wifi: use struct_group to copy addresses

Message ID	20220826222007.7acf78f1ecee.I7c75a7d3599f120c720a5d6ec170fd90ec0dfd51@changeid (mailing list archive)
State	Superseded
Delegated to:	Johannes Berg
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: Johannes Berg <johannes@sipsolutions.net> To: linux-wireless@vger.kernel.org Cc: Johannes Berg <johannes.berg@intel.com> Subject: [PATCH] wifi: use struct_group to copy addresses Date: Fri, 26 Aug 2022 22:20:08 +0200 Message-Id: <20220826222007.7acf78f1ecee.I7c75a7d3599f120c720a5d6ec170fd90ec0dfd51@changeid> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	wifi: use struct_group to copy addresses \| expand wifi: use struct_group to copy addresses

Message ID

20220826222007.7acf78f1ecee.I7c75a7d3599f120c720a5d6ec170fd90ec0dfd51@changeid (mailing list archive)

State

Superseded

Delegated to:

Johannes Berg

Headers

From: Johannes Berg <johannes@sipsolutions.net>
To: linux-wireless@vger.kernel.org
Cc: Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH] wifi: use struct_group to copy addresses
Date: Fri, 26 Aug 2022 22:20:08 +0200
Message-Id: 
 <20220826222007.7acf78f1ecee.I7c75a7d3599f120c720a5d6ec170fd90ec0dfd51@changeid>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

wifi: use struct_group to copy addresses | expand

Commit Message

Johannes Berg Aug. 26, 2022, 8:20 p.m. UTC

From: Johannes Berg <johannes.berg@intel.com>

We sometimes copy all the addresses from the 802.11 header
for the AAD, which may cause complaints from fortify checks.
Use struct_group() to enable that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 include/linux/ieee80211.h          | 8 +++++---
 net/mac80211/wpa.c                 | 4 ++--
 net/wireless/lib80211_crypt_ccmp.c | 2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

Comments

kernel test robot Aug. 26, 2022, 11:25 p.m. UTC | #1

Hi Johannes,

I love your patch! Yet something to improve:

[auto build test ERROR on wireless-next/main]
[also build test ERROR on wireless/main linus/master v6.0-rc2 next-20220826]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Johannes-Berg/wifi-use-struct_group-to-copy-addresses/20220827-042146
base:   https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main
config: riscv-randconfig-r042-20220827 (https://download.01.org/0day-ci/archive/20220827/202208270709.yaMdVwqX-lkp@intel.com/config)
compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project a2100daf12fb980a29fd1a9c85ccf8eaaaf79730)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install riscv cross compiling tool for clang build
        # apt-get install binutils-riscv64-linux-gnu
        # https://github.com/intel-lab-lkp/linux/commit/b170af98c24ca49976213745cd2ded205febf09d
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Johannes-Berg/wifi-use-struct_group-to-copy-addresses/20220827-042146
        git checkout b170af98c24ca49976213745cd2ded205febf09d
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=riscv SHELL=/bin/bash net/wireless/

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

>> net/wireless/lib80211_crypt_ccmp.c:139:18: error: passing 'const struct (unnamed struct at include/linux/ieee80211.h:313:2)' to parameter of incompatible type 'const void *'
           memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
                           ^~~~~~~~~~
   arch/riscv/include/asm/string.h:16:52: note: passing argument to parameter here
   extern asmlinkage void *memcpy(void *, const void *, size_t);
                                                      ^
   1 error generated.


vim +139 net/wireless/lib80211_crypt_ccmp.c

    93	
    94	static int ccmp_init_iv_and_aad(const struct ieee80211_hdr *hdr,
    95					const u8 *pn, u8 *iv, u8 *aad)
    96	{
    97		u8 *pos, qc = 0;
    98		size_t aad_len;
    99		int a4_included, qc_included;
   100	
   101		a4_included = ieee80211_has_a4(hdr->frame_control);
   102		qc_included = ieee80211_is_data_qos(hdr->frame_control);
   103	
   104		aad_len = 22;
   105		if (a4_included)
   106			aad_len += 6;
   107		if (qc_included) {
   108			pos = (u8 *) & hdr->addr4;
   109			if (a4_included)
   110				pos += 6;
   111			qc = *pos & 0x0f;
   112			aad_len += 2;
   113		}
   114	
   115		/* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
   116		 * mode authentication are not allowed to collide, yet both are derived
   117		 * from the same vector. We only set L := 1 here to indicate that the
   118		 * data size can be represented in (L+1) bytes. The CCM layer will take
   119		 * care of storing the data length in the top (L+1) bytes and setting
   120		 * and clearing the other bits as is required to derive the two IVs.
   121		 */
   122		iv[0] = 0x1;
   123	
   124		/* Nonce: QC | A2 | PN */
   125		iv[1] = qc;
   126		memcpy(iv + 2, hdr->addr2, ETH_ALEN);
   127		memcpy(iv + 8, pn, CCMP_PN_LEN);
   128	
   129		/* AAD:
   130		 * FC with bits 4..6 and 11..13 masked to zero; 14 is always one
   131		 * A1 | A2 | A3
   132		 * SC with bits 4..15 (seq#) masked to zero
   133		 * A4 (if present)
   134		 * QC (if present)
   135		 */
   136		pos = (u8 *) hdr;
   137		aad[0] = pos[0] & 0x8f;
   138		aad[1] = pos[1] & 0xc7;
 > 139		memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
   140		pos = (u8 *) & hdr->seq_ctrl;
   141		aad[20] = pos[0] & 0x0f;
   142		aad[21] = 0;		/* all bits masked */
   143		memset(aad + 22, 0, 8);
   144		if (a4_included)
   145			memcpy(aad + 22, hdr->addr4, ETH_ALEN);
   146		if (qc_included) {
   147			aad[a4_included ? 28 : 22] = qc;
   148			/* rest of QC masked */
   149		}
   150		return aad_len;
   151	}
   152

kernel test robot Aug. 27, 2022, 12:05 a.m. UTC | #2

Hi Johannes,

I love your patch! Yet something to improve:

[auto build test ERROR on wireless-next/main]
[also build test ERROR on wireless/main linus/master v6.0-rc2 next-20220826]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Johannes-Berg/wifi-use-struct_group-to-copy-addresses/20220827-042146
base:   https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main
config: i386-randconfig-a005 (https://download.01.org/0day-ci/archive/20220827/202208270736.nc6uwnQv-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-5) 11.3.0
reproduce (this is a W=1 build):
        # https://github.com/intel-lab-lkp/linux/commit/b170af98c24ca49976213745cd2ded205febf09d
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Johannes-Berg/wifi-use-struct_group-to-copy-addresses/20220827-042146
        git checkout b170af98c24ca49976213745cd2ded205febf09d
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        make W=1 O=build_dir ARCH=i386 SHELL=/bin/bash net/wireless/

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   In file included from include/linux/string.h:253,
                    from arch/x86/include/asm/page_32.h:22,
                    from arch/x86/include/asm/page.h:14,
                    from arch/x86/include/asm/processor.h:19,
                    from arch/x86/include/asm/timex.h:5,
                    from include/linux/timex.h:67,
                    from include/linux/time32.h:13,
                    from include/linux/time.h:60,
                    from include/linux/stat.h:19,
                    from include/linux/module.h:13,
                    from net/wireless/lib80211_crypt_ccmp.c:11:
   net/wireless/lib80211_crypt_ccmp.c: In function 'ccmp_init_iv_and_aad':
>> net/wireless/lib80211_crypt_ccmp.c:139:28: error: incompatible type for argument 1 of '__builtin_object_size'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |                         ~~~^~~~~~~
         |                            |
         |                            struct <anonymous>
   include/linux/fortify-string.h:376:52: note: in definition of macro '__fortify_memcpy_chk'
     376 |         fortify_memcpy_chk(__fortify_size, p_size, q_size,              \
         |                                                    ^~~~~~
   net/wireless/lib80211_crypt_ccmp.c:139:9: note: in expansion of macro 'memcpy'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |         ^~~~~~
   net/wireless/lib80211_crypt_ccmp.c:139:28: note: expected 'const void *' but argument is of type 'struct <anonymous>'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |                         ~~~^~~~~~~
   include/linux/fortify-string.h:376:52: note: in definition of macro '__fortify_memcpy_chk'
     376 |         fortify_memcpy_chk(__fortify_size, p_size, q_size,              \
         |                                                    ^~~~~~
   net/wireless/lib80211_crypt_ccmp.c:139:9: note: in expansion of macro 'memcpy'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |         ^~~~~~
>> net/wireless/lib80211_crypt_ccmp.c:139:28: error: incompatible type for argument 1 of '__builtin_object_size'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |                         ~~~^~~~~~~
         |                            |
         |                            struct <anonymous>
   include/linux/fortify-string.h:377:42: note: in definition of macro '__fortify_memcpy_chk'
     377 |                            p_size_field, q_size_field, #op);            \
         |                                          ^~~~~~~~~~~~
   net/wireless/lib80211_crypt_ccmp.c:139:9: note: in expansion of macro 'memcpy'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |         ^~~~~~
   net/wireless/lib80211_crypt_ccmp.c:139:28: note: expected 'const void *' but argument is of type 'struct <anonymous>'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |                         ~~~^~~~~~~
   include/linux/fortify-string.h:377:42: note: in definition of macro '__fortify_memcpy_chk'
     377 |                            p_size_field, q_size_field, #op);            \
         |                                          ^~~~~~~~~~~~
   net/wireless/lib80211_crypt_ccmp.c:139:9: note: in expansion of macro 'memcpy'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |         ^~~~~~
>> net/wireless/lib80211_crypt_ccmp.c:139:28: error: incompatible type for argument 2 of '__builtin_memcpy'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |                         ~~~^~~~~~~
         |                            |
         |                            struct <anonymous>
   include/linux/fortify-string.h:378:30: note: in definition of macro '__fortify_memcpy_chk'
     378 |         __underlying_##op(p, q, __fortify_size);                        \
         |                              ^
   net/wireless/lib80211_crypt_ccmp.c:139:9: note: in expansion of macro 'memcpy'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |         ^~~~~~
   net/wireless/lib80211_crypt_ccmp.c:139:28: note: expected 'const void *' but argument is of type 'struct <anonymous>'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |                         ~~~^~~~~~~
   include/linux/fortify-string.h:378:30: note: in definition of macro '__fortify_memcpy_chk'
     378 |         __underlying_##op(p, q, __fortify_size);                        \
         |                              ^
   net/wireless/lib80211_crypt_ccmp.c:139:9: note: in expansion of macro 'memcpy'
     139 |         memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
         |         ^~~~~~


vim +/__builtin_object_size +139 net/wireless/lib80211_crypt_ccmp.c

    93	
    94	static int ccmp_init_iv_and_aad(const struct ieee80211_hdr *hdr,
    95					const u8 *pn, u8 *iv, u8 *aad)
    96	{
    97		u8 *pos, qc = 0;
    98		size_t aad_len;
    99		int a4_included, qc_included;
   100	
   101		a4_included = ieee80211_has_a4(hdr->frame_control);
   102		qc_included = ieee80211_is_data_qos(hdr->frame_control);
   103	
   104		aad_len = 22;
   105		if (a4_included)
   106			aad_len += 6;
   107		if (qc_included) {
   108			pos = (u8 *) & hdr->addr4;
   109			if (a4_included)
   110				pos += 6;
   111			qc = *pos & 0x0f;
   112			aad_len += 2;
   113		}
   114	
   115		/* In CCM, the initial vectors (IV) used for CTR mode encryption and CBC
   116		 * mode authentication are not allowed to collide, yet both are derived
   117		 * from the same vector. We only set L := 1 here to indicate that the
   118		 * data size can be represented in (L+1) bytes. The CCM layer will take
   119		 * care of storing the data length in the top (L+1) bytes and setting
   120		 * and clearing the other bits as is required to derive the two IVs.
   121		 */
   122		iv[0] = 0x1;
   123	
   124		/* Nonce: QC | A2 | PN */
   125		iv[1] = qc;
   126		memcpy(iv + 2, hdr->addr2, ETH_ALEN);
   127		memcpy(iv + 8, pn, CCMP_PN_LEN);
   128	
   129		/* AAD:
   130		 * FC with bits 4..6 and 11..13 masked to zero; 14 is always one
   131		 * A1 | A2 | A3
   132		 * SC with bits 4..15 (seq#) masked to zero
   133		 * A4 (if present)
   134		 * QC (if present)
   135		 */
   136		pos = (u8 *) hdr;
   137		aad[0] = pos[0] & 0x8f;
   138		aad[1] = pos[1] & 0xc7;
 > 139		memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
   140		pos = (u8 *) & hdr->seq_ctrl;
   141		aad[20] = pos[0] & 0x0f;
   142		aad[21] = 0;		/* all bits masked */
   143		memset(aad + 22, 0, 8);
   144		if (a4_included)
   145			memcpy(aad + 22, hdr->addr4, ETH_ALEN);
   146		if (qc_included) {
   147			aad[a4_included ? 28 : 22] = qc;
   148			/* rest of QC masked */
   149		}
   150		return aad_len;
   151	}
   152

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 55e6f4ad0ca6..b6e6d5b40774 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -310,9 +310,11 @@  static inline u16 ieee80211_sn_sub(u16 sn1, u16 sn2)
 struct ieee80211_hdr {
 	__le16 frame_control;
 	__le16 duration_id;
-	u8 addr1[ETH_ALEN];
-	u8 addr2[ETH_ALEN];
-	u8 addr3[ETH_ALEN];
+	struct_group(addrs,
+		u8 addr1[ETH_ALEN];
+		u8 addr2[ETH_ALEN];
+		u8 addr3[ETH_ALEN];
+	);
 	__le16 seq_ctrl;
 	u8 addr4[ETH_ALEN];
 } __packed __aligned(2);
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 93ec2f349748..20f742b5503b 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -351,7 +351,7 @@  static u8 ccmp_gcmp_aad(struct sk_buff *skb, u8 *aad)
 	 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
 	put_unaligned_be16(len_a, &aad[0]);
 	put_unaligned(mask_fc, (__le16 *)&aad[2]);
-	memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
+	memcpy(&aad[4], &hdr->addrs, 3 * ETH_ALEN);
 
 	/* Mask Seq#, leave Frag# */
 	aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
@@ -792,7 +792,7 @@  static void bip_aad(struct sk_buff *skb, u8 *aad)
 				IEEE80211_FCTL_MOREDATA);
 	put_unaligned(mask_fc, (__le16 *) &aad[0]);
 	/* A1 || A2 || A3 */
-	memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN);
+	memcpy(aad + 2, &hdr->addrs, 3 * ETH_ALEN);
 }
 
 
diff --git a/net/wireless/lib80211_crypt_ccmp.c b/net/wireless/lib80211_crypt_ccmp.c
index 6a5f08f7491e..37fe93ed2529 100644
--- a/net/wireless/lib80211_crypt_ccmp.c
+++ b/net/wireless/lib80211_crypt_ccmp.c
@@ -136,7 +136,7 @@  static int ccmp_init_iv_and_aad(const struct ieee80211_hdr *hdr,
 	pos = (u8 *) hdr;
 	aad[0] = pos[0] & 0x8f;
 	aad[1] = pos[1] & 0xc7;
-	memcpy(aad + 2, hdr->addr1, 3 * ETH_ALEN);
+	memcpy(aad + 2, hdr->addrs, 3 * ETH_ALEN);
 	pos = (u8 *) & hdr->seq_ctrl;
 	aad[20] = pos[0] & 0x0f;
 	aad[21] = 0;		/* all bits masked */

wifi: use struct_group to copy addresses

Commit Message

Comments

Patch