On 20.01.25 18:18, Simon Horman wrote:
>> +static inline void copy_to_smcdgid(struct smcd_gid *sgid, uuid_t *igid)
>> +{
>> + __be64 temp;
>> +
>> + memcpy(&temp, igid, sizeof(sgid->gid));
>> + sgid->gid = ntohll(temp);
>> + memcpy(&temp, igid + sizeof(sgid->gid), sizeof(sgid->gid_ext));
> Hi Alexandra,
>
> The stride of the pointer arithmetic is the width of igid
> so this write will be at an offset of:
>
> sizeof(igid) + sizeof(sgid->gid) = 128 bytes
>
> Which is beyond the end of *igid.
Duh, what a stupid mistake. Thank you.
> I think the desired operation is to write at an offset of 8 bytes, so
> perhaps this is a way to achieve that, as the bi field is a
> 16 byte array of u8:
>
> memcpy(&temp, igid->b + sizeof(sgid->gid), sizeof(sgid->gid_ext));
I propose to keep the
memcpy(&temp, (u8 *)igid + sizeof(sgid->gid), sizeof(sgid->gid_ext));
like in the orginal net/smc/smc_loopback.c
> Flagged by W=1 builds with gcc-14 and clang-19, and by Smatch.
>
>> + sgid->gid_ext = ntohll(temp);
>> +}
I actually overlooked it in my smatch run (too many old warnings), but I
cannot get W=1 to flag it. I'll try to improve my setup.
