[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20240320180522.173616-1-arnd@kernel.org>
Date: Wed, 20 Mar 2024 19:05:16 +0100
From: Arnd Bergmann <arnd@...nel.org>
To: Mike Marshall <hubcap@...ibond.com>
Cc: Arnd Bergmann <arnd@...db.de>,
Martin Brandenburg <martin@...ibond.com>,
Vlastimil Babka <vbabka@...e.cz>,
devel@...ts.orangefs.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] [RESEND] orangefs: fix out-of-bounds fsid access
From: Arnd Bergmann <arnd@...db.de>
orangefs_statfs() copies two consecutive fields of the superblock into
the statfs structure, which triggers a warning from the string fortification
helpers:
In file included from fs/orangefs/super.c:8:
include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
__read_overflow2_field(q_size_field, size);
Change the memcpy() to an individual assignment of the two fields, which helps
both the compiler and human readers understand better what it does.
Link: https://lore.kernel.org/all/20230622101701.3399585-1-arnd@kernel.org/
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
I sent this last year but never got a reply
---
fs/orangefs/super.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/orangefs/super.c b/fs/orangefs/super.c
index fd20ed1de4e9..c714380ab38b 100644
--- a/fs/orangefs/super.c
+++ b/fs/orangefs/super.c
@@ -201,7 +201,10 @@ static int orangefs_statfs(struct dentry *dentry, struct kstatfs *buf)
(long)new_op->downcall.resp.statfs.files_avail);
buf->f_type = sb->s_magic;
- memcpy(&buf->f_fsid, &ORANGEFS_SB(sb)->fs_id, sizeof(buf->f_fsid));
+ buf->f_fsid = (__kernel_fsid_t) {{
+ ORANGEFS_SB(sb)->fs_id,
+ ORANGEFS_SB(sb)->id,
+ }};
buf->f_bsize = new_op->downcall.resp.statfs.block_size;
buf->f_namelen = ORANGEFS_NAME_MAX;
--
2.39.2
Powered by blists - more mailing lists