Re: [linux-next:master 8858/10077] fs/statfs.c:131:3: warning: 'memcpy' will always overflow; destination buffer has size 64, but size argument is 84

Kees Cook <keescook@xxxxxxxxxxxx> · Tue, 24 Aug 2021 19:17:30 -0700

On Wed, Aug 25, 2021 at 05:59:01AM +0800, kernel test robot wrote:
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head:   372b2891c15acbf7b90d948b08ac174bde77102c
> commit: 185e297653a7e0431db813764d2efb9ffd09160c [8858/10077] fortify: Explicitly disable Clang support
> config: i386-randconfig-a016-20210824 (attached as .config)
> compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project d26000e4cc2bc65e207a84fa26cb6e374d60aa12)
> reproduce (this is a W=1 build):
>         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=185e297653a7e0431db813764d2efb9ffd09160c
>         git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
>         git fetch --no-tags linux-next master
>         git checkout 185e297653a7e0431db813764d2efb9ffd09160c
>         # save the attached .config to linux build tree
>         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 
> 
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
> 
> All warnings (new ones prefixed by >>):
> 
>    clang-14: warning: optimization flag '-falign-jumps=0' is not supported [-Wignored-optimization-argument]
>    In file included from fs/statfs.c:2:
>    In file included from include/linux/syscalls.h:76:
>    In file included from include/uapi/linux/aio_abi.h:31:
>    In file included from include/linux/fs.h:6:
>    In file included from include/linux/wait_bit.h:8:
>    In file included from include/linux/wait.h:9:
>    In file included from include/linux/spinlock.h:51:
>    In file included from include/linux/preempt.h:78:
>    In file included from arch/x86/include/asm/preempt.h:7:
>    In file included from include/linux/thread_info.h:60:
>    arch/x86/include/asm/thread_info.h:172:13: warning: calling '__builtin_frame_address' with a nonzero argument is unsafe [-Wframe-address]
>            oldframe = __builtin_frame_address(1);
>                       ^~~~~~~~~~~~~~~~~~~~~~~~~~
>    arch/x86/include/asm/thread_info.h:174:11: warning: calling '__builtin_frame_address' with a nonzero argument is unsafe [-Wframe-address]
>                    frame = __builtin_frame_address(2);
>                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
>    In file included from fs/statfs.c:2:
>    In file included from include/linux/syscalls.h:87:
>    In file included from include/trace/syscall.h:7:
>    In file included from include/linux/trace_events.h:10:
>    In file included from include/linux/perf_event.h:49:
>    In file included from include/linux/ftrace.h:22:
>    arch/x86/include/asm/ftrace.h:7:3: error: Compiler does not support fentry?
>    # error Compiler does not support fentry?
>      ^
>    In file included from fs/statfs.c:2:
>    In file included from include/linux/syscalls.h:87:
>    In file included from include/trace/syscall.h:7:
>    In file included from include/linux/trace_events.h:10:
>    In file included from include/linux/perf_event.h:49:
>    include/linux/ftrace.h:843:9: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address]
>            addr = CALLER_ADDR1;
>                   ^~~~~~~~~~~~
>    include/linux/ftrace.h:830:38: note: expanded from macro 'CALLER_ADDR1'
>    #define CALLER_ADDR1 ((unsigned long)ftrace_return_address(1))
>                                         ^~~~~~~~~~~~~~~~~~~~~~~~
>    include/linux/ftrace.h:823:36: note: expanded from macro 'ftrace_return_address'
>    #  define ftrace_return_address(n) __builtin_return_address(n)
>                                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~
>    include/linux/ftrace.h:846:9: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address]
>            return CALLER_ADDR2;
>                   ^~~~~~~~~~~~
>    include/linux/ftrace.h:831:38: note: expanded from macro 'CALLER_ADDR2'
>    #define CALLER_ADDR2 ((unsigned long)ftrace_return_address(2))
>                                         ^~~~~~~~~~~~~~~~~~~~~~~~
>    include/linux/ftrace.h:823:36: note: expanded from macro 'ftrace_return_address'
>    #  define ftrace_return_address(n) __builtin_return_address(n)
>                                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> fs/statfs.c:131:3: warning: 'memcpy' will always overflow; destination buffer has size 64, but size argument is 84 [-Wfortify-source]
>                    memcpy(&buf, st, sizeof(*st));
>                    ^
>    arch/x86/include/asm/string_32.h:182:25: note: expanded from macro 'memcpy'
>    #define memcpy(t, f, n) __builtin_memcpy(t, f, n)
>                            ^
>    5 warnings and 1 error generated.
> 
> 
> vim +/memcpy +131 fs/statfs.c
> 
> c8b91accfa1059 Al Viro 2011-03-12  125  
> c8b91accfa1059 Al Viro 2011-03-12  126  static int do_statfs_native(struct kstatfs *st, struct statfs __user *p)
> c8b91accfa1059 Al Viro 2011-03-12  127  {
> c8b91accfa1059 Al Viro 2011-03-12  128  	struct statfs buf;
> 7ed1ee6118ae77 Al Viro 2010-03-23  129  
> c8b91accfa1059 Al Viro 2011-03-12  130  	if (sizeof(buf) == sizeof(*st))
> c8b91accfa1059 Al Viro 2011-03-12 @131  		memcpy(&buf, st, sizeof(*st));

Wat. Statement above this makes that assertion impossible.

-- 
Kees Cook