* [PATCH][next] udf: Fix -Wstringop-overflow warnings
@ 2023-07-12 18:25 Gustavo A. R. Silva
2023-07-12 19:05 ` Kees Cook
0 siblings, 1 reply; 3+ messages in thread
From: Gustavo A. R. Silva @ 2023-07-12 18:25 UTC (permalink / raw)
To: Jan Kara; +Cc: linux-kernel, Gustavo A. R. Silva, linux-hardening
Use unsigned type in call to macro mint_t(). This avoids confusing the
compiler about possible negative values that would cause the value in
_len_ to wrap around.
Fixes the following -Wstringop-warnings seen when building ARM
architecture with allyesconfig (GCC 13):
fs/udf/directory.c: In function 'udf_copy_fi':
include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=]
57 | #define __underlying_memcpy __builtin_memcpy
| ^
include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
648 | __underlying_##op(p, q, __fortify_size); \
| ^~~~~~~~~~~~~
include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
| ^~~~~~~~~~~~~~~~~~~~
fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy'
99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
| ^~~~~~
include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=]
57 | #define __underlying_memcpy __builtin_memcpy
| ^
include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
648 | __underlying_##op(p, q, __fortify_size); \
| ^~~~~~~~~~~~~
include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
| ^~~~~~~~~~~~~~~~~~~~
fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy'
99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
| ^~~~~~
AR fs/udf/built-in.a
This helps with the ongoing efforts to globally enable
-Wstringop-overflow.
Link: https://github.com/KSPP/linux/issues/329
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
fs/udf/directory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/udf/directory.c b/fs/udf/directory.c
index 1c775e072b2f..93153665eb37 100644
--- a/fs/udf/directory.c
+++ b/fs/udf/directory.c
@@ -95,7 +95,7 @@ static int udf_copy_fi(struct udf_fileident_iter *iter)
}
off = iter->pos & (blksize - 1);
- len = min_t(int, sizeof(struct fileIdentDesc), blksize - off);
+ len = min_t(u32, sizeof(struct fileIdentDesc), blksize - off);
memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
if (len < sizeof(struct fileIdentDesc))
memcpy((char *)(&iter->fi) + len, iter->bh[1]->b_data,
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH][next] udf: Fix -Wstringop-overflow warnings
2023-07-12 18:25 [PATCH][next] udf: Fix -Wstringop-overflow warnings Gustavo A. R. Silva
@ 2023-07-12 19:05 ` Kees Cook
2023-07-31 14:35 ` Jan Kara
0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2023-07-12 19:05 UTC (permalink / raw)
To: Gustavo A. R. Silva; +Cc: Jan Kara, linux-kernel, linux-hardening
On Wed, Jul 12, 2023 at 12:25:45PM -0600, Gustavo A. R. Silva wrote:
> Use unsigned type in call to macro mint_t(). This avoids confusing the
> compiler about possible negative values that would cause the value in
> _len_ to wrap around.
>
> Fixes the following -Wstringop-warnings seen when building ARM
> architecture with allyesconfig (GCC 13):
> fs/udf/directory.c: In function 'udf_copy_fi':
> include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=]
> 57 | #define __underlying_memcpy __builtin_memcpy
> | ^
> include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> 648 | __underlying_##op(p, q, __fortify_size); \
> | ^~~~~~~~~~~~~
> include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> | ^~~~~~~~~~~~~~~~~~~~
> fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy'
> 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
> | ^~~~~~
> include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=]
> 57 | #define __underlying_memcpy __builtin_memcpy
> | ^
> include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> 648 | __underlying_##op(p, q, __fortify_size); \
> | ^~~~~~~~~~~~~
> include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> | ^~~~~~~~~~~~~~~~~~~~
> fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy'
> 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
> | ^~~~~~
> AR fs/udf/built-in.a
>
> This helps with the ongoing efforts to globally enable
> -Wstringop-overflow.
>
> Link: https://github.com/KSPP/linux/issues/329
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
> fs/udf/directory.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/udf/directory.c b/fs/udf/directory.c
> index 1c775e072b2f..93153665eb37 100644
> --- a/fs/udf/directory.c
> +++ b/fs/udf/directory.c
> @@ -95,7 +95,7 @@ static int udf_copy_fi(struct udf_fileident_iter *iter)
> }
>
> off = iter->pos & (blksize - 1);
> - len = min_t(int, sizeof(struct fileIdentDesc), blksize - off);
> + len = min_t(u32, sizeof(struct fileIdentDesc), blksize - off);
> memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
> if (len < sizeof(struct fileIdentDesc))
> memcpy((char *)(&iter->fi) + len, iter->bh[1]->b_data,
len is u32, "off" can't be less than blksize, so this all looks correct
to me. Thanks!
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH][next] udf: Fix -Wstringop-overflow warnings
2023-07-12 19:05 ` Kees Cook
@ 2023-07-31 14:35 ` Jan Kara
0 siblings, 0 replies; 3+ messages in thread
From: Jan Kara @ 2023-07-31 14:35 UTC (permalink / raw)
To: Kees Cook; +Cc: Gustavo A. R. Silva, Jan Kara, linux-kernel, linux-hardening
On Wed 12-07-23 12:05:34, Kees Cook wrote:
> On Wed, Jul 12, 2023 at 12:25:45PM -0600, Gustavo A. R. Silva wrote:
> > Use unsigned type in call to macro mint_t(). This avoids confusing the
> > compiler about possible negative values that would cause the value in
> > _len_ to wrap around.
> >
> > Fixes the following -Wstringop-warnings seen when building ARM
> > architecture with allyesconfig (GCC 13):
> > fs/udf/directory.c: In function 'udf_copy_fi':
> > include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=]
> > 57 | #define __underlying_memcpy __builtin_memcpy
> > | ^
> > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> > 648 | __underlying_##op(p, q, __fortify_size); \
> > | ^~~~~~~~~~~~~
> > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> > | ^~~~~~~~~~~~~~~~~~~~
> > fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy'
> > 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
> > | ^~~~~~
> > include/linux/fortify-string.h:57:33: warning: '__builtin_memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=]
> > 57 | #define __underlying_memcpy __builtin_memcpy
> > | ^
> > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> > 648 | __underlying_##op(p, q, __fortify_size); \
> > | ^~~~~~~~~~~~~
> > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> > | ^~~~~~~~~~~~~~~~~~~~
> > fs/udf/directory.c:99:9: note: in expansion of macro 'memcpy'
> > 99 | memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
> > | ^~~~~~
> > AR fs/udf/built-in.a
> >
> > This helps with the ongoing efforts to globally enable
> > -Wstringop-overflow.
> >
> > Link: https://github.com/KSPP/linux/issues/329
> > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> > ---
> > fs/udf/directory.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/udf/directory.c b/fs/udf/directory.c
> > index 1c775e072b2f..93153665eb37 100644
> > --- a/fs/udf/directory.c
> > +++ b/fs/udf/directory.c
> > @@ -95,7 +95,7 @@ static int udf_copy_fi(struct udf_fileident_iter *iter)
> > }
> >
> > off = iter->pos & (blksize - 1);
> > - len = min_t(int, sizeof(struct fileIdentDesc), blksize - off);
> > + len = min_t(u32, sizeof(struct fileIdentDesc), blksize - off);
> > memcpy(&iter->fi, iter->bh[0]->b_data + off, len);
> > if (len < sizeof(struct fileIdentDesc))
> > memcpy((char *)(&iter->fi) + len, iter->bh[1]->b_data,
>
> len is u32, "off" can't be less than blksize, so this all looks correct
> to me. Thanks!
>
> Reviewed-by: Kees Cook <keescook@chromium.org>
Thanks! I've merged the patch to my tree.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-07-31 14:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-12 18:25 [PATCH][next] udf: Fix -Wstringop-overflow warnings Gustavo A. R. Silva
2023-07-12 19:05 ` Kees Cook
2023-07-31 14:35 ` Jan Kara
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox