread]
> 44 | #define __underlying_memcmp __builtin_memcmp
> | ^
> /scratch/merges/ko-linux-next/linux/include/linux/fortify-string.h:420:16: note: in expansion of macro '__underlying_memcmp'
> 420 | return __underlying_memcmp(p, q, size);
> | ^~~~~~~~~~~~~~~~~~~
> In function 'memcmp',
> inlined from 'bacmp' at /scratch/merges/ko-linux-next/linux/include/net/bluetooth/bluetooth.h:347:9,
> inlined from 'l2cap_global_chan_by_psm' at /scratch/merges/ko-linux-next/linux/net/bluetooth/l2cap_core.c:2004:15:
> /scratch/merges/ko-linux-next/linux/include/linux/fortify-string.h:44:33: error: '__builtin_memcmp' specified bound 6 exceeds source size 0 [-Werror=stringop-overread]
> 44 | #define __underlying_memcmp __builtin_memcmp
> | ^
> /scratch/merges/ko-linux-next/linux/include/linux/fortify-string.h:420:16: note: in expansion of macro '__underlying_memcmp'
> 420 | return __underlying_memcmp(p, q, size);
> | ^~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
>
> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Tested-by: Siddh Raman Pant <code@siddh.me>
> ---
> net/bluetooth/l2cap_core.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
> index cbe0cae73434..be7f47e52119 100644
> --- a/net/bluetooth/l2cap_core.c
> +++ b/net/bluetooth/l2cap_core.c
> @@ -2000,11 +2000,13 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
> }
>
> /* Closest match */
> - src_any = !bacmp(&c->src, BDADDR_ANY);
> - dst_any = !bacmp(&c->dst, BDADDR_ANY);
> - if ((src_match && dst_any) || (src_any && dst_match) ||
> - (src_any && dst_any))
> - c1 = c;
> + if (c) {
> + src_any = !bacmp(&c->src, BDADDR_ANY);
> + dst_any = !bacmp(&c->dst, BDADDR_ANY);
> + if ((src_match && dst_any) || (src_any && dst_match) ||
> + (src_any && dst_any))
> + c1 = c;
> + }
> }
> }
>
next prev parent reply other threads:[~2022-08-25 11:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-12 5:52 [PATCH] Bluetooth: L2CAP: Elide a string overflow warning Palmer Dabbelt
2022-08-25 11:01 ` Siddh Raman Pant [this message]
2022-08-29 19:51 ` Elliott, Robert (Servers)
2022-09-01 7:44 ` Siddh Raman Pant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220825110108.157350-1-code@siddh.me \
--to=code@siddh.me \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=johan.hedberg@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rivosinc.com \
--cc=luiz.dentz@gmail.com \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=palmer@rivosinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).