Stanislaw Gruszka <stf_xl@xxxxx> writes: > On Wed, Sep 18, 2024 at 01:45:57PM +0000, Kalle Valo wrote: > >> Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote: >> >> > iwlegacy uses command buffers with a payload size of 320 >> > bytes (default) or 4092 bytes (huge). The struct il_device_cmd type >> > describes the default buffers and there is no separate type describing >> > the huge buffers. >> > >> > The il_enqueue_hcmd() function works with both default and huge >> > buffers, and has a memcpy() to the buffer payload. The size of >> > this copy may exceed 320 bytes when using a huge buffer, which >> > now results in a run-time warning: >> > >> > memcpy: detected field-spanning write (size 1014) of single field "&out_cmd->cmd.payload" at drivers/net/wireless/intel/iwlegacy/common.c:3170 (size 320) >> > >> > To fix this: >> > >> > - Define a new struct type for huge buffers, with a correctly sized >> > payload field >> > - When using a huge buffer in il_enqueue_hcmd(), cast the command >> > buffer pointer to that type when looking up the payload field >> > >> > Reported-by: Martin-Éric Racine <martin-eric.racine@xxxxxx> >> > References: https://bugs.debian.org/1062421 >> > References: https://bugzilla.kernel.org/show_bug.cgi?id=219124 >> > Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> >> > Fixes: 54d9469bc515 ("fortify: Add run-time WARN for cross-field memcpy()") >> > Tested-by: Martin-Éric Racine <martin-eric.racine@xxxxxx> >> > Tested-by: Brandon Nielsen <nielsenb@xxxxxxxxxxx> >> > Acked-by: Stanislaw Gruszka <stf_xl@xxxxx> >> >> Should this patch go wireless tree for v6.12? As this is a regression I think >> it should. > > It's not driver regression per se, just false positive warning when built > with CONFIG_FORTIFY_SOURCE. But it should go to 6.12 IMHO as fix for > the warning. Thanks, I'll then take this to wireless tree. -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
