| Message ID | ZK7wKS0NgZPfqrZu@work (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | ca97f7e541d78e43599388bc70d99609156150a3 |
| Headers | show |
| Series | [next] udf: Fix -Wstringop-overflow warnings | expand |
On Wed, Jul 12, 2023 at 12:25:45PM -0600, Gustavo A. R. Silva wrote: > Use unsigned type in call to macro mint_t(). This avoids confusing the > compiler about possible negative values that would cause the value in > _len_ to wrap around. > > Fixes the following -Wstringop-warnings seen when building ARM > architecture with allyesconfig (GCC 13): > fs/udf/directory.c: In function 'udf_copy_fi': > include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] > 57 | #define __underlying_memcpy __builtin_memcpy > | ^ > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > 648 | __underlying_##op(p, q, __fortify_size); \ > | ^~~~~~~~~~~~~ > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > | ^~~~~~~~~~~~~~~~~~~~ > fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy' > 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len); > | ^~~~~~ > include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] > 57 | #define __underlying_memcpy __builtin_memcpy > | ^ > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > 648 | __underlying_##op(p, q, __fortify_size); \ > | ^~~~~~~~~~~~~ > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > | ^~~~~~~~~~~~~~~~~~~~ > fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy' > 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len); > | ^~~~~~ > AR fs/udf/built-in.a > > This helps with the ongoing efforts to globally enable > -Wstringop-overflow. > > Link: https://github.com/KSPP/linux/issues/329 > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > --- > fs/udf/directory.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/udf/directory.c b/fs/udf/directory.c > index 1c775e072b2f..93153665eb37 100644 > --- a/fs/udf/directory.c > +++ b/fs/udf/directory.c > @@ -95,7 +95,7 @@ static int udf_copy_fi(struct udf_fileident_iter *iter) > } > > off = iter->pos & (blksize - 1); > - len = min_t(int, sizeof(struct fileIdentDesc), blksize - off); > + len = min_t(u32, sizeof(struct fileIdentDesc), blksize - off); > memcpy(&iter->fi, iter->bh[0]->b_data + off, len); > if (len < sizeof(struct fileIdentDesc)) > memcpy((char *)(&iter->fi) + len, iter->bh[1]->b_data, len is u32, "off" can't be less than blksize, so this all looks correct to me. Thanks! Reviewed-by: Kees Cook <keescook@chromium.org>
On Wed 12-07-23 12:05:34, Kees Cook wrote: > On Wed, Jul 12, 2023 at 12:25:45PM -0600, Gustavo A. R. Silva wrote: > > Use unsigned type in call to macro mint_t(). This avoids confusing the > > compiler about possible negative values that would cause the value in > > _len_ to wrap around. > > > > Fixes the following -Wstringop-warnings seen when building ARM > > architecture with allyesconfig (GCC 13): > > fs/udf/directory.c: In function 'udf_copy_fi': > > include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] > > 57 | #define __underlying_memcpy __builtin_memcpy > > | ^ > > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > > 648 | __underlying_##op(p, q, __fortify_size); \ > > | ^~~~~~~~~~~~~ > > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > > | ^~~~~~~~~~~~~~~~~~~~ > > fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy' > > 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len); > > | ^~~~~~ > > include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] > > 57 | #define __underlying_memcpy __builtin_memcpy > > | ^ > > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > > 648 | __underlying_##op(p, q, __fortify_size); \ > > | ^~~~~~~~~~~~~ > > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > > | ^~~~~~~~~~~~~~~~~~~~ > > fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy' > > 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len); > > | ^~~~~~ > > AR fs/udf/built-in.a > > > > This helps with the ongoing efforts to globally enable > > -Wstringop-overflow. > > > > Link: https://github.com/KSPP/linux/issues/329 > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > > --- > > fs/udf/directory.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/fs/udf/directory.c b/fs/udf/directory.c > > index 1c775e072b2f..93153665eb37 100644 > > --- a/fs/udf/directory.c > > +++ b/fs/udf/directory.c > > @@ -95,7 +95,7 @@ static int udf_copy_fi(struct udf_fileident_iter *iter) > > } > > > > off = iter->pos & (blksize - 1); > > - len = min_t(int, sizeof(struct fileIdentDesc), blksize - off); > > + len = min_t(u32, sizeof(struct fileIdentDesc), blksize - off); > > memcpy(&iter->fi, iter->bh[0]->b_data + off, len); > > if (len < sizeof(struct fileIdentDesc)) > > memcpy((char *)(&iter->fi) + len, iter->bh[1]->b_data, > > len is u32, "off" can't be less than blksize, so this all looks correct > to me. Thanks! > > Reviewed-by: Kees Cook <keescook@chromium.org> Thanks! I've merged the patch to my tree. Honza
diff --git a/fs/udf/directory.c b/fs/udf/directory.c index 1c775e072b2f..93153665eb37 100644 --- a/fs/udf/directory.c +++ b/fs/udf/directory.c @@ -95,7 +95,7 @@ static int udf_copy_fi(struct udf_fileident_iter *iter) } off = iter->pos & (blksize - 1); - len = min_t(int, sizeof(struct fileIdentDesc), blksize - off); + len = min_t(u32, sizeof(struct fileIdentDesc), blksize - off); memcpy(&iter->fi, iter->bh[0]->b_data + off, len); if (len < sizeof(struct fileIdentDesc)) memcpy((char *)(&iter->fi) + len, iter->bh[1]->b_data,
Use unsigned type in call to macro mint_t(). This avoids confusing the compiler about possible negative values that would cause the value in _len_ to wrap around. Fixes the following -Wstringop-warnings seen when building ARM architecture with allyesconfig (GCC 13): fs/udf/directory.c: In function 'udf_copy_fi': include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] 57 | #define __underlying_memcpy __builtin_memcpy | ^ include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' 648 | __underlying_##op(p, q, __fortify_size); \ | ^~~~~~~~~~~~~ include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ | ^~~~~~~~~~~~~~~~~~~~ fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy' 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len); | ^~~~~~ include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] 57 | #define __underlying_memcpy __builtin_memcpy | ^ include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' 648 | __underlying_##op(p, q, __fortify_size); \ | ^~~~~~~~~~~~~ include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ | ^~~~~~~~~~~~~~~~~~~~ fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy' 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len); | ^~~~~~ AR fs/udf/built-in.a This helps with the ongoing efforts to globally enable -Wstringop-overflow. Link: https://github.com/KSPP/linux/issues/329 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- fs/udf/directory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)