Re: [PATCH v2] net: usb: lan78xx: Limit packet length to skb->len

From: kernel test robot
Date: Sat Mar 18 2023 - 03:10:00 EST

Next message: zhuyinbo: "Re: [PATCH v2 2/2] spi: loongson: add bus driver for the loongson spi controller"
Previous message: Kalle Valo: "Re: [PATCH] Added Netgear AXE3000 (A8000) usb_device_id to mt7921u_device_table[]"
In reply to: Jakub Kicinski: "Re: [PATCH v2] net: usb: lan78xx: Limit packet length to skb->len"
Next in thread: Greg KH: "Re: [PATCH v2] net: usb: lan78xx: Limit packet length to skb->len"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Szymon,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on net-next/main]
[also build test WARNING on net/main linus/master v6.3-rc2 next-20230317]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url: https://github.com/intel-lab-lkp/linux/commits/Szymon-Heidrich/net-usb-lan78xx-Limit-packet-length-to-skb-len/20230318-013659
patch link: https://lore.kernel.org/r/20230317173606.91426-1-szymon.heidrich%40gmail.com
patch subject: [PATCH v2] net: usb: lan78xx: Limit packet length to skb->len
config: s390-randconfig-r003-20230318 (https://download.01.org/0day-ci/archive/20230318/202303181417.1MZBovse-lkp@xxxxxxxxx/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project 67409911353323ca5edf2049ef0df54132fa1ca7)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install s390 cross compiling tool for clang build
# apt-get install binutils-s390x-linux-gnu
# https://github.com/intel-lab-lkp/linux/commit/17c060ef752f4a1366ed7d8e62ba5f64f654eced
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Szymon-Heidrich/net-usb-lan78xx-Limit-packet-length-to-skb-len/20230318-013659
git checkout 17c060ef752f4a1366ed7d8e62ba5f64f654eced
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=s390 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=s390 SHELL=/bin/bash drivers/net/usb/

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Link: https://lore.kernel.org/oe-kbuild-all/202303181417.1MZBovse-lkp@xxxxxxxxx/

All warnings (new ones prefixed by >>):

In file included from drivers/net/usb/lan78xx.c:6:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:28:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from drivers/net/usb/lan78xx.c:6:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:28:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from drivers/net/usb/lan78xx.c:6:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:28:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:692:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:700:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:708:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:717:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:726:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:735:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
>> drivers/net/usb/lan78xx.c:3603:20: warning: mixing declarations and code is incompatible with standards before C99 [-Wdeclaration-after-statement]
struct sk_buff *skb2;
^
13 warnings generated.

vim +3603 drivers/net/usb/lan78xx.c

55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3552
ec4c7e12396b1a John Efstathiades 2021-11-18 3553 static int lan78xx_rx(struct lan78xx_net *dev, struct sk_buff *skb,
ec4c7e12396b1a John Efstathiades 2021-11-18 3554 int budget, int *work_done)
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3555 {
0dd87266c1337d John Efstathiades 2021-11-18 3556 if (skb->len < RX_SKB_MIN_LEN)
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3557 return 0;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3558
ec4c7e12396b1a John Efstathiades 2021-11-18 3559 /* Extract frames from the URB buffer and pass each one to
ec4c7e12396b1a John Efstathiades 2021-11-18 3560 * the stack in a new NAPI SKB.
ec4c7e12396b1a John Efstathiades 2021-11-18 3561 */
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3562 while (skb->len > 0) {
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3563 u32 rx_cmd_a, rx_cmd_b, align_count, size;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3564 u16 rx_cmd_c;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3565 unsigned char *packet;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3566
bb448f8a60ea93 Chuhong Yuan 2019-07-19 3567 rx_cmd_a = get_unaligned_le32(skb->data);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3568 skb_pull(skb, sizeof(rx_cmd_a));
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3569
bb448f8a60ea93 Chuhong Yuan 2019-07-19 3570 rx_cmd_b = get_unaligned_le32(skb->data);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3571 skb_pull(skb, sizeof(rx_cmd_b));
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3572
bb448f8a60ea93 Chuhong Yuan 2019-07-19 3573 rx_cmd_c = get_unaligned_le16(skb->data);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3574 skb_pull(skb, sizeof(rx_cmd_c));
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3575
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3576 packet = skb->data;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3577
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3578 /* get the packet length */
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3579 size = (rx_cmd_a & RX_CMD_A_LEN_MASK_);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3580 align_count = (4 - ((size + RXW_PADDING) % 4)) % 4;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3581
17c060ef752f4a Szymon Heidrich 2023-03-17 3582 if (unlikely(size > skb->len)) {
17c060ef752f4a Szymon Heidrich 2023-03-17 3583 netif_dbg(dev, rx_err, dev->net,
17c060ef752f4a Szymon Heidrich 2023-03-17 3584 "size err rx_cmd_a=0x%08x\n",
17c060ef752f4a Szymon Heidrich 2023-03-17 3585 rx_cmd_a);
17c060ef752f4a Szymon Heidrich 2023-03-17 3586 return 0;
17c060ef752f4a Szymon Heidrich 2023-03-17 3587 }
17c060ef752f4a Szymon Heidrich 2023-03-17 3588
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3589 if (unlikely(rx_cmd_a & RX_CMD_A_RED_)) {
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3590 netif_dbg(dev, rx_err, dev->net,
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3591 "Error rx_cmd_a=0x%08x", rx_cmd_a);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3592 } else {
17c060ef752f4a Szymon Heidrich 2023-03-17 3593 u32 frame_len;
17c060ef752f4a Szymon Heidrich 2023-03-17 3594
17c060ef752f4a Szymon Heidrich 2023-03-17 3595 if (unlikely(size < ETH_FCS_LEN)) {
17c060ef752f4a Szymon Heidrich 2023-03-17 3596 netif_dbg(dev, rx_err, dev->net,
17c060ef752f4a Szymon Heidrich 2023-03-17 3597 "size err rx_cmd_a=0x%08x\n",
17c060ef752f4a Szymon Heidrich 2023-03-17 3598 rx_cmd_a);
17c060ef752f4a Szymon Heidrich 2023-03-17 3599 return 0;
17c060ef752f4a Szymon Heidrich 2023-03-17 3600 }
17c060ef752f4a Szymon Heidrich 2023-03-17 3601
17c060ef752f4a Szymon Heidrich 2023-03-17 3602 frame_len = size - ETH_FCS_LEN;
ec4c7e12396b1a John Efstathiades 2021-11-18 @3603 struct sk_buff *skb2;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3604
ec4c7e12396b1a John Efstathiades 2021-11-18 3605 skb2 = napi_alloc_skb(&dev->napi, frame_len);
ec4c7e12396b1a John Efstathiades 2021-11-18 3606 if (!skb2)
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3607 return 0;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3608
ec4c7e12396b1a John Efstathiades 2021-11-18 3609 memcpy(skb2->data, packet, frame_len);
ec4c7e12396b1a John Efstathiades 2021-11-18 3610
ec4c7e12396b1a John Efstathiades 2021-11-18 3611 skb_put(skb2, frame_len);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3612
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3613 lan78xx_rx_csum_offload(dev, skb2, rx_cmd_a, rx_cmd_b);
ec21ecf0aad279 Dave Stevenson 2018-06-25 3614 lan78xx_rx_vlan_offload(dev, skb2, rx_cmd_a, rx_cmd_b);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3615
ec4c7e12396b1a John Efstathiades 2021-11-18 3616 /* Processing of the URB buffer must complete once
ec4c7e12396b1a John Efstathiades 2021-11-18 3617 * it has started. If the NAPI work budget is exhausted
ec4c7e12396b1a John Efstathiades 2021-11-18 3618 * while frames remain they are added to the overflow
ec4c7e12396b1a John Efstathiades 2021-11-18 3619 * queue for delivery in the next NAPI polling cycle.
ec4c7e12396b1a John Efstathiades 2021-11-18 3620 */
ec4c7e12396b1a John Efstathiades 2021-11-18 3621 if (*work_done < budget) {
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3622 lan78xx_skb_return(dev, skb2);
ec4c7e12396b1a John Efstathiades 2021-11-18 3623 ++(*work_done);
ec4c7e12396b1a John Efstathiades 2021-11-18 3624 } else {
ec4c7e12396b1a John Efstathiades 2021-11-18 3625 skb_queue_tail(&dev->rxq_overflow, skb2);
ec4c7e12396b1a John Efstathiades 2021-11-18 3626 }
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3627 }
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3628
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3629 skb_pull(skb, size);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3630
ec4c7e12396b1a John Efstathiades 2021-11-18 3631 /* skip padding bytes before the next frame starts */
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3632 if (skb->len)
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3633 skb_pull(skb, align_count);
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3634 }
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3635
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3636 return 1;
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3637 }
55d7de9de6c30a Woojung.Huh@xxxxxxxxxxxxx 2015-07-30 3638

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests

Next message: zhuyinbo: "Re: [PATCH v2 2/2] spi: loongson: add bus driver for the loongson spi controller"
Previous message: Kalle Valo: "Re: [PATCH] Added Netgear AXE3000 (A8000) usb_device_id to mt7921u_device_table[]"
In reply to: Jakub Kicinski: "Re: [PATCH v2] net: usb: lan78xx: Limit packet length to skb->len"
Next in thread: Greg KH: "Re: [PATCH v2] net: usb: lan78xx: Limit packet length to skb->len"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]