tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: e9eac2f8ec0d6e36fe87c658851c3c77f990b098 commit: 7ad207616673722d5cf52c18d9464e0d3184ffc9 [22145/22156] arp: Prevent overflow in arp_req_get(). config: x86_64-randconfig-121-20240420 (https://download.01.org/0day-ci/archive/20240420/202404200856.zpZdiUY9-lkp@i...) compiler: gcc-13 (Ubuntu 13.2.0-4ubuntu3) 13.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240420/202404200856.zpZdiUY9-lkp@i...)

If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot lkp@intel.com | Closes: https://lore.kernel.org/oe-kbuild-all/202404200856.zpZdiUY9-lkp@intel.com/

sparse warnings: (new ones prefixed by >>)

...

net/ipv4/arp.c:1105:25: sparse: sparse: incompatible types in comparison expression (different type sizes):

net/ipv4/arp.c:1105:25: sparse: unsigned char * net/ipv4/arp.c:1105:25: sparse: unsigned long * In file included from include/linux/list.h:9, from include/linux/module.h:10, from net/ipv4/arp.c:78: net/ipv4/arp.c: In function 'arp_req_get': include/linux/kernel.h:851:43: warning: comparison of distinct pointer types lacks a cast 851 | (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) | ^~ include/linux/kernel.h:865:18: note: in expansion of macro '__typecheck' 865 | (__typecheck(x, y) && __no_side_effects(x, y)) | ^~~~~~~~~~~ include/linux/kernel.h:875:31: note: in expansion of macro '__safe_cmp' 875 | __builtin_choose_expr(__safe_cmp(x, y), 16- | ^~~~~~~~~~ include/linux/kernel.h:884:25: note: in expansion of macro '__careful_cmp' 884 | #define min(x, y) __careful_cmp(x, y, <) | ^~~~~~~~~~~~~ net/ipv4/arp.c:1106:33: note: in expansion of macro 'min' 1106 | min(dev->addr_len, sizeof(r->arp_ha.sa_data))); | ^~~

vim +1105 net/ipv4/arp.c

1090 1091 /* 1092 * Get an ARP cache entry. 1093 */ 1094 1095 static int arp_req_get(struct arpreq *r, struct net_device *dev) 1096 { 1097 __be32 ip = ((struct sockaddr_in *) &r->arp_pa)->sin_addr.s_addr; 1098 struct neighbour *neigh; 1099 int err = -ENXIO; 1100 1101 neigh = neigh_lookup(&arp_tbl, &ip, dev); 1102 if (neigh) { 1103 if (!(neigh->nud_state & NUD_NOARP)) { 1104 read_lock_bh(&neigh->lock);

1105 memcpy(r->arp_ha.sa_data, neigh->ha,

1106 min(dev->addr_len, sizeof(r->arp_ha.sa_data))); 1107 r->arp_flags = arp_state_to_flags(neigh); 1108 read_unlock_bh(&neigh->lock); 1109 r->arp_ha.sa_family = dev->type; 1110 strlcpy(r->arp_dev, dev->name, sizeof(r->arp_dev)); 1111 err = 0; 1112 } 1113 neigh_release(neigh); 1114 } 1115 return err; 1116 } 1117