* [PATCH] usb: functionfs: avoid memcpy() field overflow warning
@ 2023-07-03 12:30 Arnd Bergmann
2023-07-03 12:45 ` Greg Kroah-Hartman
0 siblings, 1 reply; 3+ messages in thread
From: Arnd Bergmann @ 2023-07-03 12:30 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Arnd Bergmann, Udipto Goswami, John Keeping, Linyu Yuan,
Dan Carpenter, linux-usb, linux-kernel
From: Arnd Bergmann <arnd@arndb.de>
__ffs_func_bind_do_os_desc() copies both the CompatibleID and SubCompatibleID
fields of the usb_ext_compat_desc structure into an array, which triggers
a warning in the fortified memcpy():
In file included from drivers/usb/gadget/function/f_fs.c:17:
In file included from include/linux/string.h:254:
include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
__read_overflow2_field(q_size_field, size);
Usually we can avoid this by using a struct_group() inside of the structure
definition, but this might cause problems in userspace since it is in a uapi
header.
Just copy the two members individually.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
drivers/usb/gadget/function/f_fs.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index f41a385a5c421..b8f9e52e6db6b 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -2933,8 +2933,9 @@ static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
- ARRAY_SIZE(desc->CompatibleID) +
- ARRAY_SIZE(desc->SubCompatibleID));
+ sizeof(desc->CompatibleID));
+ memcpy(t->os_desc->ext_compat_id + sizeof(desc->CompatibleID),
+ &desc->SubCompatibleID, sizeof(desc->SubCompatibleID));
length = sizeof(*desc);
}
break;
--
2.39.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] usb: functionfs: avoid memcpy() field overflow warning
2023-07-03 12:30 [PATCH] usb: functionfs: avoid memcpy() field overflow warning Arnd Bergmann
@ 2023-07-03 12:45 ` Greg Kroah-Hartman
2023-07-03 13:05 ` Arnd Bergmann
0 siblings, 1 reply; 3+ messages in thread
From: Greg Kroah-Hartman @ 2023-07-03 12:45 UTC (permalink / raw)
To: Arnd Bergmann
Cc: Arnd Bergmann, Udipto Goswami, John Keeping, Linyu Yuan,
Dan Carpenter, linux-usb, linux-kernel
On Mon, Jul 03, 2023 at 02:30:32PM +0200, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
>
> __ffs_func_bind_do_os_desc() copies both the CompatibleID and SubCompatibleID
> fields of the usb_ext_compat_desc structure into an array, which triggers
> a warning in the fortified memcpy():
>
> In file included from drivers/usb/gadget/function/f_fs.c:17:
> In file included from include/linux/string.h:254:
> include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
> __read_overflow2_field(q_size_field, size);
>
> Usually we can avoid this by using a struct_group() inside of the structure
> definition, but this might cause problems in userspace since it is in a uapi
> header.
We use this in other uapi .h files, what is unique about these fields
that makes it so that they can not be used? Because it's not the last
field?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] usb: functionfs: avoid memcpy() field overflow warning
2023-07-03 12:45 ` Greg Kroah-Hartman
@ 2023-07-03 13:05 ` Arnd Bergmann
0 siblings, 0 replies; 3+ messages in thread
From: Arnd Bergmann @ 2023-07-03 13:05 UTC (permalink / raw)
To: Greg Kroah-Hartman, Arnd Bergmann
Cc: Udipto Goswami, John Keeping, Linyu Yuan, Dan Carpenter,
linux-usb, linux-kernel
On Mon, Jul 3, 2023, at 14:45, Greg Kroah-Hartman wrote:
> On Mon, Jul 03, 2023 at 02:30:32PM +0200, Arnd Bergmann wrote:
>> From: Arnd Bergmann <arnd@arndb.de>
>>
>> __ffs_func_bind_do_os_desc() copies both the CompatibleID and SubCompatibleID
>> fields of the usb_ext_compat_desc structure into an array, which triggers
>> a warning in the fortified memcpy():
>>
>> In file included from drivers/usb/gadget/function/f_fs.c:17:
>> In file included from include/linux/string.h:254:
>> include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
>> __read_overflow2_field(q_size_field, size);
>>
>> Usually we can avoid this by using a struct_group() inside of the structure
>> definition, but this might cause problems in userspace since it is in a uapi
>> header.
>
> We use this in other uapi .h files, what is unique about these fields
> that makes it so that they can not be used? Because it's not the last
> field?
It's probably ok, and I was overly cautious. I'll send a new version after
some more testing.
Arnd
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-07-03 13:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-03 12:30 [PATCH] usb: functionfs: avoid memcpy() field overflow warning Arnd Bergmann
2023-07-03 12:45 ` Greg Kroah-Hartman
2023-07-03 13:05 ` Arnd Bergmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox