From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C4E0DC3DA4A for ; Mon, 19 Aug 2024 10:36:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:In-Reply-To: Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=5RS/8IXmDYytxTnaRoG4zuXT/JY/Nw92m5oe0sUVRNI=; b=eRqwPYOF4z3O3xcDFXCopcDGiP Qc1lYYs3Df6jNtvoluT4lYEA/ULWds97CqilXcaWbFfSb6lq3/+s1lP3B+Gdd6hJ+U/GfhNNbWlUG Aufv6i3Ehera5dwLL7WrheL1R1OjQkjZGYMOQnl+FKTsuxhjMgmj6r6FCosipHl53Ij4VF/eXMvi6 K2OOvwSuUNBghevKMs2UaB4UU52oEAdf7ltoszH1CXbKLIV5SZ0EWe5pKi7AtFPyOG9eM+KyuGJQr 5yGmxNoGsNF0Tg1dM66qD6x782adK5FXJ5ejMWiKFNuwVTwE3A9ngy+jPXBviB3droaMGae/9gjWQ gmBYBgQw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sfzkf-000000017wz-0Gun; Mon, 19 Aug 2024 10:36:41 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sfzjA-000000017fS-2wWs for linux-arm-kernel@lists.infradead.org; Mon, 19 Aug 2024 10:35:10 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0AFD6339; Mon, 19 Aug 2024 03:35:32 -0700 (PDT) Received: from bogus (e107155-lin.cambridge.arm.com [10.1.196.87]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 41EAB3F73B; Mon, 19 Aug 2024 03:35:05 -0700 (PDT) Date: Mon, 19 Aug 2024 11:35:02 +0100 From: Sudeep Holla To: Jinjie Ruan Cc: , , Sudeep Holla Subject: Re: [PATCH -next] firmware: arm_ffa: Fix beyond size of field warning Message-ID: References: <20240816100258.2159447-1-ruanjinjie@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20240816100258.2159447-1-ruanjinjie@huawei.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240819_033508_804277_6C67DF96 X-CRM114-Status: GOOD ( 19.85 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, Aug 16, 2024 at 06:02:58PM +0800, Jinjie Ruan wrote: > An allmodconfig build of arm64 resulted in following warning: > > In function ‘fortify_memcpy_chk’, > inlined from ‘export_uuid’ at ./include/linux/uuid.h:88:2, > inlined from ‘ffa_msg_send_direct_req2’ at ./drivers/firmware/arm_ffa/driver.c:488:2: > ./include/linux/fortify-string.h:571:25: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] > 571 | __write_overflow_field(p_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > In function ‘fortify_memcpy_chk’, > inlined from ‘ffa_msg_send_direct_req2’ at ./drivers/firmware/arm_ffa/driver.c:489:2: > ./linux-next/include/linux/fortify-string.h:571:25: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] > 571 | __write_overflow_field(p_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Because ffa_msg_send_direct_req2() memcpy uuid_t and struct > ffa_send_direct_data2 data to unsigned long dst, the copy size is 2 or > or 14 unsigned long which beyond size of dst size, fix it by using a temp > array for memcpy. > > Signed-off-by: Jinjie Ruan > --- > drivers/firmware/arm_ffa/driver.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c > index 1e3764852118..674fbe008ea6 100644 > --- a/drivers/firmware/arm_ffa/driver.c > +++ b/drivers/firmware/arm_ffa/driver.c > @@ -480,13 +480,23 @@ static int ffa_msg_send2(u16 src_id, u16 dst_id, void *buf, size_t sz) > static int ffa_msg_send_direct_req2(u16 src_id, u16 dst_id, const uuid_t *uuid, > struct ffa_send_direct_data2 *data) > { > + unsigned long args_data[14]; > + unsigned long args_uuid[2]; > + unsigned long *data_ptr; > + > u32 src_dst_ids = PACK_TARGET_INFO(src_id, dst_id); > ffa_value_t ret, args = { > .a0 = FFA_MSG_SEND_DIRECT_REQ2, .a1 = src_dst_ids, > }; > > - export_uuid((u8 *)&args.a2, uuid); > - memcpy(&args.a4, data, sizeof(*data)); > + memcpy(args_uuid, uuid, sizeof(uuid_t)); > + args.a2 = args_uuid[0]; > + args.a3 = args_uuid[1]; > + > + memcpy(args_data, data, sizeof(*data)); > + data_ptr = &args.a4; > + for (int i = 0; i < 14; i++) > + *data_ptr++ = args_data[i]; > So we end up with double copy for both uuid and ffa_send_direct_data2 ? This is not correct and not needed. Which toolchain are you using ? I got error only for memcpy which I forgot to push to -next, now fixed. It must appear in -next soon. -- Regards, Sudeep