lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu,  4 Apr 2024 10:10:00 +0000 (UTC)
From: Kalle Valo <kvalo@...nel.org>
To: Arnd Bergmann <arnd@...nel.org>
Cc: Kees Cook <keescook@...omium.org>,
 Christian Lamparter <chunkeey@...glemail.com>,
 Johannes Berg <johannes.berg@...el.com>, linux-hardening@...r.kernel.org,
 Toke Høiland-Jørgensen <toke@...e.dk>, linux-wireless@...r.kernel.org,
 Arnd Bergmann <arnd@...db.de>, Colin Ian King <colin.i.king@...il.com>,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] [RESEND] wifi: carl9170: re-fix fortified-memset
 warning

Arnd Bergmann <arnd@...nel.org> wrote:

> The carl9170_tx_release() function sometimes triggers a fortified-memset
> warning in my randconfig builds:
> 
> In file included from include/linux/string.h:254,
>                  from drivers/net/wireless/ath/carl9170/tx.c:40:
> In function 'fortify_memset_chk',
>     inlined from 'carl9170_tx_release' at drivers/net/wireless/ath/carl9170/tx.c:283:2,
>     inlined from 'kref_put' at include/linux/kref.h:65:3,
>     inlined from 'carl9170_tx_put_skb' at drivers/net/wireless/ath/carl9170/tx.c:342:9:
> include/linux/fortify-string.h:493:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
>   493 |                         __write_overflow_field(p_size_field, size);
> 
> Kees previously tried to avoid this by using memset_after(), but it seems
> this does not fully address the problem. I noticed that the memset_after()
> here is done on a different part of the union (status) than the original
> cast was from (rate_driver_data), which may confuse the compiler.
> 
> Unfortunately, the memset_after() trick does not work on driver_rates[]
> because that is part of an anonymous struct, and I could not get
> struct_group() to do this either. Using two separate memset() calls
> on the two members does address the warning though.
> 
> Fixes: fb5f6a0e8063b ("mac80211: Use memset_after() to clear tx status")
> Link: https://lore.kernel.org/lkml/20230623152443.2296825-1-arnd@kernel.org/
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> Reviewed-by: Kees Cook <keescook@...omium.org>
> Acked-by: Christian Lamparter <chunkeey@...il.com>
> Signed-off-by: Kalle Valo <quic_kvalo@...cinc.com>

2 patches applied to ath-next branch of ath.git, thanks.

066afafc10c9 wifi: carl9170: re-fix fortified-memset warning
61752ac69b69 wifi: ath9k: work around memset overflow warning

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/20240328135509.3755090-2-arnd@kernel.org/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ