Re: [PATCH v2] net: usb: lan78xx: Limit packet length to skb->len

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Szymon,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on net-next/main]
[also build test WARNING on net/main linus/master v6.3-rc2 next-20230317]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Szymon-Heidrich/net-usb-lan78xx-Limit-packet-length-to-skb-len/20230318-013659
patch link:    https://lore.kernel.org/r/20230317173606.91426-1-szymon.heidrich%40gmail.com
patch subject: [PATCH v2] net: usb: lan78xx: Limit packet length to skb->len
config: s390-randconfig-r003-20230318 (https://download.01.org/0day-ci/archive/20230318/202303181417.1MZBovse-lkp@xxxxxxxxx/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project 67409911353323ca5edf2049ef0df54132fa1ca7)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install s390 cross compiling tool for clang build
        # apt-get install binutils-s390x-linux-gnu
        # https://github.com/intel-lab-lkp/linux/commit/17c060ef752f4a1366ed7d8e62ba5f64f654eced
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Szymon-Heidrich/net-usb-lan78xx-Limit-packet-length-to-skb-len/20230318-013659
        git checkout 17c060ef752f4a1366ed7d8e62ba5f64f654eced
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=s390 olddefconfig
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=s390 SHELL=/bin/bash drivers/net/usb/

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Link: https://lore.kernel.org/oe-kbuild-all/202303181417.1MZBovse-lkp@xxxxxxxxx/

All warnings (new ones prefixed by >>):

   In file included from drivers/net/usb/lan78xx.c:6:
   In file included from include/linux/netdevice.h:38:
   In file included from include/net/net_namespace.h:43:
   In file included from include/linux/skbuff.h:28:
   In file included from include/linux/dma-mapping.h:10:
   In file included from include/linux/scatterlist.h:9:
   In file included from arch/s390/include/asm/io.h:75:
   include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           val = __raw_readb(PCI_IOBASE + addr);
                             ~~~~~~~~~~ ^
   include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
                                                           ~~~~~~~~~~ ^
   include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
   #define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
                                                             ^
   include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
   #define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
                                                        ^
   In file included from drivers/net/usb/lan78xx.c:6:
   In file included from include/linux/netdevice.h:38:
   In file included from include/net/net_namespace.h:43:
   In file included from include/linux/skbuff.h:28:
   In file included from include/linux/dma-mapping.h:10:
   In file included from include/linux/scatterlist.h:9:
   In file included from arch/s390/include/asm/io.h:75:
   include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
                                                           ~~~~~~~~~~ ^
   include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
   #define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
                                                             ^
   include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
   #define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
                                                        ^
   In file included from drivers/net/usb/lan78xx.c:6:
   In file included from include/linux/netdevice.h:38:
   In file included from include/net/net_namespace.h:43:
   In file included from include/linux/skbuff.h:28:
   In file included from include/linux/dma-mapping.h:10:
   In file included from include/linux/scatterlist.h:9:
   In file included from arch/s390/include/asm/io.h:75:
   include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           __raw_writeb(value, PCI_IOBASE + addr);
                               ~~~~~~~~~~ ^
   include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           __raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
                                                         ~~~~~~~~~~ ^
   include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           __raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
                                                         ~~~~~~~~~~ ^
   include/asm-generic/io.h:692:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           readsb(PCI_IOBASE + addr, buffer, count);
                  ~~~~~~~~~~ ^
   include/asm-generic/io.h:700:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           readsw(PCI_IOBASE + addr, buffer, count);
                  ~~~~~~~~~~ ^
   include/asm-generic/io.h:708:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           readsl(PCI_IOBASE + addr, buffer, count);
                  ~~~~~~~~~~ ^
   include/asm-generic/io.h:717:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           writesb(PCI_IOBASE + addr, buffer, count);
                   ~~~~~~~~~~ ^
   include/asm-generic/io.h:726:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           writesw(PCI_IOBASE + addr, buffer, count);
                   ~~~~~~~~~~ ^
   include/asm-generic/io.h:735:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           writesl(PCI_IOBASE + addr, buffer, count);
                   ~~~~~~~~~~ ^
>> drivers/net/usb/lan78xx.c:3603:20: warning: mixing declarations and code is incompatible with standards before C99 [-Wdeclaration-after-statement]
                           struct sk_buff *skb2;
                                           ^
   13 warnings generated.


vim +3603 drivers/net/usb/lan78xx.c

55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3552  
ec4c7e12396b1a John Efstathiades         2021-11-18  3553  static int lan78xx_rx(struct lan78xx_net *dev, struct sk_buff *skb,
ec4c7e12396b1a John Efstathiades         2021-11-18  3554  		      int budget, int *work_done)
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3555  {
0dd87266c1337d John Efstathiades         2021-11-18  3556  	if (skb->len < RX_SKB_MIN_LEN)
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3557  		return 0;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3558  
ec4c7e12396b1a John Efstathiades         2021-11-18  3559  	/* Extract frames from the URB buffer and pass each one to
ec4c7e12396b1a John Efstathiades         2021-11-18  3560  	 * the stack in a new NAPI SKB.
ec4c7e12396b1a John Efstathiades         2021-11-18  3561  	 */
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3562  	while (skb->len > 0) {
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3563  		u32 rx_cmd_a, rx_cmd_b, align_count, size;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3564  		u16 rx_cmd_c;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3565  		unsigned char *packet;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3566  
bb448f8a60ea93 Chuhong Yuan              2019-07-19  3567  		rx_cmd_a = get_unaligned_le32(skb->data);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3568  		skb_pull(skb, sizeof(rx_cmd_a));
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3569  
bb448f8a60ea93 Chuhong Yuan              2019-07-19  3570  		rx_cmd_b = get_unaligned_le32(skb->data);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3571  		skb_pull(skb, sizeof(rx_cmd_b));
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3572  
bb448f8a60ea93 Chuhong Yuan              2019-07-19  3573  		rx_cmd_c = get_unaligned_le16(skb->data);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3574  		skb_pull(skb, sizeof(rx_cmd_c));
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3575  
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3576  		packet = skb->data;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3577  
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3578  		/* get the packet length */
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3579  		size = (rx_cmd_a & RX_CMD_A_LEN_MASK_);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3580  		align_count = (4 - ((size + RXW_PADDING) % 4)) % 4;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3581  
17c060ef752f4a Szymon Heidrich           2023-03-17  3582  		if (unlikely(size > skb->len)) {
17c060ef752f4a Szymon Heidrich           2023-03-17  3583  			netif_dbg(dev, rx_err, dev->net,
17c060ef752f4a Szymon Heidrich           2023-03-17  3584  				  "size err rx_cmd_a=0x%08x\n",
17c060ef752f4a Szymon Heidrich           2023-03-17  3585  				  rx_cmd_a);
17c060ef752f4a Szymon Heidrich           2023-03-17  3586  			return 0;
17c060ef752f4a Szymon Heidrich           2023-03-17  3587  		}
17c060ef752f4a Szymon Heidrich           2023-03-17  3588  
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3589  		if (unlikely(rx_cmd_a & RX_CMD_A_RED_)) {
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3590  			netif_dbg(dev, rx_err, dev->net,
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3591  				  "Error rx_cmd_a=0x%08x", rx_cmd_a);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3592  		} else {
17c060ef752f4a Szymon Heidrich           2023-03-17  3593  			u32 frame_len;
17c060ef752f4a Szymon Heidrich           2023-03-17  3594  
17c060ef752f4a Szymon Heidrich           2023-03-17  3595  			if (unlikely(size < ETH_FCS_LEN)) {
17c060ef752f4a Szymon Heidrich           2023-03-17  3596  				netif_dbg(dev, rx_err, dev->net,
17c060ef752f4a Szymon Heidrich           2023-03-17  3597  					  "size err rx_cmd_a=0x%08x\n",
17c060ef752f4a Szymon Heidrich           2023-03-17  3598  					  rx_cmd_a);
17c060ef752f4a Szymon Heidrich           2023-03-17  3599  				return 0;
17c060ef752f4a Szymon Heidrich           2023-03-17  3600  			}
17c060ef752f4a Szymon Heidrich           2023-03-17  3601  
17c060ef752f4a Szymon Heidrich           2023-03-17  3602  			frame_len = size - ETH_FCS_LEN;
ec4c7e12396b1a John Efstathiades         2021-11-18 @3603  			struct sk_buff *skb2;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3604  
ec4c7e12396b1a John Efstathiades         2021-11-18  3605  			skb2 = napi_alloc_skb(&dev->napi, frame_len);
ec4c7e12396b1a John Efstathiades         2021-11-18  3606  			if (!skb2)
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3607  				return 0;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3608  
ec4c7e12396b1a John Efstathiades         2021-11-18  3609  			memcpy(skb2->data, packet, frame_len);
ec4c7e12396b1a John Efstathiades         2021-11-18  3610  
ec4c7e12396b1a John Efstathiades         2021-11-18  3611  			skb_put(skb2, frame_len);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3612  
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3613  			lan78xx_rx_csum_offload(dev, skb2, rx_cmd_a, rx_cmd_b);
ec21ecf0aad279 Dave Stevenson            2018-06-25  3614  			lan78xx_rx_vlan_offload(dev, skb2, rx_cmd_a, rx_cmd_b);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3615  
ec4c7e12396b1a John Efstathiades         2021-11-18  3616  			/* Processing of the URB buffer must complete once
ec4c7e12396b1a John Efstathiades         2021-11-18  3617  			 * it has started. If the NAPI work budget is exhausted
ec4c7e12396b1a John Efstathiades         2021-11-18  3618  			 * while frames remain they are added to the overflow
ec4c7e12396b1a John Efstathiades         2021-11-18  3619  			 * queue for delivery in the next NAPI polling cycle.
ec4c7e12396b1a John Efstathiades         2021-11-18  3620  			 */
ec4c7e12396b1a John Efstathiades         2021-11-18  3621  			if (*work_done < budget) {
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3622  				lan78xx_skb_return(dev, skb2);
ec4c7e12396b1a John Efstathiades         2021-11-18  3623  				++(*work_done);
ec4c7e12396b1a John Efstathiades         2021-11-18  3624  			} else {
ec4c7e12396b1a John Efstathiades         2021-11-18  3625  				skb_queue_tail(&dev->rxq_overflow, skb2);
ec4c7e12396b1a John Efstathiades         2021-11-18  3626  			}
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3627  		}
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3628  
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3629  		skb_pull(skb, size);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3630  
ec4c7e12396b1a John Efstathiades         2021-11-18  3631  		/* skip padding bytes before the next frame starts */
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3632  		if (skb->len)
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3633  			skb_pull(skb, align_count);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3634  	}
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3635  
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3636  	return 1;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3637  }
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30  3638  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux