From: kernel test robot <lkp@intel.com>
To: Kees Cook <keescook@chromium.org>
Cc: kbuild-all@lists.01.org, linux-kernel@vger.kernel.org
Subject: include/linux/fortify-string.h:267:25: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()?
Date: Thu, 14 Apr 2022 23:54:03 +0800 [thread overview]
Message-ID: <202204142318.vDqjjSFn-lkp@intel.com> (raw)
Hi Kees,
FYI, the error/warning still remains.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: a19944809fe9942e6a96292490717904d0690c21
commit: f68f2ff91512c199ec24883001245912afc17873 fortify: Detect struct member overflows in memcpy() at compile-time
date: 9 weeks ago
config: arm-randconfig-r012-20220414 (https://download.01.org/0day-ci/archive/20220414/202204142318.vDqjjSFn-lkp@intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f68f2ff91512c199ec24883001245912afc17873
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout f68f2ff91512c199ec24883001245912afc17873
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=arm SHELL=/bin/bash drivers/usb/serial/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
In file included from include/linux/string.h:253,
from include/linux/bitmap.h:11,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/spinlock.h:62,
from include/linux/mmzone.h:8,
from include/linux/gfp.h:6,
from include/linux/slab.h:15,
from drivers/usb/serial/whiteheat.c:17:
In function 'fortify_memcpy_chk',
inlined from 'firm_send_command' at drivers/usb/serial/whiteheat.c:587:4:
>> include/linux/fortify-string.h:267:25: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning]
267 | __write_overflow_field(p_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vim +/__write_overflow_field +267 include/linux/fortify-string.h
213
214 /*
215 * To make sure the compiler can enforce protection against buffer overflows,
216 * memcpy(), memmove(), and memset() must not be used beyond individual
217 * struct members. If you need to copy across multiple members, please use
218 * struct_group() to create a named mirror of an anonymous struct union.
219 * (e.g. see struct sk_buff.) Read overflow checking is currently only
220 * done when a write overflow is also present, or when building with W=1.
221 *
222 * Mitigation coverage matrix
223 * Bounds checking at:
224 * +-------+-------+-------+-------+
225 * | Compile time | Run time |
226 * memcpy() argument sizes: | write | read | write | read |
227 * dest source length +-------+-------+-------+-------+
228 * memcpy(known, known, constant) | y | y | n/a | n/a |
229 * memcpy(known, unknown, constant) | y | n | n/a | V |
230 * memcpy(known, known, dynamic) | n | n | B | B |
231 * memcpy(known, unknown, dynamic) | n | n | B | V |
232 * memcpy(unknown, known, constant) | n | y | V | n/a |
233 * memcpy(unknown, unknown, constant) | n | n | V | V |
234 * memcpy(unknown, known, dynamic) | n | n | V | B |
235 * memcpy(unknown, unknown, dynamic) | n | n | V | V |
236 * +-------+-------+-------+-------+
237 *
238 * y = perform deterministic compile-time bounds checking
239 * n = cannot perform deterministic compile-time bounds checking
240 * n/a = no run-time bounds checking needed since compile-time deterministic
241 * B = can perform run-time bounds checking (currently unimplemented)
242 * V = vulnerable to run-time overflow (will need refactoring to solve)
243 *
244 */
245 __FORTIFY_INLINE void fortify_memcpy_chk(__kernel_size_t size,
246 const size_t p_size,
247 const size_t q_size,
248 const size_t p_size_field,
249 const size_t q_size_field,
250 const char *func)
251 {
252 if (__builtin_constant_p(size)) {
253 /*
254 * Length argument is a constant expression, so we
255 * can perform compile-time bounds checking where
256 * buffer sizes are known.
257 */
258
259 /* Error when size is larger than enclosing struct. */
260 if (p_size > p_size_field && p_size < size)
261 __write_overflow();
262 if (q_size > q_size_field && q_size < size)
263 __read_overflow2();
264
265 /* Warn when write size argument larger than dest field. */
266 if (p_size_field < size)
> 267 __write_overflow_field(p_size_field, size);
268 /*
269 * Warn for source field over-read when building with W=1
270 * or when an over-write happened, so both can be fixed at
271 * the same time.
272 */
273 if ((IS_ENABLED(KBUILD_EXTRA_WARN1) || p_size_field < size) &&
274 q_size_field < size)
275 __read_overflow2_field(q_size_field, size);
276 }
277 /*
278 * At this point, length argument may not be a constant expression,
279 * so run-time bounds checking can be done where buffer sizes are
280 * known. (This is not an "else" because the above checks may only
281 * be compile-time warnings, and we want to still warn for run-time
282 * overflows.)
283 */
284
285 /*
286 * Always stop accesses beyond the struct that contains the
287 * field, when the buffer's remaining size is known.
288 * (The -1 test is to optimize away checks where the buffer
289 * lengths are unknown.)
290 */
291 if ((p_size != (size_t)(-1) && p_size < size) ||
292 (q_size != (size_t)(-1) && q_size < size))
293 fortify_panic(func);
294 }
295
--
0-DAY CI Kernel Test Service
https://01.org/lkp
next reply other threads:[~2022-04-14 16:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 15:54 kernel test robot [this message]
2022-04-19 4:19 ` include/linux/fortify-string.h:267:25: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? Kees Cook
2022-04-19 4:19 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202204142318.vDqjjSFn-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild-all@lists.01.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.