From: kernel test robot <lkp@intel.com>
To: Paul Moore <paul@paul-moore.com>
Cc: oe-kbuild-all@lists.linux.dev
Subject: [linux-next:master 4380/4439] include/linux/fortify-string.h:293:17: error: call to '__write_overflow' declared with attribute error: detected write beyond size of object (1st parameter)
Date: Thu, 17 Oct 2024 14:28:37 +0800 [thread overview]
Message-ID: <202410171420.1V00ICVG-lkp@intel.com> (raw)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 15e7d45e786a62a211dd0098fee7c57f84f8c681
commit: dfdb07df2ab66ff4fd2f82039e871e7ab922dc81 [4380/4439] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
config: x86_64-randconfig-005-20241017 (https://download.01.org/0day-ci/archive/20241017/202410171420.1V00ICVG-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241017/202410171420.1V00ICVG-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202410171420.1V00ICVG-lkp@intel.com/
All errors (new ones prefixed by >>):
In file included from include/linux/string.h:390,
from include/linux/bitmap.h:13,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/spinlock.h:63,
from include/linux/wait.h:9,
from include/linux/wait_bit.h:8,
from include/linux/fs.h:6,
from kernel/auditsc.c:37:
In function 'sized_strscpy',
inlined from '__audit_ptrace' at kernel/auditsc.c:2732:2:
>> include/linux/fortify-string.h:293:17: error: call to '__write_overflow' declared with attribute error: detected write beyond size of object (1st parameter)
293 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
In function 'sized_strscpy',
inlined from 'audit_signal_info_syscall' at kernel/auditsc.c:2759:3:
>> include/linux/fortify-string.h:293:17: error: call to '__write_overflow' declared with attribute error: detected write beyond size of object (1st parameter)
293 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
vim +/__write_overflow +293 include/linux/fortify-string.h
a28a6e860c6cf2 Francis Laniel 2021-02-25 274
03699f271de1f4 Kees Cook 2022-09-02 275 /* Defined after fortified strnlen() to reuse it. */
e6584c3964f2ff Kees Cook 2023-09-20 276 extern ssize_t __real_strscpy(char *, const char *, size_t) __RENAME(sized_strscpy);
e6584c3964f2ff Kees Cook 2023-09-20 277 __FORTIFY_INLINE ssize_t sized_strscpy(char * const POS p, const char * const POS q, size_t size)
a28a6e860c6cf2 Francis Laniel 2021-02-25 278 {
a28a6e860c6cf2 Francis Laniel 2021-02-25 279 /* Use string size rather than possible enclosing struct size. */
21a2c74b0a2a78 Kees Cook 2023-04-07 280 const size_t p_size = __member_size(p);
21a2c74b0a2a78 Kees Cook 2023-04-07 281 const size_t q_size = __member_size(q);
21a2c74b0a2a78 Kees Cook 2023-04-07 282 size_t len;
a28a6e860c6cf2 Francis Laniel 2021-02-25 283
a28a6e860c6cf2 Francis Laniel 2021-02-25 284 /* If we cannot get size of p and q default to call strscpy. */
311fb40aa0569a Kees Cook 2022-09-02 285 if (p_size == SIZE_MAX && q_size == SIZE_MAX)
a28a6e860c6cf2 Francis Laniel 2021-02-25 286 return __real_strscpy(p, q, size);
a28a6e860c6cf2 Francis Laniel 2021-02-25 287
a28a6e860c6cf2 Francis Laniel 2021-02-25 288 /*
a28a6e860c6cf2 Francis Laniel 2021-02-25 289 * If size can be known at compile time and is greater than
a28a6e860c6cf2 Francis Laniel 2021-02-25 290 * p_size, generate a compile time write overflow error.
a28a6e860c6cf2 Francis Laniel 2021-02-25 291 */
fa35198f39571b Kees Cook 2022-09-19 292 if (__compiletime_lessthan(p_size, size))
a28a6e860c6cf2 Francis Laniel 2021-02-25 @293 __write_overflow();
a28a6e860c6cf2 Francis Laniel 2021-02-25 294
62e1cbfc5d7953 Kees Cook 2022-10-02 295 /* Short-circuit for compile-time known-safe lengths. */
62e1cbfc5d7953 Kees Cook 2022-10-02 296 if (__compiletime_lessthan(p_size, SIZE_MAX)) {
62e1cbfc5d7953 Kees Cook 2022-10-02 297 len = __compiletime_strlen(q);
62e1cbfc5d7953 Kees Cook 2022-10-02 298
62e1cbfc5d7953 Kees Cook 2022-10-02 299 if (len < SIZE_MAX && __compiletime_lessthan(len, size)) {
62e1cbfc5d7953 Kees Cook 2022-10-02 300 __underlying_memcpy(p, q, len + 1);
62e1cbfc5d7953 Kees Cook 2022-10-02 301 return len;
62e1cbfc5d7953 Kees Cook 2022-10-02 302 }
62e1cbfc5d7953 Kees Cook 2022-10-02 303 }
62e1cbfc5d7953 Kees Cook 2022-10-02 304
a28a6e860c6cf2 Francis Laniel 2021-02-25 305 /*
a28a6e860c6cf2 Francis Laniel 2021-02-25 306 * This call protects from read overflow, because len will default to q
a28a6e860c6cf2 Francis Laniel 2021-02-25 307 * length if it smaller than size.
a28a6e860c6cf2 Francis Laniel 2021-02-25 308 */
a28a6e860c6cf2 Francis Laniel 2021-02-25 309 len = strnlen(q, size);
a28a6e860c6cf2 Francis Laniel 2021-02-25 310 /*
a28a6e860c6cf2 Francis Laniel 2021-02-25 311 * If len equals size, we will copy only size bytes which leads to
a28a6e860c6cf2 Francis Laniel 2021-02-25 312 * -E2BIG being returned.
a28a6e860c6cf2 Francis Laniel 2021-02-25 313 * Otherwise we will copy len + 1 because of the final '\O'.
a28a6e860c6cf2 Francis Laniel 2021-02-25 314 */
a28a6e860c6cf2 Francis Laniel 2021-02-25 315 len = len == size ? size : len + 1;
a28a6e860c6cf2 Francis Laniel 2021-02-25 316
a28a6e860c6cf2 Francis Laniel 2021-02-25 317 /*
a28a6e860c6cf2 Francis Laniel 2021-02-25 318 * Generate a runtime write overflow error if len is greater than
a28a6e860c6cf2 Francis Laniel 2021-02-25 319 * p_size.
a28a6e860c6cf2 Francis Laniel 2021-02-25 320 */
3d965b33e40d97 Kees Cook 2023-04-07 321 if (p_size < len)
3d965b33e40d97 Kees Cook 2023-04-07 322 fortify_panic(FORTIFY_FUNC_strscpy, FORTIFY_WRITE, p_size, len, -E2BIG);
a28a6e860c6cf2 Francis Laniel 2021-02-25 323
a28a6e860c6cf2 Francis Laniel 2021-02-25 324 /*
a28a6e860c6cf2 Francis Laniel 2021-02-25 325 * We can now safely call vanilla strscpy because we are protected from:
a28a6e860c6cf2 Francis Laniel 2021-02-25 326 * 1. Read overflow thanks to call to strnlen().
a28a6e860c6cf2 Francis Laniel 2021-02-25 327 * 2. Write overflow thanks to above ifs.
a28a6e860c6cf2 Francis Laniel 2021-02-25 328 */
a28a6e860c6cf2 Francis Laniel 2021-02-25 329 return __real_strscpy(p, q, len);
a28a6e860c6cf2 Francis Laniel 2021-02-25 330 }
a28a6e860c6cf2 Francis Laniel 2021-02-25 331
:::::: The code at line 293 was first introduced by commit
:::::: a28a6e860c6cf231cf3c5171c75c342adcd00406 string.h: move fortified functions definitions in a dedicated header.
:::::: TO: Francis Laniel <laniel_francis@privacyrequired.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2024-10-17 6:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-17 6:28 kernel test robot [this message]
2024-10-17 14:48 ` Fwd: [linux-next:master 4380/4439] include/linux/fortify-string.h:293:17: error: call to '__write_overflow' declared with attribute error: detected write beyond size of object (1st parameter) Paul Moore
2024-10-17 16:07 ` Kees Cook
2024-10-17 16:23 ` Kees Cook
2024-10-17 16:48 ` Kees Cook
2024-10-17 18:00 ` Kees Cook
2024-10-21 3:48 ` Yafang Shao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202410171420.1V00ICVG-lkp@intel.com \
--to=lkp@intel.com \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.