| Message ID | ZVJ6lRCRaywGktxJ@work (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | ca76817f4c4bbf8f98268772f4eeea8382a34bcd |
| Headers | show |
| Series | [next] wifi: rtw89: coex: Fix -Wstringop-overflow warnings in _append_tdma() | expand |
> -----Original Message----- > From: Gustavo A. R. Silva <gustavoars@kernel.org> > Sent: Tuesday, November 14, 2023 3:36 AM > To: Ping-Ke Shih <pkshih@realtek.com>; Kalle Valo <kvalo@kernel.org> > Cc: linux-wireless@vger.kernel.org; linux-kernel@vger.kernel.org; Gustavo A. R. Silva > <gustavoars@kernel.org>; linux-hardening@vger.kernel.org > Subject: [PATCH][next] wifi: rtw89: coex: Fix -Wstringop-overflow warnings in _append_tdma() > > Copy a couple of structures directly, instead of using `memcpy()`. > wireless-next has taken my patch [1] that is identical to yours. [1] https://lore.kernel.org/all/20231102003716.25815-1-pkshih@realtek.com/
On 11/13/23 18:37, Ping-Ke Shih wrote: > > >> -----Original Message----- >> From: Gustavo A. R. Silva <gustavoars@kernel.org> >> Sent: Tuesday, November 14, 2023 3:36 AM >> To: Ping-Ke Shih <pkshih@realtek.com>; Kalle Valo <kvalo@kernel.org> >> Cc: linux-wireless@vger.kernel.org; linux-kernel@vger.kernel.org; Gustavo A. R. Silva >> <gustavoars@kernel.org>; linux-hardening@vger.kernel.org >> Subject: [PATCH][next] wifi: rtw89: coex: Fix -Wstringop-overflow warnings in _append_tdma() >> >> Copy a couple of structures directly, instead of using `memcpy()`. >> > > wireless-next has taken my patch [1] that is identical to yours. Great! I had mine ready on Oct 31, but I was waiting for the merge window to close before sending it. Glad to see that the issue is fixed already. :) Thanks -- Gustavo > > [1] https://lore.kernel.org/all/20231102003716.25815-1-pkshih@realtek.com/ > >
"Gustavo A. R. Silva" <gustavo@embeddedor.com> writes: >> wireless-next has taken my patch [1] that is identical to yours. > > Great! > > I had mine ready on Oct 31, but I was waiting for the merge window to close > before sending it. BTW we keep wireless-next open also during merge windows. So no need to hold up wireless patches because of the merge window. I know it's confusing that we do differently than how net-next works but this is easier for us, less patch build up.
diff --git a/drivers/net/wireless/realtek/rtw89/coex.c b/drivers/net/wireless/realtek/rtw89/coex.c index bdcc172639e4..b842cd9a86f8 100644 --- a/drivers/net/wireless/realtek/rtw89/coex.c +++ b/drivers/net/wireless/realtek/rtw89/coex.c @@ -1576,13 +1576,13 @@ static void _append_tdma(struct rtw89_dev *rtwdev) if (ver->fcxtdma == 1) { v = (struct rtw89_btc_fbtc_tdma *)&tlv->val[0]; tlv->len = sizeof(*v); - memcpy(v, &dm->tdma, sizeof(*v)); + *v = dm->tdma; btc->policy_len += BTC_TLV_HDR_LEN + sizeof(*v); } else { tlv->len = sizeof(*v3); v3 = (struct rtw89_btc_fbtc_tdma_v3 *)&tlv->val[0]; v3->fver = ver->fcxtdma; - memcpy(&v3->tdma, &dm->tdma, sizeof(v3->tdma)); + v3->tdma = dm->tdma; btc->policy_len += BTC_TLV_HDR_LEN + sizeof(*v3); }
Copy a couple of structures directly, instead of using `memcpy()`. This addesses the following -Wstringop-overflow warnings: drivers/net/wireless/realtek/rtw89/coex.c: In function ‘_append_tdma’: ./include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] 57 | #define __underlying_memcpy __builtin_memcpy | ^ ./include/linux/fortify-string.h:644:9: note: in expansion of macro ‘__underlying_memcpy’ 644 | __underlying_##op(p, q, __fortify_size); \ | ^~~~~~~~~~~~~ ./include/linux/fortify-string.h:689:26: note: in expansion of macro ‘__fortify_memcpy_chk’ 689 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ | ^~~~~~~~~~~~~~~~~~~~ drivers/net/wireless/realtek/rtw89/coex.c:1585:17: note: in expansion of macro ‘memcpy’ 1585 | memcpy(&v3->tdma, &dm->tdma, sizeof(v3->tdma)); | ^~~~~~ drivers/net/wireless/realtek/rtw89/core.h:2703:37: note: at offset [5714, 71249] into destination object ‘ver’ of size 8 2703 | const struct rtw89_btc_ver *ver; | ^~~ ./include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] 57 | #define __underlying_memcpy __builtin_memcpy | ^ ./include/linux/fortify-string.h:644:9: note: in expansion of macro ‘__underlying_memcpy’ 644 | __underlying_##op(p, q, __fortify_size); \ | ^~~~~~~~~~~~~ ./include/linux/fortify-string.h:689:26: note: in expansion of macro ‘__fortify_memcpy_chk’ 689 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ | ^~~~~~~~~~~~~~~~~~~~ drivers/net/wireless/realtek/rtw89/coex.c:1579:17: note: in expansion of macro ‘memcpy’ 1579 | memcpy(v, &dm->tdma, sizeof(*v)); | ^~~~~~ drivers/net/wireless/realtek/rtw89/core.h:2703:37: note: at offset [5710, 71245] into destination object ‘ver’ of size 8 2703 | const struct rtw89_btc_ver *ver; | ^~~ This helps with the ongoing efforts to globally enable -Wstringop-overflow. Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- drivers/net/wireless/realtek/rtw89/coex.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)