[PATCH] bluetooth: bnep: fix fortify warning

[PATCH] bluetooth: bnep: fix fortify warning

[Dmitry Antipov]

When compiling with gcc version 14.0.0 20231206 (experimental)
and CONFIG_FORTIFY_SOURCE=y, I've noticed the following warning:

In function 'fortify_memcpy_chk',
    inlined from '__skb_put_data' at ./include/linux/skbuff.h:2599:2,
    inlined from 'bnep_rx_frame.isra' at net/bluetooth/bnep/core.c:388:3:
./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Wattribute-warning]
  588 |                         __read_overflow2_field(q_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There is a 'memcpy()' call underneath '__skb_put_data()', and the former
is interpreted as an attempt to copy ETH_ALEN + 2 (which is 8) bytes from
the 6-byte 'h_source' field of 'struct ethhdr', which causes an overread
warning. The convenient way to avoid it is to use 'struct_group()', i.e.:

struct ethhdr {
	unsigned char	h_dest[ETH_ALEN];
	struct_group(xxx,
	        unsigned char	h_source[ETH_ALEN];
	        __be16		h_proto;
        );
} __attribute__((packed));

But since 'struct ethhdr' is a fundamental type and most likely it would be
a bad idea to mess it up that way just for the sake of a few bluetooth bits,
I would suggest an ad-hoc quirk instead.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
---
 net/bluetooth/bnep/core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 5a6a49885ab6..8edceb4d2a4f 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -385,7 +385,8 @@ static int bnep_rx_frame(struct bnep_session *s, struct sk_buff *skb)
 
 	case BNEP_COMPRESSED_DST_ONLY:
 		__skb_put_data(nskb, skb_mac_header(skb), ETH_ALEN);
-		__skb_put_data(nskb, s->eh.h_source, ETH_ALEN + 2);
+		__skb_put_data(nskb, (unsigned char *)&s->eh + ETH_ALEN,
+			       ETH_ALEN + 2);
 		break;
 
 	case BNEP_GENERAL:
-- 
2.43.0

RE: bluetooth: bnep: fix fortify warning

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 3401 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=809736

---Test result---

Test Summary:
CheckPatch                    FAIL      1.01 seconds
GitLint                       FAIL      0.60 seconds
SubjectPrefix                 FAIL      0.41 seconds
BuildKernel                   PASS      27.56 seconds
CheckAllWarning               PASS      30.03 seconds
CheckSparse                   PASS      35.48 seconds
CheckSmatch                   PASS      99.17 seconds
BuildKernel32                 PASS      26.55 seconds
TestRunnerSetup               PASS      419.22 seconds
TestRunner_l2cap-tester       PASS      23.17 seconds
TestRunner_iso-tester         PASS      45.35 seconds
TestRunner_bnep-tester        PASS      6.93 seconds
TestRunner_mgmt-tester        PASS      161.37 seconds
TestRunner_rfcomm-tester      PASS      10.88 seconds
TestRunner_sco-tester         PASS      14.74 seconds
TestRunner_ioctl-tester       PASS      12.12 seconds
TestRunner_mesh-tester        PASS      8.76 seconds
TestRunner_smp-tester         PASS      12.01 seconds
TestRunner_userchan-tester    PASS      7.50 seconds
IncrementalBuild              PASS      25.79 seconds

Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
bluetooth: bnep: fix fortify warning
WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?)
#61: 
declared with attribute warning: detected read beyond size of field (2nd parameter);

total: 0 errors, 1 warnings, 0 checks, 9 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/src/13491578.patch has style problems, please review.

NOTE: Ignored message types: UNKNOWN_COMMIT_ID

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.


##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
bluetooth: bnep: fix fortify warning

WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
9: B1 Line exceeds max length (82>80): "./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'"
10: B1 Line exceeds max length (84>80): "declared with attribute warning: detected read beyond size of field (2nd parameter);"
21: B3 Line contains hard tab characters (\t): "	unsigned char	h_dest[ETH_ALEN];"
22: B3 Line contains hard tab characters (\t): "	struct_group(xxx,"
23: B3 Line contains hard tab characters (\t): "	        unsigned char	h_source[ETH_ALEN];"
24: B3 Line contains hard tab characters (\t): "	        __be16		h_proto;"
##############################
Test: SubjectPrefix - FAIL
Desc: Check subject contains "Bluetooth" prefix
Output:
"Bluetooth: " prefix is not specified in the subject


---
Regards,
Linux Bluetooth