Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp5407003rdb; Wed, 13 Dec 2023 07:52:06 -0800 (PST) X-Google-Smtp-Source: AGHT+IGgUX+olUnHnPoKc9zx0JsTBXAUwugkLEoHiKhiYItjDQcL2X2Vs1QnSe/WNg2jfv2ca5ML X-Received: by 2002:a17:907:2d0a:b0:a19:7781:5cda with SMTP id gs10-20020a1709072d0a00b00a1977815cdamr3453544ejc.72.1702482725890; Wed, 13 Dec 2023 07:52:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702482725; cv=none; d=google.com; s=arc-20160816; b=gV4Yo80pLtIYke6SzhfdY9TPeN7gsxIIwBrv4vIiAnUnq+0RQb0UVGaXn8PWfxaTZR 0yNO0v6ZScKpbRGIkuOotPjsHG6hoR37YuTOB8cQQXa0xZGZ3fsL+he9nnkRTeUnquoO OV8QBIRJm8jC4r0dHREW59yPmiOHYxpcwLv7YY/U2Ts1VKYRXij3uxZB+QG2xzWBFGq5 6MI9QIJsZmBjQpWfBWOQZAGtfrMvCuWsSMmMwAfeO2PKQ2Y8d4yhi4mK0YwBd+ASvNih h7v14wHdsrg8K3K2m1gVm6qB7u9KW/0zWNAW9dl6QiU8Zr4np26fHUBuwEaRnKuiPRbq EcxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=46pELxcl3h+ZZCUid6qf+O0+xAaOxFBvxW8XKl5Ws/I=; fh=+d/rPAMkcMvwObzZhAFem1EzyeRhBdlm6vAsycq+a0k=; b=lOLa0lX3NHGtWYRDx6ow4yLgHAx0okn1Cf10NhqLVp38Td/3pON2AxtNONq2Z1YpiY QVgUUqVY2mrgU0x08cTpg5FH/zggXLQ1ETS4hIi/9XcMtnL1PGwUo6qADUm/D8tA2Ikr h5QhxbmUNMmR45m3rgSQTJpMBJrQp1uP5j+AdBMvlX+ZCUNMHn+MFOL0rgV5wWu0kfHC lkADDqsEU9pkzlH+kQgQeLkwTcic2S9KAbw8Ndg0tJjtS003joNTaN+HRktneXKEyuBJ o0fZYx/WtDj9E/5N0oROWDQKiXUkylVAgyanfOEMHQ4EkRTWAIbdHiUQRsXe81+7Cn64 /PQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yandex.ru header.s=mail header.b=TZdYIJ7t; spf=pass (google.com: domain of linux-bluetooth+bounces-576-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-576-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id j25-20020a170906051900b00a1e095c4e75si5346883eja.303.2023.12.13.07.52.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Dec 2023 07:52:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-576-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@yandex.ru header.s=mail header.b=TZdYIJ7t; spf=pass (google.com: domain of linux-bluetooth+bounces-576-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-576-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 8CAA61F21157 for ; Wed, 13 Dec 2023 15:52:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9E77A85360; Wed, 13 Dec 2023 15:52:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b="TZdYIJ7t" X-Original-To: linux-bluetooth@vger.kernel.org X-Greylist: delayed 457 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 13 Dec 2023 07:51:50 PST Received: from forward206c.mail.yandex.net (forward206c.mail.yandex.net [178.154.239.215]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3BB3BD for ; Wed, 13 Dec 2023 07:51:50 -0800 (PST) Received: from forward103c.mail.yandex.net (forward103c.mail.yandex.net [IPv6:2a02:6b8:c03:500:1:45:d181:d103]) by forward206c.mail.yandex.net (Yandex) with ESMTP id C972966BAA for ; Wed, 13 Dec 2023 18:44:16 +0300 (MSK) Received: from mail-nwsmtp-smtp-production-main-87.sas.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-87.sas.yp-c.yandex.net [IPv6:2a02:6b8:c08:73a3:0:640:6804:0]) by forward103c.mail.yandex.net (Yandex) with ESMTP id 177FB608ED; Wed, 13 Dec 2023 18:44:11 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-87.sas.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id AilRk427W8c0-BY56GguT; Wed, 13 Dec 2023 18:44:10 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1702482250; bh=46pELxcl3h+ZZCUid6qf+O0+xAaOxFBvxW8XKl5Ws/I=; h=Message-ID:Date:Cc:Subject:To:From; b=TZdYIJ7tKFyworef4ghdhyYzS7mh2vvlDGvuPRCN+Ge8zv5aycCS4leWdB7lQ/LQe ZGRiFqzLA+Wa2SPTS5/itSRSNujSteWgxcxTeYVKVGjydp60O1MNkKTODN1c9d2keJ FTqdmZaQCLX90D9lmfnRRg/oWnQ8G955vPlK7Y4c= Authentication-Results: mail-nwsmtp-smtp-production-main-87.sas.yp-c.yandex.net; dkim=pass header.i=@yandex.ru From: Dmitry Antipov To: Marcel Holtmann Cc: Johan Hedberg , linux-bluetooth@vger.kernel.org, Dmitry Antipov Subject: [PATCH] bluetooth: bnep: fix fortify warning Date: Wed, 13 Dec 2023 18:42:57 +0300 Message-ID: <20231213154303.159184-1-dmantipov@yandex.ru> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When compiling with gcc version 14.0.0 20231206 (experimental) and CONFIG_FORTIFY_SOURCE=y, I've noticed the following warning: In function 'fortify_memcpy_chk', inlined from '__skb_put_data' at ./include/linux/skbuff.h:2599:2, inlined from 'bnep_rx_frame.isra' at net/bluetooth/bnep/core.c:388:3: ./include/linux/fortify-string.h:588:25: warning: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Wattribute-warning] 588 | __read_overflow2_field(q_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There is a 'memcpy()' call underneath '__skb_put_data()', and the former is interpreted as an attempt to copy ETH_ALEN + 2 (which is 8) bytes from the 6-byte 'h_source' field of 'struct ethhdr', which causes an overread warning. The convenient way to avoid it is to use 'struct_group()', i.e.: struct ethhdr { unsigned char h_dest[ETH_ALEN]; struct_group(xxx, unsigned char h_source[ETH_ALEN]; __be16 h_proto; ); } __attribute__((packed)); But since 'struct ethhdr' is a fundamental type and most likely it would be a bad idea to mess it up that way just for the sake of a few bluetooth bits, I would suggest an ad-hoc quirk instead. Signed-off-by: Dmitry Antipov --- net/bluetooth/bnep/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c index 5a6a49885ab6..8edceb4d2a4f 100644 --- a/net/bluetooth/bnep/core.c +++ b/net/bluetooth/bnep/core.c @@ -385,7 +385,8 @@ static int bnep_rx_frame(struct bnep_session *s, struct sk_buff *skb) case BNEP_COMPRESSED_DST_ONLY: __skb_put_data(nskb, skb_mac_header(skb), ETH_ALEN); - __skb_put_data(nskb, s->eh.h_source, ETH_ALEN + 2); + __skb_put_data(nskb, (unsigned char *)&s->eh + ETH_ALEN, + ETH_ALEN + 2); break; case BNEP_GENERAL: -- 2.43.0