Received: by 2002:a05:7412:8d1c:b0:fa:4c10:6cad with SMTP id bj28csp433078rdb; Wed, 17 Jan 2024 06:32:59 -0800 (PST) X-Google-Smtp-Source: AGHT+IFa+rHDdUdPD6lkFg0ZYfgPMxWDLFql8iH5TVEf/Nhvt8/WD9uq9OnMfNdNsfyi0Si99YL1 X-Received: by 2002:a05:6359:660b:b0:175:b707:c92a with SMTP id sm11-20020a056359660b00b00175b707c92amr5528072rwb.33.1705501979190; Wed, 17 Jan 2024 06:32:59 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705501979; cv=pass; d=google.com; s=arc-20160816; b=JnKOrTwyNdldagPxyrxn/DwrtwrlbwpBnbdgGQNwe/9heEIdIFH9UFNTkPEBFVB1XP O5UBzEGRVQAld3jCJA9bmxbPEcyBp/Vej4pr9kOTJv0LRsdPstp8mTUJtNiyyg8Edu2n BTgtHvpyHCbRt3IbzrCphuvgmeGBLdHP1Sk4/xdAQ38tnSK8uhQhNoU6jp2X8ot+qx+x SuV1jd621u2Cj4BCswvj/xLj1/eUXC/zh5a7dlbpOFYA8YZ8PhwejGKCY1Fc0hofmBqR bdduchsxnQUuL9P5FM82UAMJhZHl2GrdKtw6udw1352tZ6zpHQ8QgmYW/Pv7BZPVt7qS GucA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=W8RONH//ElZU86u60opp7THU7PsxqZBvC44A1MdMu3w=; fh=i2bKyobR6wXr53RSCdTqjmbh4jOpQLLlxYREC1oEdLc=; b=Sbk9/xfaAVjN7zIKu4HKYbEaq8kISwWpb6791iGvJjwiRnUkejKVIz+cLZ7KeUELFH Uw9+E/77dZLKBJR6ODNWieUqEXKAhA4n2sjNVdz+IbOr52r1/ManyBok2ZGSJq5ktwC3 +w+8DPl72MSgXP6VEI3/vb7oYZpfhEAwsVm/3qS6D+uz+2KzdM2FOFy/j9X2UVL93IxG QmN3YXb3thj77495ENOWxSFxj/g9PTFXnA8nMPahMdaNHeHdera/OXWlUYr2xy85agtM 42k2wdEZFOwXomQiYeWZdennJamZUqfUFJcaQ9SXu2P7fUZzcD3Lr5w+C9xnk246Z4yj dRQg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=E4kJUHOw; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-29083-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-29083-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id g10-20020a636b0a000000b005c690745520si13216680pgc.743.2024.01.17.06.32.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Jan 2024 06:32:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-29083-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=E4kJUHOw; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-29083-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-29083-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id EE9FAB239F0 for ; Wed, 17 Jan 2024 14:32:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8B251208D6; Wed, 17 Jan 2024 14:32:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="E4kJUHOw" Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E78220DC1 for ; Wed, 17 Jan 2024 14:32:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705501966; cv=none; b=bIjYPXxP3rtuAXgkwPbVfwNei3z/80x/+s/g6P+l2An6OYOwgBrrz0QiBVie2gZB336K6TEFUafIuQK+HSVraNl0vWERnW0qVrSPMHGJ136NyFbxYXiYyxWOmYVQwsgmZ+jUwt5KWv5yM6NUrtgPkhUhQdgtGLKTzTfisR5uWyY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705501966; c=relaxed/simple; bh=kkzjZHd7WNS4qBwCTQwi+455aFyXB+g748QuNeAbzBo=; h=Received:DKIM-Signature:X-Google-DKIM-Signature: X-Gm-Message-State:X-Google-Smtp-Source:X-Received:MIME-Version: References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc: Content-Type:Content-Transfer-Encoding; b=V0iaJP7L3sY7zzNGFR/t+cBelMvKRYyD7JX6NW2jEPHG6bi3HixSx9Ivs1YJYXd8BRw35yHFPBgZh1/tSYpOeKAKs15RWRKHnDCwPD18G3RNjDHR7dx4qx5+z3bGAgfKSJZiV03z8DzfNZNPbcE5G8laeng9mgihOrRJUnsYwWc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=E4kJUHOw; arc=none smtp.client-ip=209.85.167.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Received: by mail-oi1-f174.google.com with SMTP id 5614622812f47-3bd8cd40a04so1032244b6e.0 for ; Wed, 17 Jan 2024 06:32:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1705501964; x=1706106764; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=W8RONH//ElZU86u60opp7THU7PsxqZBvC44A1MdMu3w=; b=E4kJUHOw94wgHUapWkCjecBzf7N6IwfJeqw9RBS/vVMKe2De9ae8PiSyuV0XF+uY4v 2F7f81ioV1hg68em+PKeGq1sYJj6Gfq9CHN1va0JxDJXficeO+1rtYETpwgL21JKMK8R PkD8OJCsEAi3nNDIjZcEUiopbsEgqgMe0OtoD2K00DXy6kXg+JnHqrf9PwlfR0/V7poi 1+SwCiu0EknKBsUVRD9mRXjAIvWVfQ5+erTypOshe00mR/XYyN8bV+kdJO7td+jDmofz ksdDQBy0sRQ1LBsJ5J4aNufvmSCMi4oJ10vGZzPU3u6RLq31z7RZi8IbQA601bjR4aoK vf1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705501964; x=1706106764; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=W8RONH//ElZU86u60opp7THU7PsxqZBvC44A1MdMu3w=; b=Zm3hjt1i9TIQlJfqKmmZ/flr4bD4kx4UUGw6b5wwn11ayyACs8y+HMa6twcSxyyIBa D9Ajtcii4X081quLcFyAqPkVn64ooRqgJQnTUqCEl+WVAnOW0SCV2MgFTCdXrs4+1t1D tNZct/Yed7x+6yvbZPAMC+xhFGQ6PwJ37FCeIw9GfoiC48YQkHlZwzNfpLuhmdvn/kf3 zazZGgFnwamSVLUwR4I6uq4vicEV2X7G8hwQIKlUTzTweOP9atIsAX7QmGYtAthbt+Rz rDLw8XMPE5cABiPo4Wc+qJIj8gHj6AWr74HyqFUeA/+IO/HQGoRlWkVCPKK/3lxZz7e9 9jSQ== X-Gm-Message-State: AOJu0YwaCELHFyned28P6l5JwyCyXxWJvCWzE0aHWl9IvaBFiNVjN/if YQrpApsGXbX4s9qn8O9AUyRkcwY871QxF4feHVefMb2aGzJF X-Received: by 2002:a05:6808:1290:b0:3bd:428e:744e with SMTP id a16-20020a056808129000b003bd428e744emr10251437oiw.53.1705501964261; Wed, 17 Jan 2024 06:32:44 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240117014541.8887-1-yaolu@kylinos.cn> In-Reply-To: <20240117014541.8887-1-yaolu@kylinos.cn> From: Paul Moore Date: Wed, 17 Jan 2024 09:32:33 -0500 Message-ID: Subject: Re: [PATCH] lsm: Resolve compiling 'security.c' error To: Lu Yao , linux-hardening@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Jan 16, 2024 at 8:46=E2=80=AFPM Lu Yao wrote: > > The following error log is displayed during the current compilation > > 'security/security.c:810:2: error: =E2=80=98memcpy=E2=80=99 offset 32= is > > out of the bounds [0, 0] [-Werror=3Darray-bounds]' > > GCC version is '10.3.0 (Ubuntu 10.3.0-1ubuntu1~18.04~1)' > > Signed-off-by: Lu Yao > --- > security/security.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) I'm adding the linux-hardening folks to the to To: line as this has now come up multiple times and my best guess is that this is an issue with the struct_size() macro, compiler annotations, or something similar and I suspect they are the experts in that area. My understanding is that using the struct_size() macro is preferable to open coding the math, as this patch does, but if we have to do something like this to silence the warnings, that's okay with me. So linux-hardening folks, what do you say? > diff --git a/security/security.c b/security/security.c > index 0144a98d3712..37168f6bee25 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -792,7 +792,7 @@ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, si= ze_t *uctx_len, > size_t nctx_len; > int rc =3D 0; > > - nctx_len =3D ALIGN(struct_size(nctx, ctx, val_len), sizeof(void *= )); > + nctx_len =3D ALIGN(sizeof(struct lsm_ctx) + val_len, sizeof(void = *)); > if (nctx_len > *uctx_len) { > rc =3D -E2BIG; > goto out; > -- > 2.25.1 --=20 paul-moore.com