When compiling with gcc version 14.0.0 20231206 (experimental)
and CONFIG_FORTIFY_SOURCE=y, I've noticed the following warning:
In function 'fortify_memcpy_chk',
inlined from '__skb_put_data' at ./include/linux/skbuff.h:2599:2,
inlined from 'bnep_rx_frame.isra' at net/bluetooth/bnep/core.c:388:3:
./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Wattribute-warning]
588 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There is a 'memcpy()' call underneath '__skb_put_data()', and the former
is interpreted as an attempt to copy ETH_ALEN + 2 (which is 8) bytes from
the 6-byte 'h_source' field of 'struct ethhdr', which causes an overread
warning. The convenient way to avoid it is to use 'struct_group()', i.e.:
struct ethhdr {
unsigned char h_dest[ETH_ALEN];
struct_group(xxx,
unsigned char h_source[ETH_ALEN];
__be16 h_proto;
);
} __attribute__((packed));
But since 'struct ethhdr' is a fundamental type and most likely it would be
a bad idea to mess it up that way just for the sake of a few bluetooth bits,
I would suggest an ad-hoc quirk instead.
Signed-off-by: Dmitry Antipov <[email protected]>
---
net/bluetooth/bnep/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 5a6a49885ab6..8edceb4d2a4f 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -385,7 +385,8 @@ static int bnep_rx_frame(struct bnep_session *s, struct sk_buff *skb)
case BNEP_COMPRESSED_DST_ONLY:
__skb_put_data(nskb, skb_mac_header(skb), ETH_ALEN);
- __skb_put_data(nskb, s->eh.h_source, ETH_ALEN + 2);
+ __skb_put_data(nskb, (unsigned char *)&s->eh + ETH_ALEN,
+ ETH_ALEN + 2);
break;
case BNEP_GENERAL:
--
2.43.0
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=809736
---Test result---
Test Summary:
CheckPatch FAIL 1.01 seconds
GitLint FAIL 0.60 seconds
SubjectPrefix FAIL 0.41 seconds
BuildKernel PASS 27.56 seconds
CheckAllWarning PASS 30.03 seconds
CheckSparse PASS 35.48 seconds
CheckSmatch PASS 99.17 seconds
BuildKernel32 PASS 26.55 seconds
TestRunnerSetup PASS 419.22 seconds
TestRunner_l2cap-tester PASS 23.17 seconds
TestRunner_iso-tester PASS 45.35 seconds
TestRunner_bnep-tester PASS 6.93 seconds
TestRunner_mgmt-tester PASS 161.37 seconds
TestRunner_rfcomm-tester PASS 10.88 seconds
TestRunner_sco-tester PASS 14.74 seconds
TestRunner_ioctl-tester PASS 12.12 seconds
TestRunner_mesh-tester PASS 8.76 seconds
TestRunner_smp-tester PASS 12.01 seconds
TestRunner_userchan-tester PASS 7.50 seconds
IncrementalBuild PASS 25.79 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
bluetooth: bnep: fix fortify warning
WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?)
#61:
declared with attribute warning: detected read beyond size of field (2nd parameter);
total: 0 errors, 1 warnings, 0 checks, 9 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13491578.patch has style problems, please review.
NOTE: Ignored message types: UNKNOWN_COMMIT_ID
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
bluetooth: bnep: fix fortify warning
WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
9: B1 Line exceeds max length (82>80): "./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field'"
10: B1 Line exceeds max length (84>80): "declared with attribute warning: detected read beyond size of field (2nd parameter);"
21: B3 Line contains hard tab characters (\t): " unsigned char h_dest[ETH_ALEN];"
22: B3 Line contains hard tab characters (\t): " struct_group(xxx,"
23: B3 Line contains hard tab characters (\t): " unsigned char h_source[ETH_ALEN];"
24: B3 Line contains hard tab characters (\t): " __be16 h_proto;"
##############################
Test: SubjectPrefix - FAIL
Desc: Check subject contains "Bluetooth" prefix
Output:
"Bluetooth: " prefix is not specified in the subject
---
Regards,
Linux Bluetooth