[PATCH] cifssmb: use struct_offset in memcpy calculations

Linux CIFS filesystem development
 help / color / mirror / Atom feed

From: Rosen Penev <rosenp@gmail.com>
To: linux-cifs@vger.kernel.org
Cc: Steve French <sfrench@samba.org>,
	Paulo Alcantara <pc@manguebit.org>,
	Ronnie Sahlberg <ronniesahlberg@gmail.com>,
	Shyam Prasad N <sprasad@microsoft.com>,
	Tom Talpey <tom@talpey.com>, Bharath SM <bharathsm@microsoft.com>,
	samba-technical@lists.samba.org (moderated list:COMMON INTERNET
	FILE SYSTEM CLIENT (CIFS and SMB3)),
	linux-kernel@vger.kernel.org (open list)
Subject: [PATCH] cifssmb: use struct_offset in memcpy calculations
Date: Thu, 30 Apr 2026 15:06:01 -0700	[thread overview]
Message-ID: <20260430220601.76266-1-rosenp@gmail.com> (raw)

It seems W=1/FORTIFY_SOURCE is getting confused about the math here.

Use struct_offset to point FORTIFY_SOURCE to the correct place.

Remove response_data variables and directly apply to memcpy. Simpler
and avoids excess casting.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 fs/smb/client/cifssmb.c | 40 +++++++++++++---------------------------
 1 file changed, 13 insertions(+), 27 deletions(-)

diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c
index 3990a9012264..8598cec5ebbd 100644
--- a/fs/smb/client/cifssmb.c
+++ b/fs/smb/client/cifssmb.c
@@ -4090,9 +4090,9 @@ CIFSSMBQFileInfo(const unsigned int xid, struct cifs_tcon *tcon,
 				      get_bcc(&pSMBr->hdr), 40);
 		else if (pFindData) {
 			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
-			memcpy((char *) pFindData,
-			       (char *) &pSMBr->hdr.Protocol +
-			       data_offset, sizeof(FILE_ALL_INFO));
+			memcpy(pFindData,
+			       (char *)pSMBr + struct_offset(pSMBr, hdr.Protocol) + data_offset,
+			       sizeof(FILE_ALL_INFO));
 		} else
 		    rc = -ENOMEM;
 	}
@@ -4264,9 +4264,8 @@ CIFSSMBUnixQFileInfo(const unsigned int xid, struct cifs_tcon *tcon,
 				      get_bcc(&pSMBr->hdr), sizeof(FILE_UNIX_BASIC_INFO));
 		} else {
 			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
-			memcpy((char *) pFindData,
-			       (char *) &pSMBr->hdr.Protocol +
-			       data_offset,
+			memcpy(pFindData,
+			       (char *)pSMBr + struct_offset(pSMBr, hdr.Protocol) + data_offset,
 			       sizeof(FILE_UNIX_BASIC_INFO));
 		}
 	}
@@ -4349,9 +4348,8 @@ CIFSSMBUnixQPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
 				      get_bcc(&pSMBr->hdr), sizeof(FILE_UNIX_BASIC_INFO));
 		} else {
 			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
-			memcpy((char *) pFindData,
-			       (char *) &pSMBr->hdr.Protocol +
-			       data_offset,
+			memcpy(pFindData,
+			       (char *)pSMBr + struct_offset(pSMBr, hdr.Protocol) + data_offset,
 			       sizeof(FILE_UNIX_BASIC_INFO));
 		}
 	}
@@ -5079,7 +5077,6 @@ CIFSSMBQFSAttributeInfo(const unsigned int xid, struct cifs_tcon *tcon)
 /* level 0x105  SMB_QUERY_FILE_SYSTEM_INFO */
 	TRANSACTION2_QFSI_REQ *pSMB = NULL;
 	TRANSACTION2_QFSI_RSP *pSMBr = NULL;
-	FILE_SYSTEM_ATTRIBUTE_INFO *response_data;
 	unsigned int in_len;
 	int rc = 0;
 	int bytes_returned = 0;
@@ -5130,11 +5127,8 @@ CIFSSMBQFSAttributeInfo(const unsigned int xid, struct cifs_tcon *tcon)
 				      get_bcc(&pSMBr->hdr), 13);
 		} else {
 			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
-			response_data =
-			    (FILE_SYSTEM_ATTRIBUTE_INFO
-			     *) (((char *) &pSMBr->hdr.Protocol) +
-				 data_offset);
-			memcpy(&tcon->fsAttrInfo, response_data,
+			memcpy(&tcon->fsAttrInfo,
+			       (char *)pSMBr + struct_offset(pSMBr, hdr.Protocol) + data_offset,
 			       sizeof(FILE_SYSTEM_ATTRIBUTE_INFO));
 		}
 	}
@@ -5152,7 +5146,6 @@ CIFSSMBQFSDeviceInfo(const unsigned int xid, struct cifs_tcon *tcon)
 /* level 0x104 SMB_QUERY_FILE_SYSTEM_INFO */
 	TRANSACTION2_QFSI_REQ *pSMB = NULL;
 	TRANSACTION2_QFSI_RSP *pSMBr = NULL;
-	FILE_SYSTEM_DEVICE_INFO *response_data;
 	unsigned int in_len;
 	int rc = 0;
 	int bytes_returned = 0;
@@ -5205,11 +5198,8 @@ CIFSSMBQFSDeviceInfo(const unsigned int xid, struct cifs_tcon *tcon)
 				      sizeof(FILE_SYSTEM_DEVICE_INFO));
 		else {
 			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
-			response_data =
-			    (FILE_SYSTEM_DEVICE_INFO *)
-				(((char *) &pSMBr->hdr.Protocol) +
-				 data_offset);
-			memcpy(&tcon->fsDevInfo, response_data,
+			memcpy(&tcon->fsDevInfo,
+			       (char *)pSMBr + struct_offset(pSMBr, hdr.Protocol) + data_offset,
 			       sizeof(FILE_SYSTEM_DEVICE_INFO));
 		}
 	}
@@ -5227,7 +5217,6 @@ CIFSSMBQFSUnixInfo(const unsigned int xid, struct cifs_tcon *tcon)
 /* level 0x200  SMB_QUERY_CIFS_UNIX_INFO */
 	TRANSACTION2_QFSI_REQ *pSMB = NULL;
 	TRANSACTION2_QFSI_RSP *pSMBr = NULL;
-	FILE_SYSTEM_UNIX_INFO *response_data;
 	unsigned int in_len;
 	int rc = 0;
 	int bytes_returned = 0;
@@ -5277,11 +5266,8 @@ CIFSSMBQFSUnixInfo(const unsigned int xid, struct cifs_tcon *tcon)
 				      get_bcc(&pSMBr->hdr), 13);
 		} else {
 			__u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
-			response_data =
-			    (FILE_SYSTEM_UNIX_INFO
-			     *) (((char *) &pSMBr->hdr.Protocol) +
-				 data_offset);
-			memcpy(&tcon->fsUnixInfo, response_data,
+			memcpy(&tcon->fsUnixInfo,
+			       (char *)pSMBr + struct_offset(pSMBr, hdr.Protocol) + data_offset,
 			       sizeof(FILE_SYSTEM_UNIX_INFO));
 		}
 	}
-- 
2.54.0

next             reply	other threads:[~2026-04-30 22:06 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-30 22:06 Rosen Penev [this message]
2026-05-01  0:09 ` [PATCH] cifssmb: use struct_offset in memcpy calculations Steve French
2026-05-01  0:27   ` Rosen Penev
2026-05-01  0:47 ` Rosen Penev

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3990a901226 dfblob:8598cec5ebb )
 OR (
bs:"[PATCH] cifssmb: use struct_offset in memcpy calculations" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260430220601.76266-1-rosenp@gmail.com \
    --to=rosenp@gmail.com \
    --cc=bharathsm@microsoft.com \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pc@manguebit.org \
    --cc=ronniesahlberg@gmail.com \
    --cc=samba-technical@lists.samba.org \
    --cc=sfrench@samba.org \
    --cc=sprasad@microsoft.com \
    --cc=tom@talpey.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox