Dmitry Antipov <dmantipov@xxxxxxxxx> writes: > When compiling with gcc 13.1 and CONFIG_FORTIFY_SOURCE=y, > I've noticed the following: > > In function ‘fortify_memcpy_chk’, > inlined from ‘ath_tx_complete_aggr’ at drivers/net/wireless/ath/ath9k/xmit.c:556:4, > inlined from ‘ath_tx_process_buffer’ at drivers/net/wireless/ath/ath9k/xmit.c:773:3: > ./include/linux/fortify-string.h:529:25: warning: call to ‘__read_overflow2_field’ > declared with attribute warning: detected read beyond size of field (2nd parameter); > maybe use struct_group()? [-Wattribute-warning] > 529 | __read_overflow2_field(q_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > In function ‘fortify_memcpy_chk’, > inlined from ‘ath_tx_count_frames’ at drivers/net/wireless/ath/ath9k/xmit.c:473:3, > inlined from ‘ath_tx_complete_aggr’ at drivers/net/wireless/ath/ath9k/xmit.c:572:2, > inlined from ‘ath_tx_process_buffer’ at drivers/net/wireless/ath/ath9k/xmit.c:773:3: > ./include/linux/fortify-string.h:529:25: warning: call to ‘__read_overflow2_field’ > declared with attribute warning: detected read beyond size of field (2nd parameter); > maybe use struct_group()? [-Wattribute-warning] > 529 | __read_overflow2_field(q_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > In both cases, the compiler complains on: > > memcpy(ba, &ts->ba_low, WME_BA_BMP_SIZE >> 3); > > which is the legal way to copy both 'ba_low' and following 'ba_high' > members of 'struct ath_tx_status' at once (that is, issue one 8-byte > 'memcpy()' for two 4-byte fields). Since the fortification logic seems > interprets this trick as an attempt to overread 4-byte 'ba_low', silence > relevant warnings by using the convenient 'struct_group()' quirk. > > Suggested-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> > Signed-off-by: Dmitry Antipov <dmantipov@xxxxxxxxx> Acked-by: Toke Høiland-Jørgensen <toke@xxxxxxx>
