| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Jan 2022 19:35:56 -0800
From: Kees Cook <keescook@...omium.org>
To: Stephen Rothwell <sfr@...b.auug.org.au>
Cc: David Sterba <dsterba@...e.cz>, David Sterba <dsterba@...e.com>,
Omar Sandoval <osandov@...com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Next Mailing List <linux-next@...r.kernel.org>
Subject: Re: linux-next: build failure after merge of the kspp tree
On Tue, Jan 25, 2022 at 11:57:57AM +1100, Stephen Rothwell wrote:
> Hi all,
>
> After merging the kspp tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
>
> In file included from include/linux/string.h:253,
> from include/linux/bitmap.h:11,
> from include/linux/cpumask.h:12,
> from arch/x86/include/asm/cpumask.h:5,
> from arch/x86/include/asm/msr.h:11,
> from arch/x86/include/asm/processor.h:22,
> from arch/x86/include/asm/cpufeature.h:5,
> from arch/x86/include/asm/thread_info.h:53,
> from include/linux/thread_info.h:60,
> from arch/x86/include/asm/preempt.h:7,
> from include/linux/preempt.h:78,
> from include/linux/spinlock.h:55,
> from include/linux/wait.h:9,
> from include/linux/mempool.h:8,
> from include/linux/bio.h:8,
> from fs/btrfs/ioctl.c:7:
> In function 'fortify_memcpy_chk',
> inlined from 'btrfs_ioctl_encoded_write' at fs/btrfs/ioctl.c:5082:3:
> include/linux/fortify-string.h:316:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
> 316 | __write_overflow_field(p_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> include/linux/fortify-string.h:324:25: error: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
> 324 | __read_overflow2_field(q_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
>
> Caused by commit
>
> 602670289b69 ("fortify: Detect struct member overflows in memcpy() at compile-time")
>
> interacting with commit
>
> 504e1ebb6316 ("btrfs: add BTRFS_IOC_ENCODED_WRITE")
>
> from the btrfs tree.
Thanks!
I found the btrfs patch here:
https://lore.kernel.org/all/ec08e6f559ab47b3300ca5a67e8fc984fd3f040f.1637179348.git.osandov@fb.com/
>
> I applied the following hack:
>
> From: Stephen Rothwell <sfr@...b.auug.org.au>
> Date: Tue, 25 Jan 2022 11:47:17 +1100
> Subject: [PATCH] fix up for "btrfs: add BTRFS_IOC_ENCODED_WRITE"
>
> Signed-off-by: Stephen Rothwell <sfr@...b.auug.org.au>
> ---
> fs/btrfs/ioctl.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
> index 73ad918a05a9..d34620034f8e 100644
> --- a/fs/btrfs/ioctl.c
> +++ b/fs/btrfs/ioctl.c
> @@ -5079,9 +5079,14 @@ static int btrfs_ioctl_encoded_write(struct file *file, void __user *argp,
> }
> args.iov = compat_ptr(args32.iov);
> args.iovcnt = args32.iovcnt;
> - memcpy(&args.offset, &args32.offset,
> - sizeof(args) -
> - offsetof(struct btrfs_ioctl_encoded_io_args, offset));
> + args.offset = args32.offset;
> + args.flags = args32.flags;
> + args.len = args32.len;
> + args.unencoded_len = args32.unencoded_len;
> + args.unencoded_offset = args32.unencoded_offset;
> + args.compression = args32.compression;
> + args.encryption = args32.encryption;
> + memcpy(args.reserved, args32.reserved, sizeof(args.reserved));
> #else
> return -ENOTTY;
> #endif
I'll see if I can construct something shorter using struct_group().
-Kees
--
Kees Cook
Powered by blists - more mailing lists