[PATCH] scsi: bnx2i: fix fortify warning

Dmitry Antipov <dmantipov@xxxxxxxxx> · Tue, 12 Dec 2023 13:27:55 +0300

When compiling with gcc version 14.0.0 20231206 (experimental)
and CONFIG_FORTIFY_SOURCE=y, I've noticed the following warning:

...
In function 'fortify_memcpy_chk',
    inlined from 'bnx2i_process_login_resp.isra' at drivers/scsi/bnx2i/bnx2i_hwi.c:1460:2:
./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Wattribute-warning]
  588 |                         __read_overflow2_field(q_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This call to 'memcpy()' is interpreted as an attempt to copy 6 bytes from
4-byte 'isid_lo' field of 'struct bnx2i_login_response' and thus overread
warning is issued. Since we actually want to copy 'isid_lo' and following
2-byte field at once, use the convenient 'struct_group_attr()' here.

Signed-off-by: Dmitry Antipov <dmantipov@xxxxxxxxx>
---
 drivers/scsi/bnx2i/57xx_iscsi_hsi.h | 11 ++++++++---
 drivers/scsi/bnx2i/bnx2i_hwi.c      |  3 ++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/bnx2i/57xx_iscsi_hsi.h b/drivers/scsi/bnx2i/57xx_iscsi_hsi.h
index 19b3a97dbacd..1e0b30de9d9f 100644
--- a/drivers/scsi/bnx2i/57xx_iscsi_hsi.h
+++ b/drivers/scsi/bnx2i/57xx_iscsi_hsi.h
@@ -938,12 +938,17 @@ struct bnx2i_login_response {
 	u16 reserved3;
 #endif
 	u32 stat_sn;
-	u32 isid_lo;
 #if defined(__BIG_ENDIAN)
-	u16 isid_hi;
+	struct_group_attr(isid, __packed,
+		u32 isid_lo;
+		u16 isid_hi;
+	);
 	u16 tsih;
 #elif defined(__LITTLE_ENDIAN)
-	u16 tsih;
+	struct_group_attr(isid, __packed,
+		u32 isid_lo;
+		u16 tsih;
+	);
 	u16 isid_hi;
 #endif
 #if defined(__BIG_ENDIAN)
diff --git a/drivers/scsi/bnx2i/bnx2i_hwi.c b/drivers/scsi/bnx2i/bnx2i_hwi.c
index 6c864b093ac9..9c4c6a89d270 100644
--- a/drivers/scsi/bnx2i/bnx2i_hwi.c
+++ b/drivers/scsi/bnx2i/bnx2i_hwi.c
@@ -1457,7 +1457,8 @@ static int bnx2i_process_login_resp(struct iscsi_session *session,
 	resp_hdr->hlength = 0;
 
 	hton24(resp_hdr->dlength, login->data_length);
-	memcpy(resp_hdr->isid, &login->isid_lo, 6);
+	memcpy(resp_hdr->isid, &login->isid,
+	       sizeof_field(struct bnx2i_login_response, isid));
 	resp_hdr->tsih = cpu_to_be16(login->tsih);
 	resp_hdr->itt = task->hdr->itt;
 	resp_hdr->statsn = cpu_to_be32(login->stat_sn);
-- 
2.43.0








