* [PATCH] smb: client: memcpy() with surrounding object base address
@ 2024-11-17 11:32 Kees Cook
2024-11-17 19:14 ` Gustavo A. R. Silva
0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2024-11-17 11:32 UTC (permalink / raw)
To: Steve French
Cc: Kees Cook, Gustavo A. R. Silva, Paulo Alcantara, Ronnie Sahlberg,
Shyam Prasad N, Tom Talpey, Bharath SM, linux-cifs,
samba-technical, linux-kernel, linux-hardening
Like commit f1f047bd7ce0 ("smb: client: Fix -Wstringop-overflow issues"),
adjust the memcpy() destination address to be based off the surrounding
object rather than based off the 4-byte "Protocol" member. This avoids a
build-time warning when compiling under CONFIG_FORTIFY_SOURCE with GCC 15:
In function 'fortify_memcpy_chk',
inlined from 'CIFSSMBSetPathInfo' at ../fs/smb/client/cifssmb.c:5358:2:
../include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
571 | __write_overflow_field(p_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Steve French <sfrench@samba.org>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Paulo Alcantara <pc@manguebit.com>
Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Cc: Shyam Prasad N <sprasad@microsoft.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: Bharath SM <bharathsm@microsoft.com>
Cc: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org
---
fs/smb/client/cifssmb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c
index b96ca9be5352..026d6b5f23a9 100644
--- a/fs/smb/client/cifssmb.c
+++ b/fs/smb/client/cifssmb.c
@@ -5337,7 +5337,7 @@ CIFSSMBSetPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
param_offset = offsetof(struct smb_com_transaction2_spi_req,
InformationLevel) - 4;
offset = param_offset + params;
- data_offset = (char *) (&pSMB->hdr.Protocol) + offset;
+ data_offset = (char *)pSMB + offsetof(typeof(*pSMB), hdr.Protocol) + offset;
pSMB->ParameterOffset = cpu_to_le16(param_offset);
pSMB->DataOffset = cpu_to_le16(offset);
pSMB->SetupCount = 1;
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] smb: client: memcpy() with surrounding object base address
2024-11-17 11:32 [PATCH] smb: client: memcpy() with surrounding object base address Kees Cook
@ 2024-11-17 19:14 ` Gustavo A. R. Silva
2024-11-17 23:08 ` Steve French
0 siblings, 1 reply; 3+ messages in thread
From: Gustavo A. R. Silva @ 2024-11-17 19:14 UTC (permalink / raw)
To: Kees Cook, Steve French
Cc: Gustavo A. R. Silva, Paulo Alcantara, Ronnie Sahlberg,
Shyam Prasad N, Tom Talpey, Bharath SM, linux-cifs,
samba-technical, linux-kernel, linux-hardening
On 17/11/24 05:32, Kees Cook wrote:
> Like commit f1f047bd7ce0 ("smb: client: Fix -Wstringop-overflow issues"),
> adjust the memcpy() destination address to be based off the surrounding
> object rather than based off the 4-byte "Protocol" member. This avoids a
> build-time warning when compiling under CONFIG_FORTIFY_SOURCE with GCC 15:
>
> In function 'fortify_memcpy_chk',
> inlined from 'CIFSSMBSetPathInfo' at ../fs/smb/client/cifssmb.c:5358:2:
> ../include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
> 571 | __write_overflow_field(p_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Signed-off-by: Kees Cook <kees@kernel.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Thanks!
-Gustavo
> ---
> Cc: Steve French <sfrench@samba.org>
> Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
> Cc: Paulo Alcantara <pc@manguebit.com>
> Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
> Cc: Shyam Prasad N <sprasad@microsoft.com>
> Cc: Tom Talpey <tom@talpey.com>
> Cc: Bharath SM <bharathsm@microsoft.com>
> Cc: linux-cifs@vger.kernel.org
> Cc: samba-technical@lists.samba.org
> ---
> fs/smb/client/cifssmb.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c
> index b96ca9be5352..026d6b5f23a9 100644
> --- a/fs/smb/client/cifssmb.c
> +++ b/fs/smb/client/cifssmb.c
> @@ -5337,7 +5337,7 @@ CIFSSMBSetPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
> param_offset = offsetof(struct smb_com_transaction2_spi_req,
> InformationLevel) - 4;
> offset = param_offset + params;
> - data_offset = (char *) (&pSMB->hdr.Protocol) + offset;
> + data_offset = (char *)pSMB + offsetof(typeof(*pSMB), hdr.Protocol) + offset;
> pSMB->ParameterOffset = cpu_to_le16(param_offset);
> pSMB->DataOffset = cpu_to_le16(offset);
> pSMB->SetupCount = 1;
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] smb: client: memcpy() with surrounding object base address
2024-11-17 19:14 ` Gustavo A. R. Silva
@ 2024-11-17 23:08 ` Steve French
0 siblings, 0 replies; 3+ messages in thread
From: Steve French @ 2024-11-17 23:08 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Kees Cook, Steve French, Gustavo A. R. Silva, Paulo Alcantara,
Ronnie Sahlberg, Shyam Prasad N, Tom Talpey, Bharath SM,
linux-cifs, samba-technical, linux-kernel, linux-hardening
merged into cifs-2.6.git for-next
On Sun, Nov 17, 2024 at 1:15 PM Gustavo A. R. Silva
<gustavo@embeddedor.com> wrote:
>
>
>
> On 17/11/24 05:32, Kees Cook wrote:
> > Like commit f1f047bd7ce0 ("smb: client: Fix -Wstringop-overflow issues"),
> > adjust the memcpy() destination address to be based off the surrounding
> > object rather than based off the 4-byte "Protocol" member. This avoids a
> > build-time warning when compiling under CONFIG_FORTIFY_SOURCE with GCC 15:
> >
> > In function 'fortify_memcpy_chk',
> > inlined from 'CIFSSMBSetPathInfo' at ../fs/smb/client/cifssmb.c:5358:2:
> > ../include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
> > 571 | __write_overflow_field(p_size_field, size);
> > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > Signed-off-by: Kees Cook <kees@kernel.org>
>
> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
>
> Thanks!
> -Gustavo
>
> > ---
> > Cc: Steve French <sfrench@samba.org>
> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
> > Cc: Paulo Alcantara <pc@manguebit.com>
> > Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
> > Cc: Shyam Prasad N <sprasad@microsoft.com>
> > Cc: Tom Talpey <tom@talpey.com>
> > Cc: Bharath SM <bharathsm@microsoft.com>
> > Cc: linux-cifs@vger.kernel.org
> > Cc: samba-technical@lists.samba.org
> > ---
> > fs/smb/client/cifssmb.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c
> > index b96ca9be5352..026d6b5f23a9 100644
> > --- a/fs/smb/client/cifssmb.c
> > +++ b/fs/smb/client/cifssmb.c
> > @@ -5337,7 +5337,7 @@ CIFSSMBSetPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
> > param_offset = offsetof(struct smb_com_transaction2_spi_req,
> > InformationLevel) - 4;
> > offset = param_offset + params;
> > - data_offset = (char *) (&pSMB->hdr.Protocol) + offset;
> > + data_offset = (char *)pSMB + offsetof(typeof(*pSMB), hdr.Protocol) + offset;
> > pSMB->ParameterOffset = cpu_to_le16(param_offset);
> > pSMB->DataOffset = cpu_to_le16(offset);
> > pSMB->SetupCount = 1;
>
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-11-17 23:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-17 11:32 [PATCH] smb: client: memcpy() with surrounding object base address Kees Cook
2024-11-17 19:14 ` Gustavo A. R. Silva
2024-11-17 23:08 ` Steve French
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox