This is a note to let you know that I've just added the patch titled security: commoncap: fix -Wstringop-overread warning to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: security-commoncap-fix-wstringop-overread-warning.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 82e5d8cc768b0c7b03c551a9ab1f8f3f68d5f83f Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd@xxxxxxxx> Date: Mon, 22 Mar 2021 17:02:41 +0100 Subject: security: commoncap: fix -Wstringop-overread warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Arnd Bergmann <arnd@xxxxxxxx> commit 82e5d8cc768b0c7b03c551a9ab1f8f3f68d5f83f upstream. gcc-11 introdces a harmless warning for cap_inode_getsecurity: security/commoncap.c: In function ‘cap_inode_getsecurity’: security/commoncap.c:440:33: error: ‘memcpy’ reading 16 bytes from a region of size 0 [-Werror=stringop-overread] 440 | memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The problem here is that tmpbuf is initialized to NULL, so gcc assumes it is not accessible unless it gets set by vfs_getxattr_alloc(). This is a legitimate warning as far as I can tell, but the code is correct since it correctly handles the error when that function fails. Add a separate NULL check to tell gcc about it as well. Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx> Acked-by: Christian Brauner <christian.brauner@xxxxxxxxxx> Signed-off-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> Cc: Andrey Zhizhikin <andrey.z@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- security/commoncap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/security/commoncap.c +++ b/security/commoncap.c @@ -391,7 +391,7 @@ int cap_inode_getsecurity(struct inode * &tmpbuf, size, GFP_NOFS); dput(dentry); - if (ret < 0) + if (ret < 0 || !tmpbuf) return ret; fs_ns = inode->i_sb->s_user_ns; Patches currently in stable-queue which might be from arnd@xxxxxxxx are queue-5.10/crypto-arm-curve25519-move-.fpu-after-.arch.patch queue-5.10/security-commoncap-fix-wstringop-overread-warning.patch queue-5.10/amdgpu-avoid-incorrect-hu-format-string.patch