Re: drivers/char/ipmi/ipmi_msghandler.c:5283:17: warning: 'strncpy' specified bound 11 equals destination size

From: Kefeng Wang
Date: Tue Apr 12 2022 - 22:30:25 EST



On 2022/4/13 8:16, Corey Minyard wrote:
On Wed, Apr 13, 2022 at 01:14:04AM +0800, kernel test robot wrote:
Hi Kefeng,

FYI, the error/warning still remains.

tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: ce522ba9ef7e2d9fb22a39eb3371c0c64e2a433e
commit: dd03762ab608e058c8f390ad9cf667e490089796 arm64: Enable KCSAN
date: 4 months ago
config: arm64-buildonly-randconfig-r003-20220412 (https://download.01.org/0day-ci/archive/20220413/202204130109.hJ8G1iNz-lkp@xxxxxxxxx/config)
compiler: aarch64-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dd03762ab608e058c8f390ad9cf667e490089796
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout dd03762ab608e058c8f390ad9cf667e490089796
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=arm64 SHELL=/bin/bash

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>

All warnings (new ones prefixed by >>):

drivers/char/ipmi/ipmi_msghandler.c: In function 'send_panic_events':
drivers/char/ipmi/ipmi_msghandler.c:5283:17: warning: 'strncpy' specified bound 11 equals destination size [-Wstringop-truncation]
5283 | strncpy(data+5, p, 11);
| ^~~~~~~~~~~~~~~~~~~~~~
This is not a bug. That's an 11 byte field that should be filled with
zeros at the end if the string is <11 bytes, but is not nil terminated
if it's 11 bytes. So strncpy does exactly what is needed.

Is there any way to shut off this warning?
I think we can use strscpy or strscpy_pad to silence it.

-corey


vim +/strncpy +5283 drivers/char/ipmi/ipmi_msghandler.c

^1da177e4c3f41 Linus Torvalds 2005-04-16 5143
a567b6230066e3 Corey Minyard 2018-04-05 5144 static void send_panic_events(struct ipmi_smi *intf, char *str)
^1da177e4c3f41 Linus Torvalds 2005-04-16 5145 {
^1da177e4c3f41 Linus Torvalds 2005-04-16 5146 struct kernel_ipmi_msg msg;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5147 unsigned char data[16];
^1da177e4c3f41 Linus Torvalds 2005-04-16 5148 struct ipmi_system_interface_addr *si;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5149 struct ipmi_addr addr;
91e2dd0a47bae1 Corey Minyard 2018-03-28 5150 char *p = str;
91e2dd0a47bae1 Corey Minyard 2018-03-28 5151 struct ipmi_ipmb_addr *ipmb;
91e2dd0a47bae1 Corey Minyard 2018-03-28 5152 int j;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5153
1c9f98d1bfbd06 Corey Minyard 2017-08-18 5154 if (ipmi_send_panic_event == IPMI_SEND_PANIC_EVENT_NONE)
1c9f98d1bfbd06 Corey Minyard 2017-08-18 5155 return;
1c9f98d1bfbd06 Corey Minyard 2017-08-18 5156
^1da177e4c3f41 Linus Torvalds 2005-04-16 5157 si = (struct ipmi_system_interface_addr *) &addr;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5158 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5159 si->channel = IPMI_BMC_CHANNEL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5160 si->lun = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5161
^1da177e4c3f41 Linus Torvalds 2005-04-16 5162 /* Fill in an event telling that we have failed. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5163 msg.netfn = 0x04; /* Sensor or Event. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5164 msg.cmd = 2; /* Platform event command. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5165 msg.data = data;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5166 msg.data_len = 8;
cda315aba34ff4 Matt Domsch 2005-12-12 5167 data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5168 data[1] = 0x03; /* This is for IPMI 1.0. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5169 data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5170 data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5171 data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5172
c70d749986f6f1 Corey Minyard 2008-04-29 5173 /*
c70d749986f6f1 Corey Minyard 2008-04-29 5174 * Put a few breadcrumbs in. Hopefully later we can add more things
c70d749986f6f1 Corey Minyard 2008-04-29 5175 * to make the panic events more useful.
c70d749986f6f1 Corey Minyard 2008-04-29 5176 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5177 if (str) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 5178 data[3] = str[0];
^1da177e4c3f41 Linus Torvalds 2005-04-16 5179 data[6] = str[1];
^1da177e4c3f41 Linus Torvalds 2005-04-16 5180 data[7] = str[2];
^1da177e4c3f41 Linus Torvalds 2005-04-16 5181 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 5182
^1da177e4c3f41 Linus Torvalds 2005-04-16 5183 /* Send the event announcing the panic. */
895dcfd1cab84d Corey Minyard 2012-03-28 5184 ipmi_panic_request_and_wait(intf, &addr, &msg);
^1da177e4c3f41 Linus Torvalds 2005-04-16 5185
c70d749986f6f1 Corey Minyard 2008-04-29 5186 /*
c70d749986f6f1 Corey Minyard 2008-04-29 5187 * On every interface, dump a bunch of OEM event holding the
c70d749986f6f1 Corey Minyard 2008-04-29 5188 * string.
c70d749986f6f1 Corey Minyard 2008-04-29 5189 */
1c9f98d1bfbd06 Corey Minyard 2017-08-18 5190 if (ipmi_send_panic_event != IPMI_SEND_PANIC_EVENT_STRING || !str)
^1da177e4c3f41 Linus Torvalds 2005-04-16 5191 return;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5192
78ba2faf71c639 Corey Minyard 2007-02-10 5193 /*
78ba2faf71c639 Corey Minyard 2007-02-10 5194 * intf_num is used as an marker to tell if the
78ba2faf71c639 Corey Minyard 2007-02-10 5195 * interface is valid. Thus we need a read barrier to
78ba2faf71c639 Corey Minyard 2007-02-10 5196 * make sure data fetched before checking intf_num
78ba2faf71c639 Corey Minyard 2007-02-10 5197 * won't be used.
78ba2faf71c639 Corey Minyard 2007-02-10 5198 */
78ba2faf71c639 Corey Minyard 2007-02-10 5199 smp_rmb();
78ba2faf71c639 Corey Minyard 2007-02-10 5200
c70d749986f6f1 Corey Minyard 2008-04-29 5201 /*
c70d749986f6f1 Corey Minyard 2008-04-29 5202 * First job here is to figure out where to send the
c70d749986f6f1 Corey Minyard 2008-04-29 5203 * OEM events. There's no way in IPMI to send OEM
c70d749986f6f1 Corey Minyard 2008-04-29 5204 * events using an event send command, so we have to
c70d749986f6f1 Corey Minyard 2008-04-29 5205 * find the SEL to put them in and stick them in
c70d749986f6f1 Corey Minyard 2008-04-29 5206 * there.
c70d749986f6f1 Corey Minyard 2008-04-29 5207 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5208
^1da177e4c3f41 Linus Torvalds 2005-04-16 5209 /* Get capabilities from the get device id. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5210 intf->local_sel_device = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5211 intf->local_event_generator = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5212 intf->event_receiver = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5213
^1da177e4c3f41 Linus Torvalds 2005-04-16 5214 /* Request the device info from the local MC. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5215 msg.netfn = IPMI_NETFN_APP_REQUEST;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5216 msg.cmd = IPMI_GET_DEVICE_ID_CMD;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5217 msg.data = NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5218 msg.data_len = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5219 intf->null_user_handler = device_id_fetcher;
895dcfd1cab84d Corey Minyard 2012-03-28 5220 ipmi_panic_request_and_wait(intf, &addr, &msg);
^1da177e4c3f41 Linus Torvalds 2005-04-16 5221
^1da177e4c3f41 Linus Torvalds 2005-04-16 5222 if (intf->local_event_generator) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 5223 /* Request the event receiver from the local MC. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5224 msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5225 msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5226 msg.data = NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5227 msg.data_len = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5228 intf->null_user_handler = event_receiver_fetcher;
895dcfd1cab84d Corey Minyard 2012-03-28 5229 ipmi_panic_request_and_wait(intf, &addr, &msg);
^1da177e4c3f41 Linus Torvalds 2005-04-16 5230 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 5231 intf->null_user_handler = NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5232
c70d749986f6f1 Corey Minyard 2008-04-29 5233 /*
c70d749986f6f1 Corey Minyard 2008-04-29 5234 * Validate the event receiver. The low bit must not
c70d749986f6f1 Corey Minyard 2008-04-29 5235 * be 1 (it must be a valid IPMB address), it cannot
c70d749986f6f1 Corey Minyard 2008-04-29 5236 * be zero, and it must not be my address.
c70d749986f6f1 Corey Minyard 2008-04-29 5237 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5238 if (((intf->event_receiver & 1) == 0)
^1da177e4c3f41 Linus Torvalds 2005-04-16 5239 && (intf->event_receiver != 0)
5fdb1fb2abe647 Corey Minyard 2017-09-05 5240 && (intf->event_receiver != intf->addrinfo[0].address)) {
c70d749986f6f1 Corey Minyard 2008-04-29 5241 /*
c70d749986f6f1 Corey Minyard 2008-04-29 5242 * The event receiver is valid, send an IPMB
c70d749986f6f1 Corey Minyard 2008-04-29 5243 * message.
c70d749986f6f1 Corey Minyard 2008-04-29 5244 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5245 ipmb = (struct ipmi_ipmb_addr *) &addr;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5246 ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5247 ipmb->channel = 0; /* FIXME - is this right? */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5248 ipmb->lun = intf->event_receiver_lun;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5249 ipmb->slave_addr = intf->event_receiver;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5250 } else if (intf->local_sel_device) {
c70d749986f6f1 Corey Minyard 2008-04-29 5251 /*
c70d749986f6f1 Corey Minyard 2008-04-29 5252 * The event receiver was not valid (or was
c70d749986f6f1 Corey Minyard 2008-04-29 5253 * me), but I am an SEL device, just dump it
c70d749986f6f1 Corey Minyard 2008-04-29 5254 * in my SEL.
c70d749986f6f1 Corey Minyard 2008-04-29 5255 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5256 si = (struct ipmi_system_interface_addr *) &addr;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5257 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5258 si->channel = IPMI_BMC_CHANNEL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5259 si->lun = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5260 } else
91e2dd0a47bae1 Corey Minyard 2018-03-28 5261 return; /* No where to send the event. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5262
^1da177e4c3f41 Linus Torvalds 2005-04-16 5263 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 5264 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5265 msg.data = data;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5266 msg.data_len = 16;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5267
^1da177e4c3f41 Linus Torvalds 2005-04-16 5268 j = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5269 while (*p) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 5270 int size = strlen(p);
^1da177e4c3f41 Linus Torvalds 2005-04-16 5271
^1da177e4c3f41 Linus Torvalds 2005-04-16 5272 if (size > 11)
^1da177e4c3f41 Linus Torvalds 2005-04-16 5273 size = 11;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5274 data[0] = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5275 data[1] = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5276 data[2] = 0xf0; /* OEM event without timestamp. */
5fdb1fb2abe647 Corey Minyard 2017-09-05 5277 data[3] = intf->addrinfo[0].address;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5278 data[4] = j++; /* sequence # */
c70d749986f6f1 Corey Minyard 2008-04-29 5279 /*
c70d749986f6f1 Corey Minyard 2008-04-29 5280 * Always give 11 bytes, so strncpy will fill
c70d749986f6f1 Corey Minyard 2008-04-29 5281 * it with zeroes for me.
c70d749986f6f1 Corey Minyard 2008-04-29 5282 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 @5283 strncpy(data+5, p, 11);
^1da177e4c3f41 Linus Torvalds 2005-04-16 5284 p += size;
^1da177e4c3f41 Linus Torvalds 2005-04-16 5285
895dcfd1cab84d Corey Minyard 2012-03-28 5286 ipmi_panic_request_and_wait(intf, &addr, &msg);
^1da177e4c3f41 Linus Torvalds 2005-04-16 5287 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 5288 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 5289

:::::: The code at line 5283 was first introduced by commit
:::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2

:::::: TO: Linus Torvalds <torvalds@xxxxxxxxxxxxxxx>
:::::: CC: Linus Torvalds <torvalds@xxxxxxxxxxxxxxx>

--
0-DAY CI Kernel Test Service
https://01.org/lkp
.