On Tue, Jan 25, 2022 at 11:57:57AM +1100, Stephen Rothwell wrote:
> Hi all,
>
> After merging the kspp tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
>
> In file included from include/linux/string.h:253,
> from include/linux/bitmap.h:11,
> from include/linux/cpumask.h:12,
> from arch/x86/include/asm/cpumask.h:5,
> from arch/x86/include/asm/msr.h:11,
> from arch/x86/include/asm/processor.h:22,
> from arch/x86/include/asm/cpufeature.h:5,
> from arch/x86/include/asm/thread_info.h:53,
> from include/linux/thread_info.h:60,
> from arch/x86/include/asm/preempt.h:7,
> from include/linux/preempt.h:78,
> from include/linux/spinlock.h:55,
> from include/linux/wait.h:9,
> from include/linux/mempool.h:8,
> from include/linux/bio.h:8,
> from fs/btrfs/ioctl.c:7:
> In function 'fortify_memcpy_chk',
> inlined from 'btrfs_ioctl_encoded_write' at fs/btrfs/ioctl.c:5082:3:
> include/linux/fortify-string.h:316:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
> 316 | __write_overflow_field(p_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> include/linux/fortify-string.h:324:25: error: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
> 324 | __read_overflow2_field(q_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
>
> Caused by commit
>
> 602670289b69 ("fortify: Detect struct member overflows in memcpy() at compile-time")
>
> interacting with commit
>
> 504e1ebb6316 ("btrfs: add BTRFS_IOC_ENCODED_WRITE")
>
> from the btrfs tree.
Thanks!
I found the btrfs patch here:
https://lore.kernel.org/all/ec08e6f559ab47b3300ca5a67e8fc984fd3f040f.1637179348.git.osandov@xxxxxx/
>
> I applied the following hack:
>
> From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
> Date: Tue, 25 Jan 2022 11:47:17 +1100
> Subject: [PATCH] fix up for "btrfs: add BTRFS_IOC_ENCODED_WRITE"
>
> Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
> ---
> fs/btrfs/ioctl.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
> index 73ad918a05a9..d34620034f8e 100644
> --- a/fs/btrfs/ioctl.c
> +++ b/fs/btrfs/ioctl.c
> @@ -5079,9 +5079,14 @@ static int btrfs_ioctl_encoded_write(struct file *file, void __user *argp,
> }
> args.iov = compat_ptr(args32.iov);
> args.iovcnt = args32.iovcnt;
> - memcpy(&args.offset, &args32.offset,
> - sizeof(args) -
> - offsetof(struct btrfs_ioctl_encoded_io_args, offset));
> + args.offset = args32.offset;
> + args.flags = args32.flags;
> + args.len = args32.len;
> + args.unencoded_len = args32.unencoded_len;
> + args.unencoded_offset = args32.unencoded_offset;
> + args.compression = args32.compression;
> + args.encryption = args32.encryption;
> + memcpy(args.reserved, args32.reserved, sizeof(args.reserved));
> #else
> return -ENOTTY;
> #endif
I'll see if I can construct something shorter using struct_group().
-Kees
--
Kees Cook
