Bug 1114566 - Warnings during kernel build
Warnings during kernel build
Status: RESOLVED MOVED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Kernel
Current
x86-64 openSUSE Factory
: P5 - None : Normal (vote)
: ---
Assigned To: E-mail List
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-11-03 09:45 UTC by Chris Ward
Modified: 2018-11-09 12:15 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Further warnings during kernel build (51.96 KB, text/plain)
2018-11-03 15:59 UTC, Chris Ward
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Ward 2018-11-03 09:45:07 UTC
I am doing a kernel build with CONFIG_SLUB set. I see the following warnings:
  CC      kernel/debug/kdb/kdb_io.o
kernel/debug/kdb/kdb_io.c: In function ‘kdb_getstr’:
kernel/debug/kdb/kdb_io.c:446:3: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
   strncpy(kdb_prompt_str, prompt, CMD_BUFLEN);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  CC      kernel/debug/kdb/kdb_main.o
In function ‘handle_ctrl_cmd’,
    inlined from ‘kdb_local.isra.6’ at kernel/debug/kdb/kdb_main.c:1323:10,
    inlined from ‘kdb_main_loop’ at kernel/debug/kdb/kdb_main.c:1422:12:
kernel/debug/kdb/kdb_main.c:1106:3: warning: ‘strncpy’ specified bound 200 equals destination size [-Wstringop-truncation]
   strncpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/debug/kdb/kdb_main.c:1111:3: warning: ‘strncpy’ specified bound 200 equals destination size [-Wstringop-truncation]
   strncpy(cmd_cur, cmd_hist[cmdptr], CMD_BUFLEN);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  CC      kernel/debug/kdb/kdb_support.o
kernel/debug/kdb/kdb_support.c: In function ‘kallsyms_symbol_next’:
kernel/debug/kdb/kdb_support.c:239:4: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
    strncpy(prefix_name, name, strlen(name)+1);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/debug/kdb/kdb_support.c:239:31: note: length computed here
    strncpy(prefix_name, name, strlen(name)+1);
                               ^~~~~~~~~~~~
which I think are about potential buffer overflows, nothing to do with the config option I have changed. They should be fixed, or fed upstream for fixing at kernel.org .
Comment 1 Chris Ward 2018-11-03 09:53:11 UTC
Also
  CC [M]  fs/ceph/mds_client.o
fs/ceph/mds_client.c: In function ‘ceph_mdsc_init’:
fs/ceph/mds_client.c:3647:2: warning: ‘strncpy’ output may be truncated copying 64 bytes from a string of length 64 [-Wstringop-truncation]
  strncpy(mdsc->nodename, utsname()->nodename,
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   sizeof(mdsc->nodename) - 1);
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comment 2 Chris Ward 2018-11-03 09:53:55 UTC
  CC [M]  fs/cifs/cifsencrypt.o
fs/cifs/cifsencrypt.c: In function ‘calc_lanman_hash’:
fs/cifs/cifsencrypt.c:306:3: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation]
   strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comment 3 Chris Ward 2018-11-03 09:54:49 UTC
  CC [M]  fs/configfs/symlink.o
In function ‘fill_item_path’,
    inlined from ‘configfs_get_target_path’ at fs/configfs/symlink.c:250:2,
    inlined from ‘configfs_getlink’ at fs/configfs/symlink.c:272:10,
    inlined from ‘configfs_get_link.part.9’ at fs/configfs/symlink.c:295:10,
    inlined from ‘configfs_get_link’:
fs/configfs/symlink.c:67:3: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
   strncpy(buffer + length,config_item_name(p),cur);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/configfs/symlink.c: In function ‘configfs_get_link’:
fs/configfs/symlink.c:63:13: note: length computed here
   int cur = strlen(config_item_name(p));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~
Comment 4 Chris Ward 2018-11-03 09:57:10 UTC
  CC      fs/ext4/super.o
fs/ext4/super.c: In function ‘__save_error_info’:
fs/ext4/super.c:326:2: warning: ‘strncpy’ specified bound 32 equals destination size [-Wstringop-truncation]
  strncpy(es->s_last_error_func, func, sizeof(es->s_last_error_func));
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/ext4/super.c:330:3: warning: ‘strncpy’ specified bound 32 equals destination size [-Wstringop-truncation]
   strncpy(es->s_first_error_func, func,
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    sizeof(es->s_first_error_func));
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comment 5 Chris Ward 2018-11-03 09:57:37 UTC
  CC [M]  fs/f2fs/namei.o
fs/f2fs/namei.c: In function ‘f2fs_update_extension_list’:
fs/f2fs/namei.c:257:3: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
   strncpy(extlist[cold_count], name, strlen(name));
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/namei.c:249:3: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
   strncpy(extlist[count], name, strlen(name));
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comment 6 Chris Ward 2018-11-03 09:59:56 UTC
  CC [M]  fs/hfsplus/xattr.o
fs/hfsplus/xattr.c: In function ‘copy_name’:
fs/hfsplus/xattr.c:416:3: warning: ‘strncpy’ output truncated before terminating nul copying 4 bytes from a string of the same length [-Wstringop-truncation]
   strncpy(buffer, XATTR_MAC_OSX_PREFIX, XATTR_MAC_OSX_PREFIX_LEN);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comment 7 Chris Ward 2018-11-03 10:02:13 UTC
  CC      fs/kernfs/symlink.o
In function ‘kernfs_get_target_path’,
    inlined from ‘kernfs_getlink.isra.2’ at fs/kernfs/symlink.c:109:10,
    inlined from ‘kernfs_iop_get_link.part.3’ at fs/kernfs/symlink.c:127:10,
    inlined from ‘kernfs_iop_get_link’:
fs/kernfs/symlink.c:91:3: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
   strncpy(s + len, kn->name, slen);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/kernfs/symlink.c: In function ‘kernfs_iop_get_link’:
fs/kernfs/symlink.c:88:14: note: length computed here
   int slen = strlen(kn->name);
              ^~~~~~~~~~~~~~~~
Comment 8 Chris Ward 2018-11-03 15:59:36 UTC
Created attachment 788338 [details]
Further warnings during kernel build

I have attached the rest of the warnings from the kernel build as a text file.
Comment 9 Takashi Iwai 2018-11-06 11:47:08 UTC
We try to keep the Tumbleweed kernel as close as to the upstream, so could you report this kind of issues rather to upstream at first?  Thanks.
Comment 10 Chris Ward 2018-11-07 13:16:39 UTC
I have emailed the LKML about this https://lkml.org/lkml/2018/11/7/628 . Is this sufficient, or is there a bug reporting web site that I should use ?
Comment 11 Takashi Iwai 2018-11-07 13:42:27 UTC
Most of subsystems prefer the individual report either on ML or on bugzilla.
There is a central bugzilla.kernel.org, but it's not used by all devs, unfortunately...

Regarding the warnings: yes, some of them looks really buggy.  For example, the first ones in kdb code look obviously bad.  I guess all usages should be replaced with strlcpy().  (The last one can be even equivalent with strcpy(), oh well.)

It'd be great if you can cook up and submit the fix patches to the upstream.  The corresponding subsystem is listed in MAINTAINERS file.  Feel free to put me in Cc if you need some help, too.
Comment 12 Takashi Iwai 2018-11-07 13:43:44 UTC
Actually, the latest recommended replacement is strscpy().  strlcpy() has a hairy downside, so we should use strscpy() instead if appropriate.
Comment 13 Takashi Iwai 2018-11-07 13:55:15 UTC
And I quickly looked through the latest tree (4.20-rc1), and the rest examples shown in the comments are OK.  Either they were already fixed, or they are correct usages of strncpy().  The only suspicious one is about kdb.

I haven't looked at the output in comment 8, but it appears to be obsoleted; many of them were already fixed.  So, if you would work on this, please check the latest code at first.
Comment 14 Chris Ward 2018-11-09 12:15:39 UTC
I have reported this upstream as https://bugzilla.kernel.org/show_bug.cgi?id=201629 . Closing here.