From: Stanislaw Gruszka <stf_xl@wp.pl>
To: Xose Vazquez Perez <xose.vazquez@gmail.com>
Cc: linux-wireless@vger.kernel.org, Kees Cook <keescook@chromium.org>
Subject: Re: [WARNING] memcpy: detected field-spanning write (size 1005) of single field "&out_cmd->cmd.payload" at drivers/net/wireless/intel/iwlegacy/common.c:3173 (size 320)
Date: Sat, 18 May 2024 11:29:39 +0200 [thread overview]
Message-ID: <20240518092939.GA643846@wp.pl> (raw)
In-Reply-To: <2c534d01-449a-43f4-9216-eacdb3b35577@gmail.com>
Hi
On Fri, Apr 12, 2024 at 07:48:39PM +0200, Xose Vazquez Perez wrote:
> Hi,
>
> In Fedora kernel 6.8.5-301.fc40.x86_64, dmesg shows:
>
> [ device: 03:00.0 Network controller [0280]: Intel Corporation PRO/Wireless 4965 AG or AGN [Kedron] Network Connection [8086:4230] (rev 61) ]
>
> Thanks.
>
> [ 53.407607] ------------[ cut here ]------------
> [ 53.407622] memcpy: detected field-spanning write (size 1005) of single field "&out_cmd->cmd.payload" at drivers/net/wireless/intel/iwlegacy/common.c:3173 (size 320)
> [ 53.407721] WARNING: CPU: 1 PID: 1632 at drivers/net/wireless/intel/iwlegacy/common.c:3173 il_enqueue_hcmd+0x477/0x560 [iwlegacy]
For CMD_SIZE_HUGE we have allocated 4k, so we do not do anything wrong.
Except maybe code is convoluted, since we use same structure for
huge and small il_device_cmd allocations.
But I'm thinking how to fix this fortify warning without refactoring and
some extra runtime cost ...
Xose, could you test below patch? I did not tested it, but I think
it should make this particular warning gone and does not break
anything. But maybe it will trigger some others fortify warnings.
Regards
Stanislaw
diff --git a/drivers/net/wireless/intel/iwlegacy/common.c b/drivers/net/wireless/intel/iwlegacy/common.c
index 9d33a66a49b5..c4ccc5df6419 100644
--- a/drivers/net/wireless/intel/iwlegacy/common.c
+++ b/drivers/net/wireless/intel/iwlegacy/common.c
@@ -3170,7 +3170,7 @@ il_enqueue_hcmd(struct il_priv *il, struct il_host_cmd *cmd)
out_meta->callback = cmd->callback;
out_cmd->hdr.cmd = cmd->id;
- memcpy(&out_cmd->cmd.payload, cmd->data, cmd->len);
+ memcpy(&out_cmd->hdr.data, cmd->data, cmd->len);
/* At this point, the out_cmd now has all of the incoming cmd
* information */
next prev parent reply other threads:[~2024-05-18 9:36 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-12 17:48 [WARNING] memcpy: detected field-spanning write (size 1005) of single field "&out_cmd->cmd.payload" at drivers/net/wireless/intel/iwlegacy/common.c:3173 (size 320) Xose Vazquez Perez
2024-05-18 9:29 ` Stanislaw Gruszka [this message]
2024-05-18 17:48 ` Kees Cook
2024-05-20 7:32 ` Stanislaw Gruszka
2024-05-20 11:45 ` Johannes Berg
2024-05-20 15:08 ` Stanislaw Gruszka
2024-05-20 15:10 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240518092939.GA643846@wp.pl \
--to=stf_xl@wp.pl \
--cc=keescook@chromium.org \
--cc=linux-wireless@vger.kernel.org \
--cc=xose.vazquez@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.