diff mbox series

net: avoid build bug in skb extension length calculation

Message ID 20231218-net-skbuff-build-bug-v1-1-eefc2fb0a7d3@weissschuh.net (mailing list archive)
State Accepted
Commit d6e5794b06c0fab74fe6e4fa55d508a5ceb14735
Delegated to: Netdev Maintainers
Headers show
Series net: avoid build bug in skb extension length calculation | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1117 this patch: 1117
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang fail Errors and warnings before: 12 this patch: 12
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 1144 this patch: 1144
netdev/checkpatch warning WARNING: Use a single space after Cc:
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Thomas Weißschuh Dec. 18, 2023, 5:06 p.m. UTC 
GCC seems to incorrectly fail to evaluate skb_ext_total_length() at
compile time under certain conditions.

The issue even occurs if all values in skb_ext_type_len[] are "0",
ruling out the possibility of an actual overflow.

As the patch has been in mainline since v6.6 without triggering the
problem it seems to be a very uncommon occurrence.

As the issue only occurs when -fno-tree-loop-im is specified as part of
CFLAGS_GCOV, disable the BUILD_BUG_ON() only when building with coverage
reporting enabled.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202312171924.4FozI5FG-lkp@intel.com/
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/lkml/487cfd35-fe68-416f-9bfd-6bb417f98304@app.fastmail.com/
Fixes: 5d21d0a65b57 ("net: generalize calculation of skb extensions length")
Cc:  <stable@vger.kernel.org>
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
---
 net/core/skbuff.c | 2 ++
 1 file changed, 2 insertions(+)


---
base-commit: ceb6a6f023fd3e8b07761ed900352ef574010bcb
change-id: 20231218-net-skbuff-build-bug-4a7c1103d0a6

Best regards,

Comments

Arnd Bergmann Dec. 18, 2023, 8:12 p.m. UTC | #1 
On Mon, Dec 18, 2023, at 17:06, Thomas Weißschuh wrote:
> GCC seems to incorrectly fail to evaluate skb_ext_total_length() at
> compile time under certain conditions.
>
> The issue even occurs if all values in skb_ext_type_len[] are "0",
> ruling out the possibility of an actual overflow.
>
> As the patch has been in mainline since v6.6 without triggering the
> problem it seems to be a very uncommon occurrence.
>
> As the issue only occurs when -fno-tree-loop-im is specified as part of
> CFLAGS_GCOV, disable the BUILD_BUG_ON() only when building with coverage
> reporting enabled.
>
> Reported-by: kernel test robot <lkp@intel.com>
> Closes: 
> https://lore.kernel.org/oe-kbuild-all/202312171924.4FozI5FG-lkp@intel.com/
> Suggested-by: Arnd Bergmann <arnd@arndb.de>
> Link: 
> https://lore.kernel.org/lkml/487cfd35-fe68-416f-9bfd-6bb417f98304@app.fastmail.com/
> Fixes: 5d21d0a65b57 ("net: generalize calculation of skb extensions 
> length")
> Cc:  <stable@vger.kernel.org>
> Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>

Acked-by: Arnd Bergmann <arnd@arndb.de>

> ---
>  net/core/skbuff.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> index 83af8aaeb893..94cc40a6f797 100644
> --- a/net/core/skbuff.c
> +++ b/net/core/skbuff.c
> @@ -4825,7 +4825,9 @@ static __always_inline unsigned int 
> skb_ext_total_length(void)
>  static void skb_extensions_init(void)
>  {
>  	BUILD_BUG_ON(SKB_EXT_NUM >= 8);
> +#if !IS_ENABLED(CONFIG_KCOV_INSTRUMENT_ALL)
>  	BUILD_BUG_ON(skb_ext_total_length() > 255);
> +#endif

The way I would write this is

BUILD_BUG_ON(!IS_ENABLED(CONFIG_KCOV_INSTRUMENT_ALL) &&
             skb_ext_total_length() > 255);

but of course the effect is the same.

     Arnd
patchwork-bot+netdevbpf@kernel.org Dec. 21, 2023, 7:40 a.m. UTC | #2 
Hello:

This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@redhat.com>:

On Mon, 18 Dec 2023 18:06:54 +0100 you wrote:
> GCC seems to incorrectly fail to evaluate skb_ext_total_length() at
> compile time under certain conditions.
> 
> The issue even occurs if all values in skb_ext_type_len[] are "0",
> ruling out the possibility of an actual overflow.
> 
> As the patch has been in mainline since v6.6 without triggering the
> problem it seems to be a very uncommon occurrence.
> 
> [...]

Here is the summary with links:
  - net: avoid build bug in skb extension length calculation
    https://git.kernel.org/netdev/net/c/d6e5794b06c0

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 83af8aaeb893..94cc40a6f797 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4825,7 +4825,9 @@  static __always_inline unsigned int skb_ext_total_length(void)
 static void skb_extensions_init(void)
 {
 	BUILD_BUG_ON(SKB_EXT_NUM >= 8);
+#if !IS_ENABLED(CONFIG_KCOV_INSTRUMENT_ALL)
 	BUILD_BUG_ON(skb_ext_total_length() > 255);
+#endif
 
 	skbuff_ext_cache = kmem_cache_create("skbuff_ext_cache",
 					     SKB_EXT_ALIGN_VALUE * skb_ext_total_length(),