On Tue, Jan 25, 2022 at 11:57:57AM +1100, Stephen Rothwell wrote: > Hi all, > > After merging the kspp tree, today's linux-next build (x86_64 > allmodconfig) failed like this: > > In file included from include/linux/string.h:253, > from include/linux/bitmap.h:11, > from include/linux/cpumask.h:12, > from arch/x86/include/asm/cpumask.h:5, > from arch/x86/include/asm/msr.h:11, > from arch/x86/include/asm/processor.h:22, > from arch/x86/include/asm/cpufeature.h:5, > from arch/x86/include/asm/thread_info.h:53, > from include/linux/thread_info.h:60, > from arch/x86/include/asm/preempt.h:7, > from include/linux/preempt.h:78, > from include/linux/spinlock.h:55, > from include/linux/wait.h:9, > from include/linux/mempool.h:8, > from include/linux/bio.h:8, > from fs/btrfs/ioctl.c:7: > In function 'fortify_memcpy_chk', > inlined from 'btrfs_ioctl_encoded_write' at fs/btrfs/ioctl.c:5082:3: > include/linux/fortify-string.h:316:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] > 316 | __write_overflow_field(p_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > include/linux/fortify-string.h:324:25: error: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning] > 324 | __read_overflow2_field(q_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > cc1: all warnings being treated as errors > > Caused by commit > > 602670289b69 ("fortify: Detect struct member overflows in memcpy() at compile-time") > > interacting with commit > > 504e1ebb6316 ("btrfs: add BTRFS_IOC_ENCODED_WRITE") > > from the btrfs tree. Thanks! I found the btrfs patch here: https://lore.kernel.org/all/ec08e6f559ab47b3300ca5a67e8fc984fd3f040f.1637179348.git.osandov@xxxxxx/ > > I applied the following hack: > > From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> > Date: Tue, 25 Jan 2022 11:47:17 +1100 > Subject: [PATCH] fix up for "btrfs: add BTRFS_IOC_ENCODED_WRITE" > > Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> > --- > fs/btrfs/ioctl.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c > index 73ad918a05a9..d34620034f8e 100644 > --- a/fs/btrfs/ioctl.c > +++ b/fs/btrfs/ioctl.c > @@ -5079,9 +5079,14 @@ static int btrfs_ioctl_encoded_write(struct file *file, void __user *argp, > } > args.iov = compat_ptr(args32.iov); > args.iovcnt = args32.iovcnt; > - memcpy(&args.offset, &args32.offset, > - sizeof(args) - > - offsetof(struct btrfs_ioctl_encoded_io_args, offset)); > + args.offset = args32.offset; > + args.flags = args32.flags; > + args.len = args32.len; > + args.unencoded_len = args32.unencoded_len; > + args.unencoded_offset = args32.unencoded_offset; > + args.compression = args32.compression; > + args.encryption = args32.encryption; > + memcpy(args.reserved, args32.reserved, sizeof(args.reserved)); > #else > return -ENOTTY; > #endif I'll see if I can construct something shorter using struct_group(). -Kees -- Kees Cook