lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <ckgcjbkp3lljmnbxvpn7rssy3clc44w5puircmcczh45xu3mkl@q3e5mowwtd4q>
Date: Mon, 16 Jun 2025 14:41:31 +0100
From: Pedro Falcato <pfalcato@...e.de>
To: kees@...nel.org
Cc: linux-hardening@...r.kernel.org, linux-wireless@...r.kernel.org, 
	Johannes Berg <johannes@...solutions.net>
Subject: New fortify warning for GCC 15 in mac80211 (possible compiler bug?)

Hi,

We recently found a new fortify compiler warning in net/mac80211/cfg.c on various
branches (mainline 6.16-rc2, also linux-next)[1]:

  CC [M]  net/mac80211/cfg.o
In file included from ./include/linux/string.h:392,
                 from ./include/linux/bitmap.h:13,
                 from ./include/linux/cpumask.h:12,
                 from ./arch/x86/include/asm/paravirt.h:21,
                 from ./arch/x86/include/asm/cpuid/api.h:57,
                 from ./arch/x86/include/asm/processor.h:19,
                 from ./arch/x86/include/asm/timex.h:5,
                 from ./include/linux/timex.h:67,
                 from ./include/linux/time32.h:13,
                 from ./include/linux/time.h:60,
                 from ./include/linux/skbuff.h:15,
                 from ./include/linux/if_ether.h:19,
                 from ./include/linux/ieee80211.h:19,
                 from net/mac80211/cfg.c:11:
In function ‘fortify_memcpy_chk’,
    inlined from ‘copy_mesh_setup’ at net/mac80211/cfg.c:2561:2,
    inlined from ‘ieee80211_join_mesh’ at net/mac80211/cfg.c:2714:8:
./include/linux/fortify-string.h:571:25: warning: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning]
  571 |                         __write_overflow_field(p_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code in question (I added the BUILD_BUG_ON, for a quick "yeah this is correct" sanity check):
	BUILD_BUG_ON(sizeof(sdata->vif.bss_conf.mcast_rate) != sizeof(setup->mcast_rate));
        memcpy(sdata->vif.bss_conf.mcast_rate, setup->mcast_rate,
                                                sizeof(setup->mcast_rate));

The code itself *seems *to be correct. I can repro this with gcc-15 but *not*
with gcc-14.

Thoughts? Am I missing anything obvious?

Attaching .config in case anyone wants to try to repro.

[1] I'm not sure if this is new or if a gcc upgrade happened in the process,
    but I don't think we saw this for 6.16-rc1.
-- 
Pedro

View attachment "config" of type "text/plain" (292784 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ