lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <0ae7475f-f53a-45e3-a484-667820042724@app.fastmail.com>
Date: Wed, 11 Sep 2024 14:44:25 +0000
From: "Arnd Bergmann" <arnd@...db.de>
To: "Sudeep Holla" <sudeep.holla@....com>, "Arnd Bergmann" <arnd@...nel.org>
Cc: "Cristian Marussi" <cristian.marussi@....com>,
 "Jens Wiklander" <jens.wiklander@...aro.org>,
 linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] firmware: arm_ffa: avoid string-fortify warningn in export_uuid()

On Wed, Sep 11, 2024, at 14:14, Sudeep Holla wrote:
> On Mon, Sep 09, 2024 at 11:09:24AM +0000, Arnd Bergmann wrote:
>> From: Arnd Bergmann <arnd@...db.de>
>> 
>> Copying to a 16 byte structure into an 8-byte struct member
>> causes a compile-time warning:
>> 
>> In file included from drivers/firmware/arm_ffa/driver.c:25:
>> In function 'fortify_memcpy_chk',
>>     inlined from 'export_uuid' at include/linux/uuid.h:88:2,
>>     inlined from 'ffa_msg_send_direct_req2' at drivers/firmware/arm_ffa/driver.c:488:2:
>> include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
>>   571 |                         __write_overflow_field(p_size_field, size);
>>       |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> 
>> Use a union for the conversion instead and make sure the byte order
>> is fixed in the process.
>> 
>
> Thanks for spotting and fixing the issue. I tested enabling
> CONFIG_FORTIFY_SOURCE but couldn't hit this with gcc 13 and clang 20

Unfortunately I also don't have a reproducer at the moment,
but I know it was from a randconfig build with gcc-14.2. I tried
another few hundred randconfigs now with my patch reverted but it
didn't come back. I assume it only shows up in rare combinations
of some options,

Do you have any additional information on the endianess question?
Is this arm_ffa firmware code supposed to work with big-endian
kernels?

> Also do you want this sent as fix on top of my FF-A PR now or after -rc1 ?

Earlier would be better I think. I usually have one set of
bugfixes before rc1 even if it doesn't make it into the
first set of branches.

      Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ