Hi Kees, I love your patch! Perhaps something to improve: [auto build test WARNING on staging/staging-testing] [also build test WARNING on linus/master v5.14-rc3] [cannot apply to wireless-drivers-next/master wireless-drivers/master next-20210727] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Kees-Cook/Introduce-strict-memcpy-bounds-checking/20210728-053749 base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git 39f9137268ee3df0047706df4e9b7357a40ffc98 config: arm-randconfig-r031-20210727 (attached as .config) compiler: arm-linux-gnueabi-gcc (GCC) 10.3.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/0day-ci/linux/commit/6617421fca0f2272593a2659a5cba25bf8249857 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Kees-Cook/Introduce-strict-memcpy-bounds-checking/20210728-053749 git checkout 6617421fca0f2272593a2659a5cba25bf8249857 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-10.3.0 make.cross ARCH=arm If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot All warnings (new ones prefixed by >>): In file included from include/linux/string.h:253, from arch/arm/include/asm/io.h:23, from include/linux/io.h:13, from sound/isa/wavefront/wavefront_synth.c:20: In function 'fortify_memcpy_chk', inlined from 'raw_copy_from_user' at arch/arm/include/asm/uaccess.h:567:2, inlined from 'wavefront_load_patch' at include/linux/uaccess.h:159:9: >> include/linux/fortify-string.h:242:4: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning] 242 | __write_overflow_field(); | ^~~~~~~~~~~~~~~~~~~~~~~~ vim +/__write_overflow_field +242 include/linux/fortify-string.h 188 189 /* 190 * To make sure the compiler can enforce protection against buffer overflows, 191 * memcpy(), memmove(), and memset() must not be used beyond individual 192 * struct members. If you need to copy across multiple members, please use 193 * struct_group() to create a named mirror of an anonymous struct union. 194 * (e.g. see struct sk_buff.) 195 * 196 * Mitigation coverage 197 * Bounds checking at: 198 * +-------+-------+-------+-------+ 199 * | Compile time | Run time | 200 * memcpy() argument sizes: | write | read | write | read | 201 * +-------+-------+-------+-------+ 202 * memcpy(known, known, constant) | y | y | n/a | n/a | 203 * memcpy(unknown, known, constant) | n | y | V | n/a | 204 * memcpy(known, unknown, constant) | y | n | n/a | V | 205 * memcpy(unknown, unknown, constant) | n | n | V | V | 206 * memcpy(known, known, dynamic) | n | n | b | B | 207 * memcpy(unknown, known, dynamic) | n | n | V | B | 208 * memcpy(known, unknown, dynamic) | n | n | b | V | 209 * memcpy(unknown, unknown, dynamic) | n | n | V | V | 210 * +-------+-------+-------+-------+ 211 * 212 * y = deterministic compile-time bounds checking 213 * n = cannot do deterministic compile-time bounds checking 214 * n/a = no run-time bounds checking needed since compile-time deterministic 215 * b = perform run-time bounds checking 216 * B = can perform run-time bounds checking, but current unenforced 217 * V = vulnerable to run-time overflow 218 * 219 */ 220 __FORTIFY_INLINE void fortify_memcpy_chk(__kernel_size_t size, 221 const size_t p_size, 222 const size_t q_size, 223 const size_t p_size_field, 224 const size_t q_size_field, 225 const char *func) 226 { 227 if (__builtin_constant_p(size)) { 228 /* 229 * Length argument is a constant expression, so we 230 * can perform compile-time bounds checking where 231 * buffer sizes are known. 232 */ 233 234 /* Error when size is larger than enclosing struct. */ 235 if (p_size > p_size_field && p_size < size) 236 __write_overflow(); 237 if (q_size > q_size_field && q_size < size) 238 __read_overflow2(); 239 240 /* Warn when write size argument larger than dest field. */ 241 if (p_size_field < size) > 242 __write_overflow_field(); 243 /* 244 * Warn for source field over-read when building with W=1 245 * or when an over-write happened, so both can be fixed at 246 * the same time. 247 */ 248 if ((IS_ENABLED(KBUILD_EXTRA_WARN1) || p_size_field < size) && 249 q_size_field < size) 250 __read_overflow2_field(); 251 } 252 /* 253 * At this point, length argument may not be a constant expression, 254 * so run-time bounds checking can be done where buffer sizes are 255 * known. (This is not an "else" because the above checks may only 256 * be compile-time warnings, and we want to still warn for run-time 257 * overflows.) 258 */ 259 260 /* 261 * Always stop accesses beyond the struct that contains the 262 * field, when the buffer's remaining size is known. 263 * (The -1 test is to optimize away checks where the buffer 264 * lengths are unknown.) 265 */ 266 if ((p_size != (size_t)(-1) && p_size < size) || 267 (q_size != (size_t)(-1) && q_size < size)) 268 fortify_panic(func); 269 } 270 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org