Received: by 2002:a05:7412:6592:b0:d7:7d3a:4fe2 with SMTP id m18csp646561rdg; Thu, 10 Aug 2023 14:54:25 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH8NNukLCsjqXHwxuClj5cP8ZTjLlOYfxX1m0I+QdZFSc2e9ASY5sE1fSeBJ1i1ZF2TZhjC X-Received: by 2002:a17:903:41c8:b0:1b7:e86f:7631 with SMTP id u8-20020a17090341c800b001b7e86f7631mr55655ple.19.1691704465498; Thu, 10 Aug 2023 14:54:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691704465; cv=none; d=google.com; s=arc-20160816; b=K/5O7RmMtPLS/crCznG/9hz5txbyv5YGykmvAWPplbuLfJK/thJKnjoSKBoDDcdD3D TOdFK1vWkTblc+XDejKZvzkQkEW9IfMIj9TO1UThweozBK/vSRObYuqgHbTALKJcutVX bY4thyKSwKclfQxJ3w1M+IdzjZgFEiSTr698LoBBJYmku1zlz+YR/s68zI9idIORF3d4 zg9KZy/i1oADES0TnY53uLs11guPKec5LQRT2UPgtr3Auk9GTpQsEj9eG6F32HMjS3Qk Neco1E8pblVoIU6t+p+mH+B/vAY24ln3v3m9xbyIk1rTQ1c2ODFkAL5DLs63ZCIcR+yT XPMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=niZ+vrNDQ4GMStTL9kRLMxjukCY/VFRh2rGg2sfT98M=; fh=XXEbd2iFLMYs61LV6JMjYyncIHph7rjtDoW/HJZHXFA=; b=qg3O8vqvYbHgeu+HDWAAFVKKfdC8iaqR1a8q86K8Ezfdf0cFjaecuM94oHDMESBKCo PTWRkiHlT/adHV1byUH5DsAuaja03xmHFj4AfGDUIYCsqd8eZTxKWRSSfnDhloBF9tik c0Vl4CScKxAZ9clBe7fuvC4zhgFKkLCKSG4/3kjl60m03q+EGCbBwfrUEmGAJVBE0uAI tC0kn40Z9+sAUp/dqS2dkUoroXwx+ZmFxUDWvYncs5GKRM6TWroyf37r2X+HEABd38Yv VswVHH7WozNrs945h3M0C3efMc4p+JHq5IHnVpdnFnFR+jc0A4Cw0ipYLfcpn3+rPfrW temg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="CA/+LIC3"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m10-20020a170902db0a00b001b9d8ea026fsi2212659plx.485.2023.08.10.14.54.13; Thu, 10 Aug 2023 14:54:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="CA/+LIC3"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234903AbjHJUV2 (ORCPT + 99 others); Thu, 10 Aug 2023 16:21:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234424AbjHJUV1 (ORCPT ); Thu, 10 Aug 2023 16:21:27 -0400 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB81D10F5 for ; Thu, 10 Aug 2023 13:21:26 -0700 (PDT) Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-686e29b058cso1029720b3a.1 for ; Thu, 10 Aug 2023 13:21:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1691698886; x=1692303686; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=niZ+vrNDQ4GMStTL9kRLMxjukCY/VFRh2rGg2sfT98M=; b=CA/+LIC3HH9ropBEzZi69+cyKgmDHdEThksaK6msMAFhGvl2Mfm7X9HAK0vbjKxE95 TmA846t5rsevs1uu52TwWWlPzCWbBqVYRHx7+imft5hL5eJH3YrFgq4/zcUnm3VaJC0Q 2+j1Be3W3YLcg3WUDICYJbn7LwvaGudzZ0KSs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691698886; x=1692303686; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=niZ+vrNDQ4GMStTL9kRLMxjukCY/VFRh2rGg2sfT98M=; b=hAKSkp3I0zGVy6FZVIf47yDwX1TGu1Y9WL132mnR5zHzSrJLP5n1DlrIMeuaXGk7ub dxgrHU0S9Q6bUaZMw7JkCDysrYMrBh7zYemvb1uR3CFcRiy3GCwQ7gdJV1vQwBDpKWD8 fcXWZhoX+SYIQ83Ukc+O/cec4pKXuW658p+ruNbDywKCUHoLmsBOr1IWgxhgYcoDdn1U ON6hDcWcXn5tYNpGwxlP75OomCTuCM9Tv4zkDlpe/IaN2VNdl922kWKXdB9kpdMsp7p1 V+DLZ9+EeWZwLJ1oWXt/x3Rf9S5QQKFESfGDq0x4tK2pfRDW818GarMq+Z2g3IbzXAjK IguQ== X-Gm-Message-State: AOJu0YxQ1THdBWG5lwyiXnlNG2C1tED9djvNOBI1FmGqfk71HCncpQaK 6IVAxpHwG0MkZYIT4WE0zT8f0w== X-Received: by 2002:a05:6a00:1acd:b0:687:4dd1:92f8 with SMTP id f13-20020a056a001acd00b006874dd192f8mr3900114pfv.10.1691698886324; Thu, 10 Aug 2023 13:21:26 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id x42-20020a056a000bea00b006661562429fsm1982331pfu.97.2023.08.10.13.21.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Aug 2023 13:21:25 -0700 (PDT) Date: Thu, 10 Aug 2023 13:21:25 -0700 From: Kees Cook To: "GONG, Ruiqi" Cc: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , Roopa Prabhu , Nikolay Aleksandrov , "Gustavo A . R . Silva" , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Wang Weiyang , Xiu Jianfeng , gongruiqi1@huawei.com Subject: Re: [PATCH v3] netfilter: ebtables: fix fortify warnings in size_entry_mwt() Message-ID: <202308101321.2FDE98DC57@keescook> References: <20230809074503.1323102-1-gongruiqi@huaweicloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230809074503.1323102-1-gongruiqi@huaweicloud.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 09, 2023 at 03:45:03PM +0800, GONG, Ruiqi wrote: > From: "GONG, Ruiqi" > > When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following > warning appears: > > In function ‘fortify_memcpy_chk’, > inlined from ‘size_entry_mwt’ at net/bridge/netfilter/ebtables.c:2118:2: > ./include/linux/fortify-string.h:592:25: error: call to ‘__read_overflow2_field’ > declared with attribute warning: detected read beyond size of field (2nd parameter); > maybe use struct_group()? [-Werror=attribute-warning] > 592 | __read_overflow2_field(q_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > The compiler is complaining: > > memcpy(&offsets[1], &entry->watchers_offset, > sizeof(offsets) - sizeof(offsets[0])); > > where memcpy reads beyong &entry->watchers_offset to copy > {watchers,target,next}_offset altogether into offsets[]. Silence the > warning by wrapping these three up via struct_group(). > > Signed-off-by: GONG, Ruiqi If a v4 is sent, please fix the "beyong" typo that was pointed out. Otherwise, it looks okay to me: Reviewed-by: Kees Cook -- Kees Cook