From patchwork Fri Aug 16 10:02:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jinjie Ruan X-Patchwork-Id: 13765864 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EB114C531DC for ; Fri, 16 Aug 2024 09:57:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=NGUpNcR5mK3WIHTJlFjuWwxJGRBKgouydWYpjn+LLlo=; b=ydsKkQCwkily8OYdIecDk+b3i0 KFG45EqWTMVt9s6JeCaxgKKqJ2opf9HqyQPp3KmdM9aqH6fgi4xP9YEv1vcAvw7m1247w6RTvRnSG 2JJu1QOkJyEWc0DsSDlqrcqjnCpzdisjFfT8wORQOhLHmdat17PM1AUm7Lv8H9qUdU71B5MZ7W2Ey UAojuPp+EJ1Le+O3HjYNns+P2mQb+bW9TgIcSd4rRFnL56UwSVGOCjoiRloa804SIOAV9jg3c1IUR wVTjgVUoQvC+H579rHDlC27PitupBihr7SviNSFTFzqnNTTJmzIztBNIdtEYtA5Ooxpk0ANWtj1mX ACiqSqMA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1setho-0000000CVvq-40mE; Fri, 16 Aug 2024 09:57:12 +0000 Received: from szxga05-in.huawei.com ([45.249.212.191]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1setgj-0000000CVdO-3x1L for linux-arm-kernel@lists.infradead.org; Fri, 16 Aug 2024 09:56:07 +0000 Received: from mail.maildlp.com (unknown [172.19.88.234]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4Wlcgk0gwWz1j6XQ; Fri, 16 Aug 2024 17:50:58 +0800 (CST) Received: from kwepemh500013.china.huawei.com (unknown [7.202.181.146]) by mail.maildlp.com (Postfix) with ESMTPS id 6C9291400FD; Fri, 16 Aug 2024 17:55:52 +0800 (CST) Received: from huawei.com (10.90.53.73) by kwepemh500013.china.huawei.com (7.202.181.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Fri, 16 Aug 2024 17:55:51 +0800 From: Jinjie Ruan To: , , CC: Subject: [PATCH -next] firmware: arm_ffa: Fix beyond size of field warning Date: Fri, 16 Aug 2024 18:02:58 +0800 Message-ID: <20240816100258.2159447-1-ruanjinjie@huawei.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Originating-IP: [10.90.53.73] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To kwepemh500013.china.huawei.com (7.202.181.146) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240816_025606_233157_EEB6DE85 X-CRM114-Status: GOOD ( 10.16 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org An allmodconfig build of arm64 resulted in following warning: In function ‘fortify_memcpy_chk’, inlined from ‘export_uuid’ at ./include/linux/uuid.h:88:2, inlined from ‘ffa_msg_send_direct_req2’ at ./drivers/firmware/arm_ffa/driver.c:488:2: ./include/linux/fortify-string.h:571:25: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] 571 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘fortify_memcpy_chk’, inlined from ‘ffa_msg_send_direct_req2’ at ./drivers/firmware/arm_ffa/driver.c:489:2: ./linux-next/include/linux/fortify-string.h:571:25: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] 571 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Because ffa_msg_send_direct_req2() memcpy uuid_t and struct ffa_send_direct_data2 data to unsigned long dst, the copy size is 2 or or 14 unsigned long which beyond size of dst size, fix it by using a temp array for memcpy. Signed-off-by: Jinjie Ruan --- drivers/firmware/arm_ffa/driver.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c index 1e3764852118..674fbe008ea6 100644 --- a/drivers/firmware/arm_ffa/driver.c +++ b/drivers/firmware/arm_ffa/driver.c @@ -480,13 +480,23 @@ static int ffa_msg_send2(u16 src_id, u16 dst_id, void *buf, size_t sz) static int ffa_msg_send_direct_req2(u16 src_id, u16 dst_id, const uuid_t *uuid, struct ffa_send_direct_data2 *data) { + unsigned long args_data[14]; + unsigned long args_uuid[2]; + unsigned long *data_ptr; + u32 src_dst_ids = PACK_TARGET_INFO(src_id, dst_id); ffa_value_t ret, args = { .a0 = FFA_MSG_SEND_DIRECT_REQ2, .a1 = src_dst_ids, }; - export_uuid((u8 *)&args.a2, uuid); - memcpy(&args.a4, data, sizeof(*data)); + memcpy(args_uuid, uuid, sizeof(uuid_t)); + args.a2 = args_uuid[0]; + args.a3 = args_uuid[1]; + + memcpy(args_data, data, sizeof(*data)); + data_ptr = &args.a4; + for (int i = 0; i < 14; i++) + *data_ptr++ = args_data[i]; invoke_ffa_fn(args, &ret);