diff mbox series

[net] wifi: ath12k: fix build vs old compiler

Message ID 3175f87d7227e395b330fd88fb840c1645084ea7.1721127979.git.pabeni@redhat.com (mailing list archive)
State Handled Elsewhere
Delegated to: Kalle Valo
Headers show
Series [net] wifi: ath12k: fix build vs old compiler | expand

Commit Message

Paolo Abeni July 16, 2024, 11:06 a.m. UTC 
gcc 11.4.1-3 warns about memcpy() with overlapping pointers:

drivers/net/wireless/ath/ath12k/wow.c: In function ‘ath12k_wow_convert_8023_to_80211.constprop’:
./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551611 or more bytes at offsets 0 and 0 overlaps 9223372036854775799 bytes at offset -9223372036854775804 [-Werror=restrict]
  114 | #define __underlying_memcpy     __builtin_memcpy
      |                                 ^
./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
  637 |         __underlying_##op(p, q, __fortify_size);                        \
      |         ^~~~~~~~~~~~~
./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
  682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
      |                          ^~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath12k/wow.c:190:25: note: in expansion of macro ‘memcpy’
  190 |                         memcpy(pat, eth_pat, eth_pat_len);
      |                         ^~~~~~
./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551605 or more bytes at offsets 0 and 0 overlaps 9223372036854775787 bytes at offset -9223372036854775798 [-Werror=restrict]
  114 | #define __underlying_memcpy     __builtin_memcpy
      |                                 ^
./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
  637 |         __underlying_##op(p, q, __fortify_size);                        \
      |         ^~~~~~~~~~~~~
./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
  682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
      |                          ^~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath12k/wow.c:232:25: note: in expansion of macro ‘memcpy’
  232 |                         memcpy(pat, eth_pat, eth_pat_len);
      |                         ^~~~~~

The sum of size_t operands can overflow SIZE_MAX, triggering the
warning.
Address the issue using the suitable helper.

Fixes: 4a3c212eee0e ("wifi: ath12k: add basic WoW functionalities")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
Only built tested. Sending directly to net to reduce the RTT, but no
objections to go through the WiFi tree first
---
 drivers/net/wireless/ath/ath12k/wow.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Jeff Johnson July 16, 2024, 2 p.m. UTC | #1 
On 7/16/2024 4:06 AM, Paolo Abeni wrote:
> gcc 11.4.1-3 warns about memcpy() with overlapping pointers:
> 
> drivers/net/wireless/ath/ath12k/wow.c: In function ‘ath12k_wow_convert_8023_to_80211.constprop’:
> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551611 or more bytes at offsets 0 and 0 overlaps 9223372036854775799 bytes at offset -9223372036854775804 [-Werror=restrict]
>   114 | #define __underlying_memcpy     __builtin_memcpy
>       |                                 ^
> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>       |         ^~~~~~~~~~~~~
> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>       |                          ^~~~~~~~~~~~~~~~~~~~
> drivers/net/wireless/ath/ath12k/wow.c:190:25: note: in expansion of macro ‘memcpy’
>   190 |                         memcpy(pat, eth_pat, eth_pat_len);
>       |                         ^~~~~~
> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551605 or more bytes at offsets 0 and 0 overlaps 9223372036854775787 bytes at offset -9223372036854775798 [-Werror=restrict]
>   114 | #define __underlying_memcpy     __builtin_memcpy
>       |                                 ^
> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>       |         ^~~~~~~~~~~~~
> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>       |                          ^~~~~~~~~~~~~~~~~~~~
> drivers/net/wireless/ath/ath12k/wow.c:232:25: note: in expansion of macro ‘memcpy’
>   232 |                         memcpy(pat, eth_pat, eth_pat_len);
>       |                         ^~~~~~
> 
> The sum of size_t operands can overflow SIZE_MAX, triggering the
> warning.
> Address the issue using the suitable helper.
> 
> Fixes: 4a3c212eee0e ("wifi: ath12k: add basic WoW functionalities")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
> Only built tested. Sending directly to net to reduce the RTT, but no
> objections to go through the WiFi tree first
> ---
>  drivers/net/wireless/ath/ath12k/wow.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/wireless/ath/ath12k/wow.c b/drivers/net/wireless/ath/ath12k/wow.c
> index c5cba825a84a..bead19db2c9a 100644
> --- a/drivers/net/wireless/ath/ath12k/wow.c
> +++ b/drivers/net/wireless/ath/ath12k/wow.c
> @@ -186,7 +186,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
>  	if (eth_pkt_ofs < ETH_ALEN) {
>  		pkt_ofs = eth_pkt_ofs + a1_ofs;
>  
> -		if (eth_pkt_ofs + eth_pat_len < ETH_ALEN) {
> +		if (size_add(eth_pkt_ofs, eth_pat_len) < ETH_ALEN) {
>  			memcpy(pat, eth_pat, eth_pat_len);
>  			memcpy(bytemask, eth_bytemask, eth_pat_len);
>  
> @@ -228,7 +228,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
>  	} else if (eth_pkt_ofs < prot_ofs) {
>  		pkt_ofs = eth_pkt_ofs - ETH_ALEN + a3_ofs;
>  
> -		if (eth_pkt_ofs + eth_pat_len < prot_ofs) {
> +		if (size_add(eth_pkt_ofs, eth_pat_len) < prot_ofs) {
>  			memcpy(pat, eth_pat, eth_pat_len);
>  			memcpy(bytemask, eth_bytemask, eth_pat_len);
>  

Duplicate of https://msgid.link/20240704144341.207317-1-kvalo@kernel.org ??
Jeff Johnson July 16, 2024, 2:03 p.m. UTC | #2 
On 7/16/2024 7:00 AM, Jeff Johnson wrote:
> On 7/16/2024 4:06 AM, Paolo Abeni wrote:
>> gcc 11.4.1-3 warns about memcpy() with overlapping pointers:
>>
>> drivers/net/wireless/ath/ath12k/wow.c: In function ‘ath12k_wow_convert_8023_to_80211.constprop’:
>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551611 or more bytes at offsets 0 and 0 overlaps 9223372036854775799 bytes at offset -9223372036854775804 [-Werror=restrict]
>>   114 | #define __underlying_memcpy     __builtin_memcpy
>>       |                                 ^
>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>>       |         ^~~~~~~~~~~~~
>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>>       |                          ^~~~~~~~~~~~~~~~~~~~
>> drivers/net/wireless/ath/ath12k/wow.c:190:25: note: in expansion of macro ‘memcpy’
>>   190 |                         memcpy(pat, eth_pat, eth_pat_len);
>>       |                         ^~~~~~
>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551605 or more bytes at offsets 0 and 0 overlaps 9223372036854775787 bytes at offset -9223372036854775798 [-Werror=restrict]
>>   114 | #define __underlying_memcpy     __builtin_memcpy
>>       |                                 ^
>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>>       |         ^~~~~~~~~~~~~
>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>>       |                          ^~~~~~~~~~~~~~~~~~~~
>> drivers/net/wireless/ath/ath12k/wow.c:232:25: note: in expansion of macro ‘memcpy’
>>   232 |                         memcpy(pat, eth_pat, eth_pat_len);
>>       |                         ^~~~~~
>>
>> The sum of size_t operands can overflow SIZE_MAX, triggering the
>> warning.
>> Address the issue using the suitable helper.
>>
>> Fixes: 4a3c212eee0e ("wifi: ath12k: add basic WoW functionalities")
>> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
>> ---
>> Only built tested. Sending directly to net to reduce the RTT, but no
>> objections to go through the WiFi tree first
>> ---
>>  drivers/net/wireless/ath/ath12k/wow.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/net/wireless/ath/ath12k/wow.c b/drivers/net/wireless/ath/ath12k/wow.c
>> index c5cba825a84a..bead19db2c9a 100644
>> --- a/drivers/net/wireless/ath/ath12k/wow.c
>> +++ b/drivers/net/wireless/ath/ath12k/wow.c
>> @@ -186,7 +186,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
>>  	if (eth_pkt_ofs < ETH_ALEN) {
>>  		pkt_ofs = eth_pkt_ofs + a1_ofs;
>>  
>> -		if (eth_pkt_ofs + eth_pat_len < ETH_ALEN) {
>> +		if (size_add(eth_pkt_ofs, eth_pat_len) < ETH_ALEN) {
>>  			memcpy(pat, eth_pat, eth_pat_len);
>>  			memcpy(bytemask, eth_bytemask, eth_pat_len);
>>  
>> @@ -228,7 +228,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
>>  	} else if (eth_pkt_ofs < prot_ofs) {
>>  		pkt_ofs = eth_pkt_ofs - ETH_ALEN + a3_ofs;
>>  
>> -		if (eth_pkt_ofs + eth_pat_len < prot_ofs) {
>> +		if (size_add(eth_pkt_ofs, eth_pat_len) < prot_ofs) {
>>  			memcpy(pat, eth_pat, eth_pat_len);
>>  			memcpy(bytemask, eth_bytemask, eth_pat_len);
>>  
> 
> Duplicate of https://msgid.link/20240704144341.207317-1-kvalo@kernel.org ??

Let me add Kees & Paul to see if they prefer your solution
Paolo Abeni July 16, 2024, 2:11 p.m. UTC | #3 
On 7/16/24 16:00, Jeff Johnson wrote:
> On 7/16/2024 4:06 AM, Paolo Abeni wrote:
>> gcc 11.4.1-3 warns about memcpy() with overlapping pointers:
>>
>> drivers/net/wireless/ath/ath12k/wow.c: In function ‘ath12k_wow_convert_8023_to_80211.constprop’:
>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551611 or more bytes at offsets 0 and 0 overlaps 9223372036854775799 bytes at offset -9223372036854775804 [-Werror=restrict]
>>    114 | #define __underlying_memcpy     __builtin_memcpy
>>        |                                 ^
>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>>    637 |         __underlying_##op(p, q, __fortify_size);                        \
>>        |         ^~~~~~~~~~~~~
>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>>    682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>>        |                          ^~~~~~~~~~~~~~~~~~~~
>> drivers/net/wireless/ath/ath12k/wow.c:190:25: note: in expansion of macro ‘memcpy’
>>    190 |                         memcpy(pat, eth_pat, eth_pat_len);
>>        |                         ^~~~~~
>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551605 or more bytes at offsets 0 and 0 overlaps 9223372036854775787 bytes at offset -9223372036854775798 [-Werror=restrict]
>>    114 | #define __underlying_memcpy     __builtin_memcpy
>>        |                                 ^
>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>>    637 |         __underlying_##op(p, q, __fortify_size);                        \
>>        |         ^~~~~~~~~~~~~
>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>>    682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>>        |                          ^~~~~~~~~~~~~~~~~~~~
>> drivers/net/wireless/ath/ath12k/wow.c:232:25: note: in expansion of macro ‘memcpy’
>>    232 |                         memcpy(pat, eth_pat, eth_pat_len);
>>        |                         ^~~~~~
>>
>> The sum of size_t operands can overflow SIZE_MAX, triggering the
>> warning.
>> Address the issue using the suitable helper.
>>
>> Fixes: 4a3c212eee0e ("wifi: ath12k: add basic WoW functionalities")
>> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
>> ---
>> Only built tested. Sending directly to net to reduce the RTT, but no
>> objections to go through the WiFi tree first
>> ---
>>   drivers/net/wireless/ath/ath12k/wow.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/net/wireless/ath/ath12k/wow.c b/drivers/net/wireless/ath/ath12k/wow.c
>> index c5cba825a84a..bead19db2c9a 100644
>> --- a/drivers/net/wireless/ath/ath12k/wow.c
>> +++ b/drivers/net/wireless/ath/ath12k/wow.c
>> @@ -186,7 +186,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
>>   	if (eth_pkt_ofs < ETH_ALEN) {
>>   		pkt_ofs = eth_pkt_ofs + a1_ofs;
>>   
>> -		if (eth_pkt_ofs + eth_pat_len < ETH_ALEN) {
>> +		if (size_add(eth_pkt_ofs, eth_pat_len) < ETH_ALEN) {
>>   			memcpy(pat, eth_pat, eth_pat_len);
>>   			memcpy(bytemask, eth_bytemask, eth_pat_len);
>>   
>> @@ -228,7 +228,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
>>   	} else if (eth_pkt_ofs < prot_ofs) {
>>   		pkt_ofs = eth_pkt_ofs - ETH_ALEN + a3_ofs;
>>   
>> -		if (eth_pkt_ofs + eth_pat_len < prot_ofs) {
>> +		if (size_add(eth_pkt_ofs, eth_pat_len) < prot_ofs) {
>>   			memcpy(pat, eth_pat, eth_pat_len);
>>   			memcpy(bytemask, eth_bytemask, eth_pat_len);
>>   
> 
> Duplicate of https://msgid.link/20240704144341.207317-1-kvalo@kernel.org ??

Indeed. Anything addressing the issue WFM.

Thanks,

Paolo
Kees Cook July 16, 2024, 2:36 p.m. UTC | #4 
On July 16, 2024 7:03:55 AM PDT, Jeff Johnson <quic_jjohnson@quicinc.com> wrote:
>On 7/16/2024 7:00 AM, Jeff Johnson wrote:
>> On 7/16/2024 4:06 AM, Paolo Abeni wrote:
>>> gcc 11.4.1-3 warns about memcpy() with overlapping pointers:
>>>
>>> drivers/net/wireless/ath/ath12k/wow.c: In function ‘ath12k_wow_convert_8023_to_80211.constprop’:
>>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551611 or more bytes at offsets 0 and 0 overlaps 9223372036854775799 bytes at offset -9223372036854775804 [-Werror=restrict]
>>>   114 | #define __underlying_memcpy     __builtin_memcpy
>>>       |                                 ^
>>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>>>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>>>       |         ^~~~~~~~~~~~~
>>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>>>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>>>       |                          ^~~~~~~~~~~~~~~~~~~~
>>> drivers/net/wireless/ath/ath12k/wow.c:190:25: note: in expansion of macro ‘memcpy’
>>>   190 |                         memcpy(pat, eth_pat, eth_pat_len);
>>>       |                         ^~~~~~
>>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551605 or more bytes at offsets 0 and 0 overlaps 9223372036854775787 bytes at offset -9223372036854775798 [-Werror=restrict]
>>>   114 | #define __underlying_memcpy     __builtin_memcpy
>>>       |                                 ^
>>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>>>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>>>       |         ^~~~~~~~~~~~~
>>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>>>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>>>       |                          ^~~~~~~~~~~~~~~~~~~~
>>> drivers/net/wireless/ath/ath12k/wow.c:232:25: note: in expansion of macro ‘memcpy’
>>>   232 |                         memcpy(pat, eth_pat, eth_pat_len);
>>>       |                         ^~~~~~
>>>
>>> The sum of size_t operands can overflow SIZE_MAX, triggering the
>>> warning.
>>> Address the issue using the suitable helper.
>>>
>>> Fixes: 4a3c212eee0e ("wifi: ath12k: add basic WoW functionalities")
>>> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
>>> ---
>>> Only built tested. Sending directly to net to reduce the RTT, but no
>>> objections to go through the WiFi tree first
>>> ---
>>>  drivers/net/wireless/ath/ath12k/wow.c | 4 ++--
>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/net/wireless/ath/ath12k/wow.c b/drivers/net/wireless/ath/ath12k/wow.c
>>> index c5cba825a84a..bead19db2c9a 100644
>>> --- a/drivers/net/wireless/ath/ath12k/wow.c
>>> +++ b/drivers/net/wireless/ath/ath12k/wow.c
>>> @@ -186,7 +186,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
>>>  	if (eth_pkt_ofs < ETH_ALEN) {
>>>  		pkt_ofs = eth_pkt_ofs + a1_ofs;
>>>  
>>> -		if (eth_pkt_ofs + eth_pat_len < ETH_ALEN) {
>>> +		if (size_add(eth_pkt_ofs, eth_pat_len) < ETH_ALEN) {
>>>  			memcpy(pat, eth_pat, eth_pat_len);
>>>  			memcpy(bytemask, eth_bytemask, eth_pat_len);
>>>  
>>> @@ -228,7 +228,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
>>>  	} else if (eth_pkt_ofs < prot_ofs) {
>>>  		pkt_ofs = eth_pkt_ofs - ETH_ALEN + a3_ofs;
>>>  
>>> -		if (eth_pkt_ofs + eth_pat_len < prot_ofs) {
>>> +		if (size_add(eth_pkt_ofs, eth_pat_len) < prot_ofs) {
>>>  			memcpy(pat, eth_pat, eth_pat_len);
>>>  			memcpy(bytemask, eth_bytemask, eth_pat_len);
>>>  
>> 
>> Duplicate of https://msgid.link/20240704144341.207317-1-kvalo@kernel.org ??
>
>Let me add Kees & Paul to see if they prefer your solution

Heh, yeah, that works too! Avoid the overflow via saturating addition.

Reviewed-by: Kees Cook<kees@kernel.org>
Jeff Johnson July 16, 2024, 2:40 p.m. UTC | #5 
On 7/16/2024 4:06 AM, Paolo Abeni wrote:
> gcc 11.4.1-3 warns about memcpy() with overlapping pointers:
> 
> drivers/net/wireless/ath/ath12k/wow.c: In function ‘ath12k_wow_convert_8023_to_80211.constprop’:
> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551611 or more bytes at offsets 0 and 0 overlaps 9223372036854775799 bytes at offset -9223372036854775804 [-Werror=restrict]
>   114 | #define __underlying_memcpy     __builtin_memcpy
>       |                                 ^
> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>       |         ^~~~~~~~~~~~~
> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>       |                          ^~~~~~~~~~~~~~~~~~~~
> drivers/net/wireless/ath/ath12k/wow.c:190:25: note: in expansion of macro ‘memcpy’
>   190 |                         memcpy(pat, eth_pat, eth_pat_len);
>       |                         ^~~~~~
> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551605 or more bytes at offsets 0 and 0 overlaps 9223372036854775787 bytes at offset -9223372036854775798 [-Werror=restrict]
>   114 | #define __underlying_memcpy     __builtin_memcpy
>       |                                 ^
> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>       |         ^~~~~~~~~~~~~
> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>       |                          ^~~~~~~~~~~~~~~~~~~~
> drivers/net/wireless/ath/ath12k/wow.c:232:25: note: in expansion of macro ‘memcpy’
>   232 |                         memcpy(pat, eth_pat, eth_pat_len);
>       |                         ^~~~~~
> 
> The sum of size_t operands can overflow SIZE_MAX, triggering the
> warning.
> Address the issue using the suitable helper.
> 
> Fixes: 4a3c212eee0e ("wifi: ath12k: add basic WoW functionalities")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
> Only built tested. Sending directly to net to reduce the RTT, but no
> objections to go through the WiFi tree first

Since Kalle is on holiday please go ahead and take this via net.
This looks nicer than Kalle's version :)

Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
patchwork-bot+netdevbpf@kernel.org July 16, 2024, 3 p.m. UTC | #6 
Hello:

This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Tue, 16 Jul 2024 13:06:39 +0200 you wrote:
> gcc 11.4.1-3 warns about memcpy() with overlapping pointers:
> 
> drivers/net/wireless/ath/ath12k/wow.c: In function ‘ath12k_wow_convert_8023_to_80211.constprop’:
> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551611 or more bytes at offsets 0 and 0 overlaps 9223372036854775799 bytes at offset -9223372036854775804 [-Werror=restrict]
>   114 | #define __underlying_memcpy     __builtin_memcpy
>       |                                 ^
> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>       |         ^~~~~~~~~~~~~
> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>       |                          ^~~~~~~~~~~~~~~~~~~~
> drivers/net/wireless/ath/ath12k/wow.c:190:25: note: in expansion of macro ‘memcpy’
>   190 |                         memcpy(pat, eth_pat, eth_pat_len);
>       |                         ^~~~~~
> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551605 or more bytes at offsets 0 and 0 overlaps 9223372036854775787 bytes at offset -9223372036854775798 [-Werror=restrict]
>   114 | #define __underlying_memcpy     __builtin_memcpy
>       |                                 ^
> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>       |         ^~~~~~~~~~~~~
> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>       |                          ^~~~~~~~~~~~~~~~~~~~
> drivers/net/wireless/ath/ath12k/wow.c:232:25: note: in expansion of macro ‘memcpy’
>   232 |                         memcpy(pat, eth_pat, eth_pat_len);
>       |                         ^~~~~~
> 
> [...]

Here is the summary with links:
  - [net] wifi: ath12k: fix build vs old compiler
    https://git.kernel.org/netdev/net-next/c/b49991d83bba

You are awesome, thank you!
Paul E. McKenney July 16, 2024, 3:39 p.m. UTC | #7 
On Tue, Jul 16, 2024 at 07:36:40AM -0700, Kees Cook wrote:
> 
> 
> On July 16, 2024 7:03:55 AM PDT, Jeff Johnson <quic_jjohnson@quicinc.com> wrote:
> >On 7/16/2024 7:00 AM, Jeff Johnson wrote:
> >> On 7/16/2024 4:06 AM, Paolo Abeni wrote:
> >>> gcc 11.4.1-3 warns about memcpy() with overlapping pointers:
> >>>
> >>> drivers/net/wireless/ath/ath12k/wow.c: In function ‘ath12k_wow_convert_8023_to_80211.constprop’:
> >>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551611 or more bytes at offsets 0 and 0 overlaps 9223372036854775799 bytes at offset -9223372036854775804 [-Werror=restrict]
> >>>   114 | #define __underlying_memcpy     __builtin_memcpy
> >>>       |                                 ^
> >>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
> >>>   637 |         __underlying_##op(p, q, __fortify_size);                        \
> >>>       |         ^~~~~~~~~~~~~
> >>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
> >>>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
> >>>       |                          ^~~~~~~~~~~~~~~~~~~~
> >>> drivers/net/wireless/ath/ath12k/wow.c:190:25: note: in expansion of macro ‘memcpy’
> >>>   190 |                         memcpy(pat, eth_pat, eth_pat_len);
> >>>       |                         ^~~~~~
> >>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’ accessing 18446744073709551605 or more bytes at offsets 0 and 0 overlaps 9223372036854775787 bytes at offset -9223372036854775798 [-Werror=restrict]
> >>>   114 | #define __underlying_memcpy     __builtin_memcpy
> >>>       |                                 ^
> >>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro ‘__underlying_memcpy’
> >>>   637 |         __underlying_##op(p, q, __fortify_size);                        \
> >>>       |         ^~~~~~~~~~~~~
> >>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro ‘__fortify_memcpy_chk’
> >>>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
> >>>       |                          ^~~~~~~~~~~~~~~~~~~~
> >>> drivers/net/wireless/ath/ath12k/wow.c:232:25: note: in expansion of macro ‘memcpy’
> >>>   232 |                         memcpy(pat, eth_pat, eth_pat_len);
> >>>       |                         ^~~~~~
> >>>
> >>> The sum of size_t operands can overflow SIZE_MAX, triggering the
> >>> warning.
> >>> Address the issue using the suitable helper.
> >>>
> >>> Fixes: 4a3c212eee0e ("wifi: ath12k: add basic WoW functionalities")
> >>> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> >>> ---
> >>> Only built tested. Sending directly to net to reduce the RTT, but no
> >>> objections to go through the WiFi tree first
> >>> ---
> >>>  drivers/net/wireless/ath/ath12k/wow.c | 4 ++--
> >>>  1 file changed, 2 insertions(+), 2 deletions(-)
> >>>
> >>> diff --git a/drivers/net/wireless/ath/ath12k/wow.c b/drivers/net/wireless/ath/ath12k/wow.c
> >>> index c5cba825a84a..bead19db2c9a 100644
> >>> --- a/drivers/net/wireless/ath/ath12k/wow.c
> >>> +++ b/drivers/net/wireless/ath/ath12k/wow.c
> >>> @@ -186,7 +186,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
> >>>  	if (eth_pkt_ofs < ETH_ALEN) {
> >>>  		pkt_ofs = eth_pkt_ofs + a1_ofs;
> >>>  
> >>> -		if (eth_pkt_ofs + eth_pat_len < ETH_ALEN) {
> >>> +		if (size_add(eth_pkt_ofs, eth_pat_len) < ETH_ALEN) {
> >>>  			memcpy(pat, eth_pat, eth_pat_len);
> >>>  			memcpy(bytemask, eth_bytemask, eth_pat_len);
> >>>  
> >>> @@ -228,7 +228,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
> >>>  	} else if (eth_pkt_ofs < prot_ofs) {
> >>>  		pkt_ofs = eth_pkt_ofs - ETH_ALEN + a3_ofs;
> >>>  
> >>> -		if (eth_pkt_ofs + eth_pat_len < prot_ofs) {
> >>> +		if (size_add(eth_pkt_ofs, eth_pat_len) < prot_ofs) {
> >>>  			memcpy(pat, eth_pat, eth_pat_len);
> >>>  			memcpy(bytemask, eth_bytemask, eth_pat_len);
> >>>  
> >> 
> >> Duplicate of https://msgid.link/20240704144341.207317-1-kvalo@kernel.org ??
> >
> >Let me add Kees & Paul to see if they prefer your solution
> 
> Heh, yeah, that works too! Avoid the overflow via saturating addition.
> 
> Reviewed-by: Kees Cook<kees@kernel.org>

Tested-by: Paul E. McKenney <paulmck@kernel.org>

I have no preference between the two, but it would be really nice if a
fix were to hit both -next and mainline sooner rather than later.  ;-)

							Thanx, Paul
Kalle Valo July 31, 2024, 4:11 p.m. UTC | #8 
Jeff Johnson <quic_jjohnson@quicinc.com> writes:

> On 7/16/2024 4:06 AM, Paolo Abeni wrote:
>
>> gcc 11.4.1-3 warns about memcpy() with overlapping pointers:
>> 
>> drivers/net/wireless/ath/ath12k/wow.c: In function
>> ‘ath12k_wow_convert_8023_to_80211.constprop’:
>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’
>> accessing 18446744073709551611 or more bytes at offsets 0 and 0
>> overlaps 9223372036854775799 bytes at offset -9223372036854775804
>> [-Werror=restrict]
>>   114 | #define __underlying_memcpy     __builtin_memcpy
>>       |                                 ^
>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro
>> ‘__underlying_memcpy’
>>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>>       |         ^~~~~~~~~~~~~
>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro
>> ‘__fortify_memcpy_chk’
>>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>>       |                          ^~~~~~~~~~~~~~~~~~~~
>> drivers/net/wireless/ath/ath12k/wow.c:190:25: note: in expansion of macro ‘memcpy’
>>   190 |                         memcpy(pat, eth_pat, eth_pat_len);
>>       |                         ^~~~~~
>> ./include/linux/fortify-string.h:114:33: error: ‘__builtin_memcpy’
>> accessing 18446744073709551605 or more bytes at offsets 0 and 0
>> overlaps 9223372036854775787 bytes at offset -9223372036854775798
>> [-Werror=restrict]
>>   114 | #define __underlying_memcpy     __builtin_memcpy
>>       |                                 ^
>> ./include/linux/fortify-string.h:637:9: note: in expansion of macro
>> ‘__underlying_memcpy’
>>   637 |         __underlying_##op(p, q, __fortify_size);                        \
>>       |         ^~~~~~~~~~~~~
>> ./include/linux/fortify-string.h:682:26: note: in expansion of macro
>> ‘__fortify_memcpy_chk’
>>   682 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
>>       |                          ^~~~~~~~~~~~~~~~~~~~
>> drivers/net/wireless/ath/ath12k/wow.c:232:25: note: in expansion of macro ‘memcpy’
>>   232 |                         memcpy(pat, eth_pat, eth_pat_len);
>>       |                         ^~~~~~
>> 
>> The sum of size_t operands can overflow SIZE_MAX, triggering the
>> warning.
>> Address the issue using the suitable helper.
>> 
>> Fixes: 4a3c212eee0e ("wifi: ath12k: add basic WoW functionalities")
>> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
>> ---
>> Only built tested. Sending directly to net to reduce the RTT, but no
>> objections to go through the WiFi tree first
>
> Since Kalle is on holiday please go ahead and take this via net.
> This looks nicer than Kalle's version :)

Indeed, this is nicer. Thanks Paolo!
diff mbox series

Patch

diff --git a/drivers/net/wireless/ath/ath12k/wow.c b/drivers/net/wireless/ath/ath12k/wow.c
index c5cba825a84a..bead19db2c9a 100644
--- a/drivers/net/wireless/ath/ath12k/wow.c
+++ b/drivers/net/wireless/ath/ath12k/wow.c
@@ -186,7 +186,7 @@  ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
 	if (eth_pkt_ofs < ETH_ALEN) {
 		pkt_ofs = eth_pkt_ofs + a1_ofs;
 
-		if (eth_pkt_ofs + eth_pat_len < ETH_ALEN) {
+		if (size_add(eth_pkt_ofs, eth_pat_len) < ETH_ALEN) {
 			memcpy(pat, eth_pat, eth_pat_len);
 			memcpy(bytemask, eth_bytemask, eth_pat_len);
 
@@ -228,7 +228,7 @@  ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
 	} else if (eth_pkt_ofs < prot_ofs) {
 		pkt_ofs = eth_pkt_ofs - ETH_ALEN + a3_ofs;
 
-		if (eth_pkt_ofs + eth_pat_len < prot_ofs) {
+		if (size_add(eth_pkt_ofs, eth_pat_len) < prot_ofs) {
 			memcpy(pat, eth_pat, eth_pat_len);
 			memcpy(bytemask, eth_bytemask, eth_pat_len);