[PATCH] ovl: Use "buf" flexible array for memcpy() destination

[PATCH] ovl: Use "buf" flexible array for memcpy() destination

[Kees Cook]

The "buf" flexible array needs to be the memcpy() destination to avoid
false positive run-time warning from the recent FORTIFY_SOURCE
hardening:

  memcpy: detected field-spanning write (size 93) of single field "&fh->fb" at fs/overlayfs/export.c:799 (size 21)

Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: linux-unionfs@vger.kernel.org
Reported-by: syzbot+9d14351a171d0d1c7955@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/000000000000763a6c05e95a5985@google.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 fs/overlayfs/export.c    | 2 +-
 fs/overlayfs/overlayfs.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c
index e065a5b9a442..ac9c3ad04016 100644
--- a/fs/overlayfs/export.c
+++ b/fs/overlayfs/export.c
@@ -796,7 +796,7 @@ static struct ovl_fh *ovl_fid_to_fh(struct fid *fid, int buflen, int fh_type)
 		return ERR_PTR(-ENOMEM);
 
 	/* Copy unaligned inner fh into aligned buffer */
-	memcpy(&fh->fb, fid, buflen - OVL_FH_WIRE_OFFSET);
+	memcpy(fh->buf, fid, buflen - OVL_FH_WIRE_OFFSET);
 	return fh;
 }
 
diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
index 87759165d32b..a0e450313ea4 100644
--- a/fs/overlayfs/overlayfs.h
+++ b/fs/overlayfs/overlayfs.h
@@ -108,7 +108,7 @@ struct ovl_fh {
 	u8 padding[3];	/* make sure fb.fid is 32bit aligned */
 	union {
 		struct ovl_fb fb;
-		u8 buf[0];
+		DECLARE_FLEX_ARRAY(u8, buf);
 	};
 } __packed;
 
-- 
2.34.1

Re: [PATCH] ovl: Use "buf" flexible array for memcpy() destination

[Gustavo A. R. Silva]

On Sat, Sep 24, 2022 at 12:33:15AM -0700, Kees Cook wrote:
> The "buf" flexible array needs to be the memcpy() destination to avoid
> false positive run-time warning from the recent FORTIFY_SOURCE
> hardening:
> 
>   memcpy: detected field-spanning write (size 93) of single field "&fh->fb" at fs/overlayfs/export.c:799 (size 21)
> 
> Cc: Miklos Szeredi <miklos@szeredi.hu>
> Cc: linux-unionfs@vger.kernel.org
> Reported-by: syzbot+9d14351a171d0d1c7955@syzkaller.appspotmail.com
> Link: https://lore.kernel.org/all/000000000000763a6c05e95a5985@google.com/
> Signed-off-by: Kees Cook <keescook@chromium.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Thanks!
--
Gustavo

> ---
>  fs/overlayfs/export.c    | 2 +-
>  fs/overlayfs/overlayfs.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c
> index e065a5b9a442..ac9c3ad04016 100644
> --- a/fs/overlayfs/export.c
> +++ b/fs/overlayfs/export.c
> @@ -796,7 +796,7 @@ static struct ovl_fh *ovl_fid_to_fh(struct fid *fid, int buflen, int fh_type)
>  		return ERR_PTR(-ENOMEM);
>  
>  	/* Copy unaligned inner fh into aligned buffer */
> -	memcpy(&fh->fb, fid, buflen - OVL_FH_WIRE_OFFSET);
> +	memcpy(fh->buf, fid, buflen - OVL_FH_WIRE_OFFSET);
>  	return fh;
>  }
>  
> diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
> index 87759165d32b..a0e450313ea4 100644
> --- a/fs/overlayfs/overlayfs.h
> +++ b/fs/overlayfs/overlayfs.h
> @@ -108,7 +108,7 @@ struct ovl_fh {
>  	u8 padding[3];	/* make sure fb.fid is 32bit aligned */
>  	union {
>  		struct ovl_fb fb;
> -		u8 buf[0];
> +		DECLARE_FLEX_ARRAY(u8, buf);
>  	};
>  } __packed;
>  
> -- 
> 2.34.1
>