Patch "security: commoncap: fix -Wstringop-overread warning" has been added to the 4.19-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 09 May 2021 17:18:13 +0200

This is a note to let you know that I've just added the patch titled

    security: commoncap: fix -Wstringop-overread warning

to the 4.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     security-commoncap-fix-wstringop-overread-warning.patch
and it can be found in the queue-4.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 82e5d8cc768b0c7b03c551a9ab1f8f3f68d5f83f Mon Sep 17 00:00:00 2001
From: Arnd Bergmann <arnd@xxxxxxxx>
Date: Mon, 22 Mar 2021 17:02:41 +0100
Subject: security: commoncap: fix -Wstringop-overread warning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From: Arnd Bergmann <arnd@xxxxxxxx>

commit 82e5d8cc768b0c7b03c551a9ab1f8f3f68d5f83f upstream.

gcc-11 introdces a harmless warning for cap_inode_getsecurity:

security/commoncap.c: In function ‘cap_inode_getsecurity’:
security/commoncap.c:440:33: error: ‘memcpy’ reading 16 bytes from a region of size 0 [-Werror=stringop-overread]
  440 |                                 memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The problem here is that tmpbuf is initialized to NULL, so gcc assumes
it is not accessible unless it gets set by vfs_getxattr_alloc().  This is
a legitimate warning as far as I can tell, but the code is correct since
it correctly handles the error when that function fails.

Add a separate NULL check to tell gcc about it as well.

Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
Acked-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
Signed-off-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx>
Cc: Andrey Zhizhikin <andrey.z@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 security/commoncap.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -397,7 +397,7 @@ int cap_inode_getsecurity(struct inode *
 				 &tmpbuf, size, GFP_NOFS);
 	dput(dentry);
 
-	if (ret < 0)
+	if (ret < 0 || !tmpbuf)
 		return ret;
 
 	fs_ns = inode->i_sb->s_user_ns;


Patches currently in stable-queue which might be from arnd@xxxxxxxx are

queue-4.19/security-commoncap-fix-wstringop-overread-warning.patch
queue-4.19/amdgpu-avoid-incorrect-hu-format-string.patch






