Re: [PATCH v2] powernv/opal-prd: Silence memcpy() run-time false positive warnings

[Michael Ellerman <mpe@ellerman.id.au>]

matoro <matoro_mailinglist_kernel@matoro.tk> writes:
> On 2023-08-15 06:47, Michael Ellerman wrote:
>> Joel Stanley <joel@jms.id.au> writes:
>>> On Fri, 7 Jul 2023 at 05:11, Mahesh Salgaonkar <mahesh@linux.ibm.com> 
>>> wrote:
>>>> 
>>>> opal_prd_msg_notifier extracts the opal prd message size from the message
>>>> header and uses it for allocating opal_prd_msg_queue_item that includes
>>>> the correct message size to be copied. However, while running under
>>>> CONFIG_FORTIFY_SOURCE=y, it triggers following run-time warning:
>>>> 
>>>> [ 6458.234352] memcpy: detected field-spanning write (size 32) of single 
>>>> field "&item->msg" at arch/powerpc/platforms/powernv/opal-prd.c:355 (size 
>>>> 4)
>>>> [ 6458.234390] WARNING: CPU: 9 PID: 660 at 
>>>> arch/powerpc/platforms/powernv/opal-prd.c:355 
>>>> opal_prd_msg_notifier+0x174/0x188 [opal_prd]
>>>> [...]
>>>> [ 6458.234709] NIP [c00800000e0c0e6c] opal_prd_msg_notifier+0x174/0x188 
>>>> [opal_prd]
>>>> [ 6458.234723] LR [c00800000e0c0e68] opal_prd_msg_notifier+0x170/0x188 
>>>> [opal_prd]
>>>> [ 6458.234736] Call Trace:
>>>> [ 6458.234742] [c0000002acb23c10] [c00800000e0c0e68] 
>>>> opal_prd_msg_notifier+0x170/0x188 [opal_prd] (unreliable)
>>>> [ 6458.234759] [c0000002acb23ca0] [c00000000019ccc0] 
>>>> notifier_call_chain+0xc0/0x1b0
>>>> [ 6458.234774] [c0000002acb23d00] [c00000000019ceac] 
>>>> atomic_notifier_call_chain+0x2c/0x40
>>>> [ 6458.234788] [c0000002acb23d20] [c0000000000d69b4] 
>>>> opal_message_notify+0xf4/0x2c0
>>>> [...]
>>>> 
>>>> Split the copy to avoid false positive run-time warning.
>>>> 
>>>> Reported-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
>>>> Signed-off-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
>>> 
>>> I hit this on a box running the Ubuntu 6.2.0-27-generic kernel.
>>> 
>>> Do we plan on merging this fix?
>> 
>> I thought it was papering over the issue rather than fixing the root
>> cause.
>> 
>> I'll send a new version, as soon as I can work out how to trigger that
>> code path.
>> 
>> cheers
>
> Hi, I see this was still not accepted.  I was able to trigger this simply by 
> starting the opal-prd userspace daemon.
> Restarting the service does not re-trigger the warning, however.

It should be fixed by:

  https://git.kernel.org/torvalds/c/feea65a338e52297b68ceb688eaf0ffc50310a83

Which went into v6.6.

> [Wed Nov 15 14:01:06 2023] i2c_dev: i2c /dev entries driver
> [Wed Nov 15 14:01:07 2023] ------------[ cut here ]------------
> [Wed Nov 15 14:01:07 2023] memcpy: detected field-spanning write (size 32) of 
> single field "&item->msg" at arch/powerpc/platforms/powernv/opal-prd.c:355 
> (size 4)
> [Wed Nov 15 14:01:07 2023] WARNING: CPU: 5 PID: 379 at 
> arch/powerpc/platforms/powernv/opal-prd.c:355 0xc008000000640b1c
> [Wed Nov 15 14:01:07 2023] Modules linked in: i2c_dev loop vhost_net vhost 
> vhost_iotlb tap kvm_hv kvm bridge rpcsec_gss_krb5 auth_rpcgss tun nfsv4 
> dns_resolver nfs lockd grace sunrpc fscache netfs cfg80211 rfkill 8021q garp 
> mrp stp llc nft_masq nft_chain_nat nft_reject_inet nf_reject_ipv4 
> nf_reject_ipv6 nft_reject nft_ct binfmt_misc nbd wireguard 
> libcurve25519_generic ip6_udp_tunnel udp_tunnel nft_nat nf_tables nfnetlink 
> nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 at24 ast i2c_algo_bit 
> drm_shmem_helper joydev ftdi_sio crct10dif_vpmsum onboard_usb_hub ofpart 
> drm_kms_helper ipmi_powernv rtc_opal ipmi_devintf powernv_flash 
> ipmi_msghandler mtd opal_prd i2c_opal vmx_crypto nvme crc32c_vpmsum tg3 
> nvme_core ixgbe nvme_common mdio
> [Wed Nov 15 14:01:07 2023] CPU: 5 PID: 379 Comm: kopald Not tainted 
> 6.5.9-gentoo-dist #1

I'll request a back port of the fix to 6.5 stable.

cheers