| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Dec 2023 10:33:04 +0100
From: Lukasz Stelmach <l.stelmach@...sung.com>
To: Dmitry Antipov <dmantipov@...dex.ru>
Cc: Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org
Subject: Re: [PATCH] [v2] net: asix: fix fortify warning
It was <2023-12-11 pon 12:05>, when Dmitry Antipov wrote:
> When compiling with gcc version 14.0.0 20231129 (experimental) and
> CONFIG_FORTIFY_SOURCE=y, I've noticed the following warning:
>
> ...
> In function 'fortify_memcpy_chk',
> inlined from 'ax88796c_tx_fixup' at drivers/net/ethernet/asix/ax88796c_main.c:287:2:
> ./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'
> declared with attribute warning: detected read beyond size of field (2nd parameter);
> maybe use struct_group()? [-Wattribute-warning]
> 588 | __read_overflow2_field(q_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ...
>
> This call to 'memcpy()' is interpreted as an attempt to copy TX_OVERHEAD
> (which is 8) bytes from 4-byte 'sop' field of 'struct tx_pkt_info' and
> thus overread warning is issued. Since we actually want to copy both
> 'sop' and 'seg' fields at once, use the convenient 'struct_group()' here.
>
> Signed-off-by: Dmitry Antipov <dmantipov@...dex.ru>
> ---
> v2: prefer 'sizeof_field(struct tx_pkt_info, tx_overhead)' over the
> hardcoded constant (Jakub Kicinski)
> ---
> drivers/net/ethernet/asix/ax88796c_main.c | 2 +-
> drivers/net/ethernet/asix/ax88796c_main.h | 8 +++++---
> 2 files changed, 6 insertions(+), 4 deletions(-)
>
Acked-by: Łukasz Stelmach <l.stelmach@...sung.com>
> diff --git a/drivers/net/ethernet/asix/ax88796c_main.c b/drivers/net/ethernet/asix/ax88796c_main.c
> index e551ffaed20d..11e8996b33d7 100644
> --- a/drivers/net/ethernet/asix/ax88796c_main.c
> +++ b/drivers/net/ethernet/asix/ax88796c_main.c
> @@ -284,7 +284,7 @@ ax88796c_tx_fixup(struct net_device *ndev, struct sk_buff_head *q)
> ax88796c_proc_tx_hdr(&info, skb->ip_summed);
>
> /* SOP and SEG header */
> - memcpy(skb_push(skb, TX_OVERHEAD), &info.sop, TX_OVERHEAD);
> + memcpy(skb_push(skb, TX_OVERHEAD), &info.tx_overhead, TX_OVERHEAD);
>
> /* Write SPI TXQ header */
> memcpy(skb_push(skb, spi_len), ax88796c_tx_cmd_buf, spi_len);
> diff --git a/drivers/net/ethernet/asix/ax88796c_main.h b/drivers/net/ethernet/asix/ax88796c_main.h
> index 4a83c991dcbe..68a09edecab8 100644
> --- a/drivers/net/ethernet/asix/ax88796c_main.h
> +++ b/drivers/net/ethernet/asix/ax88796c_main.h
> @@ -25,7 +25,7 @@
> #define AX88796C_PHY_REGDUMP_LEN 14
> #define AX88796C_PHY_ID 0x10
>
> -#define TX_OVERHEAD 8
> +#define TX_OVERHEAD sizeof_field(struct tx_pkt_info, tx_overhead)
> #define TX_EOP_SIZE 4
>
> #define AX_MCAST_FILTER_SIZE 8
> @@ -549,8 +549,10 @@ struct tx_eop_header {
> };
>
> struct tx_pkt_info {
> - struct tx_sop_header sop;
> - struct tx_segment_header seg;
> + struct_group(tx_overhead,
> + struct tx_sop_header sop;
> + struct tx_segment_header seg;
> + );
> struct tx_eop_header eop;
> u16 pkt_len;
> u16 seq_num;
--
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
Download attachment "signature.asc" of type "application/pgp-signature" (488 bytes)
Powered by blists - more mailing lists