| Message ID | 20240224121140.1883201-1-arnd@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-79629-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7300:a81b:b0:108:e6aa:91d0 with SMTP id
bq27csp1114603dyb;
Sat, 24 Feb 2024 04:12:26 -0800 (PST)
X-Forwarded-Encrypted: i=3;
AJvYcCVTK5f6G6RFj6UppzC1tl22eIfY5gUaXks/9IHJiboR+NWYPzD3I1zqamc6vFczafQ1apilCTu0n9bDw3aD6XWu5kLUIg==
X-Google-Smtp-Source:
AGHT+IHvYSIPyx5QacmTas9e+QBsvvERm0OO6YhCOjlmmZlfNW3vgV+aqUVBTS2ubqFFCTue4Btl
X-Received: by 2002:a17:902:f54f:b0:1db:ecf1:3b83 with SMTP id
h15-20020a170902f54f00b001dbecf13b83mr3064425plf.23.1708776745915;
Sat, 24 Feb 2024 04:12:25 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708776745; cv=pass;
d=google.com; s=arc-20160816;
b=mSATcFXTTwoxceBmIDHaHkdGdiPN8mfB9y53DBQ5ZEb49ITKSMg8eFuV350wHymdU+
jlYtSU78+EhU8iAxvi5cUP5fuPqlMqB8jfeTyVGvLDKaOu3PL5yOSl67E1iWSXJrC4zk
4aPr5V/g6+iQo2ytp5ss11+ifFd9W8nbgGzmw6WaPZo4H/HqgxbeGEC0oyQqGhHT0Mrv
I2GPL4EBjJ4l53FuEEhltXI4IIP5JRB/ZxXkvh7C7FpDsjH2X5Xh8ihfEpBlQTrSiELV
eW1BcicLp5E1VRlg1UROIri9PHxyUl7DBelfZF9yCOSuoB2WL3pcaEl/U6DQiZqTVSjZ
67nA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:message-id:date:subject:cc:to
:from:dkim-signature;
bh=Qzv97TQUqNBLJKHPHKcMLZcr/sd6raU0oHRWjSGFSqo=;
fh=JgjOWoST60RCJRmMUAJiV3cnmecwob5E3xNCqYpyi0w=;
b=EuPQ7eXH3p5e/51tgco+qJDvWglAXm7eStxYZuxl3fQLDi8kQ+Ks9gjbbJLL8cPZO4
9fg+r/pQkklFuESeg+9jwWY2VpfKHefVw5rmBtaFUBEMT0n/+qMRvmeOxyO6RQuXKPW/
lTVa6L3q0Yx9jeYqJIoUwAEll6QPUtBqFXbFykWOoDfQudFyRxp2NY5/X8mWcvlgLwGh
1I/9dvY1qASg7VG4ZIrNZVUC3GDkTg2vBqaArP3Vg6b3eOrfDDe/oDMB8zrVBj7KPU/I
Eg+p+UurC6kYqMFL+b//98PK+ykCRtpthkwo2J9vIZ8/ZSKw4d2mlpHlWVpBzFV74S03
uyIg==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jMYusG9z;
arc=pass (i=1 dkim=pass dkdomain=kernel.org);
spf=pass (google.com: domain of
linux-kernel+bounces-79629-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:40f1:3f00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-79629-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org.
[2604:1380:40f1:3f00::1])
by mx.google.com with ESMTPS id
x2-20020a170902ec8200b001dbe7a31ab9si758843plg.315.2024.02.24.04.12.25
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 24 Feb 2024 04:12:25 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-79629-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jMYusG9z;
arc=pass (i=1 dkim=pass dkdomain=kernel.org);
spf=pass (google.com: domain of
linux-kernel+bounces-79629-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:40f1:3f00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-79629-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sy.mirrors.kernel.org (Postfix) with ESMTPS id 58E0AB21A83
for <ouuuleilei@gmail.com>; Sat, 24 Feb 2024 12:12:03 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id C017F3E48C;
Sat, 24 Feb 2024 12:11:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
header.b="jMYusG9z"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
[10.30.226.201])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2276D3B79E;
Sat, 24 Feb 2024 12:11:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1708776706; cv=none;
b=g6mp9N6YA9LyJ0eLeBnfB68huIqTHCRp9x0rHD9MQzp6Ez6iUKGVB3JumZ1E2jWPR7wUaWNpM6R3+ESpAzSd+6dfLMDOYLNJOx+mYQZHGE7eEUySXXo5Fzq7dQ4gHI4qHlobnL28fKRvytvB9obZCoFajIuY+uKx+YOa+r/oqZM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1708776706; c=relaxed/simple;
bh=rpYOVLIlw2+edCfnGPgTidNvVsmfYwWsDaMoVPZVr8E=;
h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
b=IF+Dzp9vRoFu0re0AfrHOjd9SgktBxy6UKRWtAWexklJCjPQeEtxKpNiH3xEif5GMkBRWa1s+fo3/lWz2T9Q7g4LnhFzn00PldxDa4KHyOiVX2MsYI19ikHO1IUiHxymHWSQYps8gPviuT9PXP2Lm0S66Bgb59C0SW895ZjGABY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
header.b=jMYusG9z; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4786FC433F1;
Sat, 24 Feb 2024 12:11:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
s=k20201202; t=1708776705;
bh=rpYOVLIlw2+edCfnGPgTidNvVsmfYwWsDaMoVPZVr8E=;
h=From:To:Cc:Subject:Date:From;
b=jMYusG9zU120ZBb9vkTnb0qG6A/UiiTaSGVoqNWGurOliBSjvBWVryKy64I+HsV5g
ec3yKfFqRpoRkYCyzp4fmpQBvd82X98XRoJZkGt7l80ESU6NovDz6G3SC6R/pxcjUc
WWjMesOnL+QL2nUL7rjaJWRaULmaM1/SpDkMNvRO+40HJwmmBWjpOeG/icgHV4kxiJ
hfFiCLEyaufNjEirGF2iX50SNMN9EOKoqhZlQC8Waqcb+QJMWMVctgvZMtdkSsdkPY
ELCFD8sW8eK/DziA6ATVbxz5xLI/fod5LI0n/s1SzCx+mTXh1wxBX5fFb6ehxdx/9b
lZc8XbGFs7ang==
From: Arnd Bergmann <arnd@kernel.org>
To: Jonathan Cameron <jic23@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>, Lars-Peter Clausen <lars@metafoo.de>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>, Bill Wendling <morbo@google.com>,
Justin Stitt <justinstitt@google.com>,
=?utf-8?q?Uwe_Kleine-K=C3=B6nig?= <u.kleine-koenig@pengutronix.de>,
linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev
Subject: [PATCH] iio: avoid fortify-string overflow error
Date: Sat, 24 Feb 2024 13:11:34 +0100
Message-Id: <20240224121140.1883201-1-arnd@kernel.org>
X-Mailer: git-send-email 2.39.2
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1791782284990241089
X-GMAIL-MSGID: 1791782284990241089
|
| Series |
iio: avoid fortify-string overflow error
|
|
Commit Message
Arnd Bergmann
Feb. 24, 2024, 12:11 p.m. UTC
From: Arnd Bergmann <arnd@arndb.de> The memcpy() call in dlhl60d.c triggers a check with clang-19: In file included from drivers/iio/pressure/dlhl60d.c:11: In file included from include/linux/module.h:17: include/linux/fortify-string.h:553:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] 553 | __write_overflow_field(p_size_field, size); | ^ It writes into a two member array from a loop over a linked list that likely has some indication of having more than two entries. Add a conditional check there to avoid the overflow. Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- drivers/iio/pressure/dlhl60d.c | 2 ++ 1 file changed, 2 insertions(+)
Comments
On Sat, 24 Feb 2024 13:11:34 +0100 Arnd Bergmann <arnd@kernel.org> wrote: > From: Arnd Bergmann <arnd@arndb.de> > > The memcpy() call in dlhl60d.c triggers a check with clang-19: > > In file included from drivers/iio/pressure/dlhl60d.c:11: > In file included from include/linux/module.h:17: > include/linux/fortify-string.h:553:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] > 553 | __write_overflow_field(p_size_field, size); > | ^ > > It writes into a two member array from a loop over a linked list > that likely has some indication of having more than two entries. > > Add a conditional check there to avoid the overflow. > > Signed-off-by: Arnd Bergmann <arnd@arndb.de> Hi Arnd, It's a false positive, but the compiler has no way to tell that only bits 0 and 1 can be set. https://lore.kernel.org/linux-iio/20240222222335.work.759-kees@kernel.org/ for discussion on why + the missing zero initialization bug Kees noticed whilst looking at this code. Kees proposed an alternative way to suppress the warning that I've just applied. https://lore.kernel.org/linux-iio/20240223172936.it.875-kees@kernel.org/ Your solution also works but leaves the implication of a real path to overflow the buffer when there isn't one, hence I prefer what Kees had unless some future version of clang trips over that in which case we can revisit. Thanks Jonathan > --- > drivers/iio/pressure/dlhl60d.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/iio/pressure/dlhl60d.c b/drivers/iio/pressure/dlhl60d.c > index 28c8269ba65d..a43ecda849db 100644 > --- a/drivers/iio/pressure/dlhl60d.c > +++ b/drivers/iio/pressure/dlhl60d.c > @@ -262,6 +262,8 @@ static irqreturn_t dlh_trigger_handler(int irq, void *private) > &st->rx_buf[1] + chn * DLH_NUM_DATA_BYTES, > DLH_NUM_DATA_BYTES); > i++; > + if (i >= ARRAY_SIZE(tmp_buf)) > + break; > } > > iio_push_to_buffers(indio_dev, tmp_buf);
On Sun, Feb 25, 2024, at 13:19, Jonathan Cameron wrote: > On Sat, 24 Feb 2024 13:11:34 +0100 Arnd Bergmann <arnd@kernel.org> wrote: > It's a false positive, but the compiler has no way to tell that only bits > 0 and 1 can be set. > https://lore.kernel.org/linux-iio/20240222222335.work.759-kees@kernel.org/ > for discussion on why + the missing zero initialization bug Kees noticed whilst > looking at this code. > > Kees proposed an alternative way to suppress the warning that I've just applied. > https://lore.kernel.org/linux-iio/20240223172936.it.875-kees@kernel.org/ Right, that's fine. > Your solution also works but leaves the implication of a real path to > overflow the buffer when there isn't one, hence I prefer what Kees had unless > some future version of clang trips over that in which case we can revisit. The idea with my patch was to make it obvious to the compiler that there can't be an overflow, which would ensure the warning doesn't come back. Kees' version works by avoiding whatever code path in the compiler trips over the warning, but it's more likely to come back later if something changes in the compiler itself, so there is a slight chance that we have it work around it again. Arnd
diff --git a/drivers/iio/pressure/dlhl60d.c b/drivers/iio/pressure/dlhl60d.c index 28c8269ba65d..a43ecda849db 100644 --- a/drivers/iio/pressure/dlhl60d.c +++ b/drivers/iio/pressure/dlhl60d.c @@ -262,6 +262,8 @@ static irqreturn_t dlh_trigger_handler(int irq, void *private) &st->rx_buf[1] + chn * DLH_NUM_DATA_BYTES, DLH_NUM_DATA_BYTES); i++; + if (i >= ARRAY_SIZE(tmp_buf)) + break; } iio_push_to_buffers(indio_dev, tmp_buf);