:::::: 
:::::: Manual check reason: "low confidence bisect report"
:::::: Manual check reason: "low confidence static check warning: 
io_uring/net.c:235:23: warning: use of uninitialized value '*(int *)((char 
*)&msg + offsetof(struct msghdr, msg_control_is_user))' [CWE-457] 
[-Wanalyzer-use-of-uninitialized-value]"
:::::: 

BCC: [email protected]
CC: [email protected]
CC: [email protected]
TO: Jens Axboe <[email protected]>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 
master
head:   1612c382ffbdf1f673caec76502b1c00e6d35363
commit: f9ead18c10589a351f395ac5aa107360f2f6ce53 io_uring: split network 
related opcodes into its own file
date:   13 days ago
:::::: branch date: 5 hours ago
:::::: commit date: 13 days ago
config: arm-randconfig-c002-20220804 
(https://download.01.org/0day-ci/archive/20220807/[email protected]/config)
compiler: arm-linux-gnueabi-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
        wget 
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O 
~/bin/make.cross
        chmod +x ~/bin/make.cross
        # 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9ead18c10589a351f395ac5aa107360f2f6ce53
        git remote add linus 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
        git fetch --no-tags linus master
        git checkout f9ead18c10589a351f395ac5aa107360f2f6ce53
        # save the config file
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross 
ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' 

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <[email protected]>

gcc-analyzer warnings: (new ones prefixed by >>)
   io_uring/net.c: In function 'io_sendmsg':
   io_uring/net.c:177:32: warning: use of uninitialized value '*(int *)((char 
*)&iomsg + offsetof(struct io_async_msghdr, fast_iov[6].iov_len))' [CWE-457] 
[-Wanalyzer-use-of-uninitialized-value]
     177 |         struct io_async_msghdr iomsg, *kmsg;
         |                                ^~~~~
     'io_sendmsg': events 1-2
       |
       |  177 |         struct io_async_msghdr iomsg, *kmsg;
       |      |                                ^~~~~
       |      |                                |
       |      |                                (1) region created on stack here
       |      |                                (2) use of uninitialized value 
'*(int *)((char *)&iomsg + offsetof(struct io_async_msghdr, 
fast_iov[6].iov_len))' here
       |
   io_uring/net.c: In function 'io_send':
>> io_uring/net.c:235:23: warning: use of uninitialized value '*(int *)((char 
>> *)&msg + offsetof(struct msghdr, msg_control_is_user))' [CWE-457] 
>> [-Wanalyzer-use-of-uninitialized-value]
     235 |         struct msghdr msg;
         |                       ^~~
     'io_send': events 1-2
       |
       |  235 |         struct msghdr msg;
       |      |                       ^~~
       |      |                       |
       |      |                       (1) region created on stack here
       |      |                       (2) use of uninitialized value '*(int 
*)((char *)&msg + offsetof(struct msghdr, msg_control_is_user))' here
       |
   io_uring/net.c: In function '__io_recvmsg_copy_hdr':
>> io_uring/net.c:293:30: warning: use of uninitialized value '<unknown>' 
>> [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
     293 |         struct iovec __user *uiov;
         |                              ^~~~
     '__io_recvmsg_copy_hdr': event 1
       |
       |  293 |         struct iovec __user *uiov;
       |      |                              ^~~~
       |      |                              |
       |      |                              (1) use of uninitialized value 
'<unknown>' here
       |
   io_uring/net.c:294:16: warning: use of uninitialized value '<unknown>' 
[CWE-457] [-Wanalyzer-use-of-uninitialized-value]
     294 |         size_t iov_len;
         |                ^~~~~~~
     '__io_recvmsg_copy_hdr': event 1
       |
       |  294 |         size_t iov_len;
       |      |                ^~~~~~~
       |      |                |
       |      |                (1) use of uninitialized value '<unknown>' here
       |
   io_uring/net.c: In function 'io_recvmsg':
   io_uring/net.c:415:32: warning: use of uninitialized value '*(int *)((char 
*)&iomsg + offsetof(struct io_async_msghdr, fast_iov[6].iov_len))' [CWE-457] 
[-Wanalyzer-use-of-uninitialized-value]
     415 |         struct io_async_msghdr iomsg, *kmsg;
         |                                ^~~~~
     'io_recvmsg': events 1-2
       |
       |  415 |         struct io_async_msghdr iomsg, *kmsg;
       |      |                                ^~~~~
       |      |                                |
       |      |                                (1) region created on stack here
       |      |                                (2) use of uninitialized value 
'*(int *)((char *)&iomsg + offsetof(struct io_async_msghdr, 
fast_iov[6].iov_len))' here
       |
   io_uring/net.c: In function 'io_recv':
   io_uring/net.c:492:23: warning: use of uninitialized value '*(int *)((char 
*)&msg + offsetof(struct msghdr, msg_control_is_user))' [CWE-457] 
[-Wanalyzer-use-of-uninitialized-value]
     492 |         struct msghdr msg;
         |                       ^~~
     'io_recv': events 1-2
       |
       |  492 |         struct msghdr msg;
       |      |                       ^~~
       |      |                       |
       |      |                       (1) region created on stack here
       |      |                       (2) use of uninitialized value '*(int 
*)((char *)&msg + offsetof(struct msghdr, msg_control_is_user))' here
       |

vim +235 io_uring/net.c

f9ead18c10589a Jens Axboe 2022-05-25  231  
f9ead18c10589a Jens Axboe 2022-05-25  232  int io_send(struct io_kiocb *req, 
unsigned int issue_flags)
f9ead18c10589a Jens Axboe 2022-05-25  233  {
f9ead18c10589a Jens Axboe 2022-05-25  234       struct io_sr_msg *sr = 
io_kiocb_to_cmd(req);
f9ead18c10589a Jens Axboe 2022-05-25 @235       struct msghdr msg;
f9ead18c10589a Jens Axboe 2022-05-25  236       struct iovec iov;
f9ead18c10589a Jens Axboe 2022-05-25  237       struct socket *sock;
f9ead18c10589a Jens Axboe 2022-05-25  238       unsigned flags;
f9ead18c10589a Jens Axboe 2022-05-25  239       int min_ret = 0;
f9ead18c10589a Jens Axboe 2022-05-25  240       int ret;
f9ead18c10589a Jens Axboe 2022-05-25  241  
f9ead18c10589a Jens Axboe 2022-05-25  242       if (!(req->flags & 
REQ_F_POLLED) &&
f9ead18c10589a Jens Axboe 2022-05-25  243           (sr->flags & 
IORING_RECVSEND_POLL_FIRST))
f9ead18c10589a Jens Axboe 2022-05-25  244               return -EAGAIN;
f9ead18c10589a Jens Axboe 2022-05-25  245  
f9ead18c10589a Jens Axboe 2022-05-25  246       sock = 
sock_from_file(req->file);
f9ead18c10589a Jens Axboe 2022-05-25  247       if (unlikely(!sock))
f9ead18c10589a Jens Axboe 2022-05-25  248               return -ENOTSOCK;
f9ead18c10589a Jens Axboe 2022-05-25  249  
f9ead18c10589a Jens Axboe 2022-05-25  250       ret = 
import_single_range(WRITE, sr->buf, sr->len, &iov, &msg.msg_iter);
f9ead18c10589a Jens Axboe 2022-05-25  251       if (unlikely(ret))
f9ead18c10589a Jens Axboe 2022-05-25  252               return ret;
f9ead18c10589a Jens Axboe 2022-05-25  253  
f9ead18c10589a Jens Axboe 2022-05-25  254       msg.msg_name = NULL;
f9ead18c10589a Jens Axboe 2022-05-25  255       msg.msg_control = NULL;
f9ead18c10589a Jens Axboe 2022-05-25  256       msg.msg_controllen = 0;
f9ead18c10589a Jens Axboe 2022-05-25  257       msg.msg_namelen = 0;
f9ead18c10589a Jens Axboe 2022-05-25  258  
f9ead18c10589a Jens Axboe 2022-05-25  259       flags = sr->msg_flags;
f9ead18c10589a Jens Axboe 2022-05-25  260       if (issue_flags & 
IO_URING_F_NONBLOCK)
f9ead18c10589a Jens Axboe 2022-05-25  261               flags |= MSG_DONTWAIT;
f9ead18c10589a Jens Axboe 2022-05-25  262       if (flags & MSG_WAITALL)
f9ead18c10589a Jens Axboe 2022-05-25  263               min_ret = 
iov_iter_count(&msg.msg_iter);
f9ead18c10589a Jens Axboe 2022-05-25  264  
f9ead18c10589a Jens Axboe 2022-05-25  265       msg.msg_flags = flags;
f9ead18c10589a Jens Axboe 2022-05-25  266       ret = sock_sendmsg(sock, &msg);
f9ead18c10589a Jens Axboe 2022-05-25  267       if (ret < min_ret) {
f9ead18c10589a Jens Axboe 2022-05-25  268               if (ret == -EAGAIN && 
(issue_flags & IO_URING_F_NONBLOCK))
f9ead18c10589a Jens Axboe 2022-05-25  269                       return -EAGAIN;
f9ead18c10589a Jens Axboe 2022-05-25  270               if (ret == -ERESTARTSYS)
f9ead18c10589a Jens Axboe 2022-05-25  271                       ret = -EINTR;
f9ead18c10589a Jens Axboe 2022-05-25  272               if (ret > 0 && 
io_net_retry(sock, flags)) {
f9ead18c10589a Jens Axboe 2022-05-25  273                       sr->len -= ret;
f9ead18c10589a Jens Axboe 2022-05-25  274                       sr->buf += ret;
f9ead18c10589a Jens Axboe 2022-05-25  275                       sr->done_io += 
ret;
f9ead18c10589a Jens Axboe 2022-05-25  276                       req->flags |= 
REQ_F_PARTIAL_IO;
f9ead18c10589a Jens Axboe 2022-05-25  277                       return -EAGAIN;
f9ead18c10589a Jens Axboe 2022-05-25  278               }
f9ead18c10589a Jens Axboe 2022-05-25  279               req_set_fail(req);
f9ead18c10589a Jens Axboe 2022-05-25  280       }
f9ead18c10589a Jens Axboe 2022-05-25  281       if (ret >= 0)
f9ead18c10589a Jens Axboe 2022-05-25  282               ret += sr->done_io;
f9ead18c10589a Jens Axboe 2022-05-25  283       else if (sr->done_io)
f9ead18c10589a Jens Axboe 2022-05-25  284               ret = sr->done_io;
f9ead18c10589a Jens Axboe 2022-05-25  285       io_req_set_res(req, ret, 0);
f9ead18c10589a Jens Axboe 2022-05-25  286       return IOU_OK;
f9ead18c10589a Jens Axboe 2022-05-25  287  }
f9ead18c10589a Jens Axboe 2022-05-25  288  
f9ead18c10589a Jens Axboe 2022-05-25  289  static int 
__io_recvmsg_copy_hdr(struct io_kiocb *req,
f9ead18c10589a Jens Axboe 2022-05-25  290                                struct 
io_async_msghdr *iomsg)
f9ead18c10589a Jens Axboe 2022-05-25  291  {
f9ead18c10589a Jens Axboe 2022-05-25  292       struct io_sr_msg *sr = 
io_kiocb_to_cmd(req);
f9ead18c10589a Jens Axboe 2022-05-25 @293       struct iovec __user *uiov;
f9ead18c10589a Jens Axboe 2022-05-25  294       size_t iov_len;
f9ead18c10589a Jens Axboe 2022-05-25  295       int ret;
f9ead18c10589a Jens Axboe 2022-05-25  296  
f9ead18c10589a Jens Axboe 2022-05-25  297       ret = 
__copy_msghdr_from_user(&iomsg->msg, sr->umsg,
f9ead18c10589a Jens Axboe 2022-05-25  298                                       
&iomsg->uaddr, &uiov, &iov_len);
f9ead18c10589a Jens Axboe 2022-05-25  299       if (ret)
f9ead18c10589a Jens Axboe 2022-05-25  300               return ret;
f9ead18c10589a Jens Axboe 2022-05-25  301  
f9ead18c10589a Jens Axboe 2022-05-25  302       if (req->flags & 
REQ_F_BUFFER_SELECT) {
f9ead18c10589a Jens Axboe 2022-05-25  303               if (iov_len > 1)
f9ead18c10589a Jens Axboe 2022-05-25  304                       return -EINVAL;
f9ead18c10589a Jens Axboe 2022-05-25  305               if 
(copy_from_user(iomsg->fast_iov, uiov, sizeof(*uiov)))
f9ead18c10589a Jens Axboe 2022-05-25  306                       return -EFAULT;
f9ead18c10589a Jens Axboe 2022-05-25  307               sr->len = 
iomsg->fast_iov[0].iov_len;
f9ead18c10589a Jens Axboe 2022-05-25  308               iomsg->free_iov = NULL;
f9ead18c10589a Jens Axboe 2022-05-25  309       } else {
f9ead18c10589a Jens Axboe 2022-05-25  310               iomsg->free_iov = 
iomsg->fast_iov;
f9ead18c10589a Jens Axboe 2022-05-25  311               ret = 
__import_iovec(READ, uiov, iov_len, UIO_FASTIOV,
f9ead18c10589a Jens Axboe 2022-05-25  312                                    
&iomsg->free_iov, &iomsg->msg.msg_iter,
f9ead18c10589a Jens Axboe 2022-05-25  313                                    
false);
f9ead18c10589a Jens Axboe 2022-05-25  314               if (ret > 0)
f9ead18c10589a Jens Axboe 2022-05-25  315                       ret = 0;
f9ead18c10589a Jens Axboe 2022-05-25  316       }
f9ead18c10589a Jens Axboe 2022-05-25  317  
f9ead18c10589a Jens Axboe 2022-05-25  318       return ret;
f9ead18c10589a Jens Axboe 2022-05-25  319  }
f9ead18c10589a Jens Axboe 2022-05-25  320  

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp
_______________________________________________
kbuild mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to