:::::: :::::: Manual check reason: "low confidence bisect report" :::::: Manual check reason: "low confidence static check warning: io_uring/net.c:235:23: warning: use of uninitialized value '*(int *)((char *)&msg + offsetof(struct msghdr, msg_control_is_user))' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]" ::::::
BCC: [email protected] CC: [email protected] CC: [email protected] TO: Jens Axboe <[email protected]> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 1612c382ffbdf1f673caec76502b1c00e6d35363 commit: f9ead18c10589a351f395ac5aa107360f2f6ce53 io_uring: split network related opcodes into its own file date: 13 days ago :::::: branch date: 5 hours ago :::::: commit date: 13 days ago config: arm-randconfig-c002-20220804 (https://download.01.org/0day-ci/archive/20220807/[email protected]/config) compiler: arm-linux-gnueabi-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9ead18c10589a351f395ac5aa107360f2f6ce53 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout f9ead18c10589a351f395ac5aa107360f2f6ce53 # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> gcc-analyzer warnings: (new ones prefixed by >>) io_uring/net.c: In function 'io_sendmsg': io_uring/net.c:177:32: warning: use of uninitialized value '*(int *)((char *)&iomsg + offsetof(struct io_async_msghdr, fast_iov[6].iov_len))' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 177 | struct io_async_msghdr iomsg, *kmsg; | ^~~~~ 'io_sendmsg': events 1-2 | | 177 | struct io_async_msghdr iomsg, *kmsg; | | ^~~~~ | | | | | (1) region created on stack here | | (2) use of uninitialized value '*(int *)((char *)&iomsg + offsetof(struct io_async_msghdr, fast_iov[6].iov_len))' here | io_uring/net.c: In function 'io_send': >> io_uring/net.c:235:23: warning: use of uninitialized value '*(int *)((char >> *)&msg + offsetof(struct msghdr, msg_control_is_user))' [CWE-457] >> [-Wanalyzer-use-of-uninitialized-value] 235 | struct msghdr msg; | ^~~ 'io_send': events 1-2 | | 235 | struct msghdr msg; | | ^~~ | | | | | (1) region created on stack here | | (2) use of uninitialized value '*(int *)((char *)&msg + offsetof(struct msghdr, msg_control_is_user))' here | io_uring/net.c: In function '__io_recvmsg_copy_hdr': >> io_uring/net.c:293:30: warning: use of uninitialized value '<unknown>' >> [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 293 | struct iovec __user *uiov; | ^~~~ '__io_recvmsg_copy_hdr': event 1 | | 293 | struct iovec __user *uiov; | | ^~~~ | | | | | (1) use of uninitialized value '<unknown>' here | io_uring/net.c:294:16: warning: use of uninitialized value '<unknown>' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 294 | size_t iov_len; | ^~~~~~~ '__io_recvmsg_copy_hdr': event 1 | | 294 | size_t iov_len; | | ^~~~~~~ | | | | | (1) use of uninitialized value '<unknown>' here | io_uring/net.c: In function 'io_recvmsg': io_uring/net.c:415:32: warning: use of uninitialized value '*(int *)((char *)&iomsg + offsetof(struct io_async_msghdr, fast_iov[6].iov_len))' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 415 | struct io_async_msghdr iomsg, *kmsg; | ^~~~~ 'io_recvmsg': events 1-2 | | 415 | struct io_async_msghdr iomsg, *kmsg; | | ^~~~~ | | | | | (1) region created on stack here | | (2) use of uninitialized value '*(int *)((char *)&iomsg + offsetof(struct io_async_msghdr, fast_iov[6].iov_len))' here | io_uring/net.c: In function 'io_recv': io_uring/net.c:492:23: warning: use of uninitialized value '*(int *)((char *)&msg + offsetof(struct msghdr, msg_control_is_user))' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 492 | struct msghdr msg; | ^~~ 'io_recv': events 1-2 | | 492 | struct msghdr msg; | | ^~~ | | | | | (1) region created on stack here | | (2) use of uninitialized value '*(int *)((char *)&msg + offsetof(struct msghdr, msg_control_is_user))' here | vim +235 io_uring/net.c f9ead18c10589a Jens Axboe 2022-05-25 231 f9ead18c10589a Jens Axboe 2022-05-25 232 int io_send(struct io_kiocb *req, unsigned int issue_flags) f9ead18c10589a Jens Axboe 2022-05-25 233 { f9ead18c10589a Jens Axboe 2022-05-25 234 struct io_sr_msg *sr = io_kiocb_to_cmd(req); f9ead18c10589a Jens Axboe 2022-05-25 @235 struct msghdr msg; f9ead18c10589a Jens Axboe 2022-05-25 236 struct iovec iov; f9ead18c10589a Jens Axboe 2022-05-25 237 struct socket *sock; f9ead18c10589a Jens Axboe 2022-05-25 238 unsigned flags; f9ead18c10589a Jens Axboe 2022-05-25 239 int min_ret = 0; f9ead18c10589a Jens Axboe 2022-05-25 240 int ret; f9ead18c10589a Jens Axboe 2022-05-25 241 f9ead18c10589a Jens Axboe 2022-05-25 242 if (!(req->flags & REQ_F_POLLED) && f9ead18c10589a Jens Axboe 2022-05-25 243 (sr->flags & IORING_RECVSEND_POLL_FIRST)) f9ead18c10589a Jens Axboe 2022-05-25 244 return -EAGAIN; f9ead18c10589a Jens Axboe 2022-05-25 245 f9ead18c10589a Jens Axboe 2022-05-25 246 sock = sock_from_file(req->file); f9ead18c10589a Jens Axboe 2022-05-25 247 if (unlikely(!sock)) f9ead18c10589a Jens Axboe 2022-05-25 248 return -ENOTSOCK; f9ead18c10589a Jens Axboe 2022-05-25 249 f9ead18c10589a Jens Axboe 2022-05-25 250 ret = import_single_range(WRITE, sr->buf, sr->len, &iov, &msg.msg_iter); f9ead18c10589a Jens Axboe 2022-05-25 251 if (unlikely(ret)) f9ead18c10589a Jens Axboe 2022-05-25 252 return ret; f9ead18c10589a Jens Axboe 2022-05-25 253 f9ead18c10589a Jens Axboe 2022-05-25 254 msg.msg_name = NULL; f9ead18c10589a Jens Axboe 2022-05-25 255 msg.msg_control = NULL; f9ead18c10589a Jens Axboe 2022-05-25 256 msg.msg_controllen = 0; f9ead18c10589a Jens Axboe 2022-05-25 257 msg.msg_namelen = 0; f9ead18c10589a Jens Axboe 2022-05-25 258 f9ead18c10589a Jens Axboe 2022-05-25 259 flags = sr->msg_flags; f9ead18c10589a Jens Axboe 2022-05-25 260 if (issue_flags & IO_URING_F_NONBLOCK) f9ead18c10589a Jens Axboe 2022-05-25 261 flags |= MSG_DONTWAIT; f9ead18c10589a Jens Axboe 2022-05-25 262 if (flags & MSG_WAITALL) f9ead18c10589a Jens Axboe 2022-05-25 263 min_ret = iov_iter_count(&msg.msg_iter); f9ead18c10589a Jens Axboe 2022-05-25 264 f9ead18c10589a Jens Axboe 2022-05-25 265 msg.msg_flags = flags; f9ead18c10589a Jens Axboe 2022-05-25 266 ret = sock_sendmsg(sock, &msg); f9ead18c10589a Jens Axboe 2022-05-25 267 if (ret < min_ret) { f9ead18c10589a Jens Axboe 2022-05-25 268 if (ret == -EAGAIN && (issue_flags & IO_URING_F_NONBLOCK)) f9ead18c10589a Jens Axboe 2022-05-25 269 return -EAGAIN; f9ead18c10589a Jens Axboe 2022-05-25 270 if (ret == -ERESTARTSYS) f9ead18c10589a Jens Axboe 2022-05-25 271 ret = -EINTR; f9ead18c10589a Jens Axboe 2022-05-25 272 if (ret > 0 && io_net_retry(sock, flags)) { f9ead18c10589a Jens Axboe 2022-05-25 273 sr->len -= ret; f9ead18c10589a Jens Axboe 2022-05-25 274 sr->buf += ret; f9ead18c10589a Jens Axboe 2022-05-25 275 sr->done_io += ret; f9ead18c10589a Jens Axboe 2022-05-25 276 req->flags |= REQ_F_PARTIAL_IO; f9ead18c10589a Jens Axboe 2022-05-25 277 return -EAGAIN; f9ead18c10589a Jens Axboe 2022-05-25 278 } f9ead18c10589a Jens Axboe 2022-05-25 279 req_set_fail(req); f9ead18c10589a Jens Axboe 2022-05-25 280 } f9ead18c10589a Jens Axboe 2022-05-25 281 if (ret >= 0) f9ead18c10589a Jens Axboe 2022-05-25 282 ret += sr->done_io; f9ead18c10589a Jens Axboe 2022-05-25 283 else if (sr->done_io) f9ead18c10589a Jens Axboe 2022-05-25 284 ret = sr->done_io; f9ead18c10589a Jens Axboe 2022-05-25 285 io_req_set_res(req, ret, 0); f9ead18c10589a Jens Axboe 2022-05-25 286 return IOU_OK; f9ead18c10589a Jens Axboe 2022-05-25 287 } f9ead18c10589a Jens Axboe 2022-05-25 288 f9ead18c10589a Jens Axboe 2022-05-25 289 static int __io_recvmsg_copy_hdr(struct io_kiocb *req, f9ead18c10589a Jens Axboe 2022-05-25 290 struct io_async_msghdr *iomsg) f9ead18c10589a Jens Axboe 2022-05-25 291 { f9ead18c10589a Jens Axboe 2022-05-25 292 struct io_sr_msg *sr = io_kiocb_to_cmd(req); f9ead18c10589a Jens Axboe 2022-05-25 @293 struct iovec __user *uiov; f9ead18c10589a Jens Axboe 2022-05-25 294 size_t iov_len; f9ead18c10589a Jens Axboe 2022-05-25 295 int ret; f9ead18c10589a Jens Axboe 2022-05-25 296 f9ead18c10589a Jens Axboe 2022-05-25 297 ret = __copy_msghdr_from_user(&iomsg->msg, sr->umsg, f9ead18c10589a Jens Axboe 2022-05-25 298 &iomsg->uaddr, &uiov, &iov_len); f9ead18c10589a Jens Axboe 2022-05-25 299 if (ret) f9ead18c10589a Jens Axboe 2022-05-25 300 return ret; f9ead18c10589a Jens Axboe 2022-05-25 301 f9ead18c10589a Jens Axboe 2022-05-25 302 if (req->flags & REQ_F_BUFFER_SELECT) { f9ead18c10589a Jens Axboe 2022-05-25 303 if (iov_len > 1) f9ead18c10589a Jens Axboe 2022-05-25 304 return -EINVAL; f9ead18c10589a Jens Axboe 2022-05-25 305 if (copy_from_user(iomsg->fast_iov, uiov, sizeof(*uiov))) f9ead18c10589a Jens Axboe 2022-05-25 306 return -EFAULT; f9ead18c10589a Jens Axboe 2022-05-25 307 sr->len = iomsg->fast_iov[0].iov_len; f9ead18c10589a Jens Axboe 2022-05-25 308 iomsg->free_iov = NULL; f9ead18c10589a Jens Axboe 2022-05-25 309 } else { f9ead18c10589a Jens Axboe 2022-05-25 310 iomsg->free_iov = iomsg->fast_iov; f9ead18c10589a Jens Axboe 2022-05-25 311 ret = __import_iovec(READ, uiov, iov_len, UIO_FASTIOV, f9ead18c10589a Jens Axboe 2022-05-25 312 &iomsg->free_iov, &iomsg->msg.msg_iter, f9ead18c10589a Jens Axboe 2022-05-25 313 false); f9ead18c10589a Jens Axboe 2022-05-25 314 if (ret > 0) f9ead18c10589a Jens Axboe 2022-05-25 315 ret = 0; f9ead18c10589a Jens Axboe 2022-05-25 316 } f9ead18c10589a Jens Axboe 2022-05-25 317 f9ead18c10589a Jens Axboe 2022-05-25 318 return ret; f9ead18c10589a Jens Axboe 2022-05-25 319 } f9ead18c10589a Jens Axboe 2022-05-25 320 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
