Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp7710150rwd;
        Tue, 20 Jun 2023 05:19:36 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ5G4BZD0VdzvCk21zyryCDtf73PQBmmgy+pEZSsIALZU/QcmgcKyDHN8tfNDj3vI/YY/8ZN
X-Received: by 2002:a17:90a:5643:b0:25b:de6b:b2d7 with SMTP id d3-20020a17090a564300b0025bde6bb2d7mr23887670pji.11.1687263576424;
        Tue, 20 Jun 2023 05:19:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1687263576; cv=none;
        d=google.com; s=arc-20160816;
        b=Irc8zUtuuvzssiS0HvecJtpBL2Kf/4T2ipNiYa5khB0pw/XiaN1dydcCzhD1Mi016v
         ZEwss5HOTvLfcXkw4/RBtjPf18Q45IvTw3tMl/VXgRPqXSX5MYPiKtL3DzR964Su6Q4r
         RH6K3+hGz54S/IJnCrUrVRASMc1PWAWO2GhOHfAGAkEhY7vlozgen6jqMkAv+gLarjR6
         FWURDGb8enBnn2DOnnh/TvbMG6iGcN6bD7PHNOKpoWUrBa9JcfvxRdo3t88RyZQvDe7v
         S3rE+FCY2psRpqu85T+RN4e1nYuaqkKCHwplZTs+XHs1r2e0YyOtH5E1FN+UjzlzvumV
         s+iQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:references:in-reply-to:subject:cc:to:dkim-signature
         :from;
        bh=wlNOAkBGqBUKlGJJ2s1E8snNuk4EkoPnvii5JK8Stw4=;
        b=bRou5BQcS3w0L+wMvfjnOWIHNrH7Fs/PtKkii1jLUYgQmImQ1bD5ajxKwcZ4JlW6oO
         SZ5Rs2sXHEP2jqSYFKVd+sSZ4zlNIgiVzQ+C9poVvAQQoO0PsxkSI5E6chYzIr03+SJ1
         LYWuHbxDN3eQJcj8vk6AzsyCMTdRXPILjwo53NIH4gYNEUJllf+2cRFUw5pOrB3wSVOJ
         GGrfIygIctuV8VGZEUpI5HxzomUlWYNOyBgwXJMn2ZbJB4q47iWJPm2Jgt3k2IsBCy0O
         Uy2eW6XoradaOqnnpGvXLaPs7RqmVrWPnHMak2dN1MSVfuIYreo01zHIqzTh6bdZtdRL
         ruRA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@toke.dk header.s=20161023 header.b=XZDpRP7w;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=toke.dk
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id v7-20020a17090a6b0700b002533b600bbesi9586014pjj.101.2023.06.20.05.19.24;
        Tue, 20 Jun 2023 05:19:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@toke.dk header.s=20161023 header.b=XZDpRP7w;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=toke.dk
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232705AbjFTMFq (ORCPT <rfc822;zoranvukanac@gmail.com>
        + 59 others); Tue, 20 Jun 2023 08:05:46 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43306 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232490AbjFTMFe (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Tue, 20 Jun 2023 08:05:34 -0400
Received: from mail.toke.dk (mail.toke.dk [IPv6:2a0c:4d80:42:2001::664])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2DAFE10FE
        for <linux-wireless@vger.kernel.org>; Tue, 20 Jun 2023 05:05:33 -0700 (PDT)
From:   Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023;
        t=1687262731; bh=iEvcG1hfUI3EmH+FYz733tQLDNTMqJ93GoyIPa5mB+0=;
        h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
        b=XZDpRP7wol6lCFJpBufe1nO0Dz2XaZVjWOOs96K96tjrPbZixyMn0gWnhTeAIy07A
         DOfCHegiQsR7JNecu0A6KZx3Qu8LT3ekxwDiKiRO1788d5V72gUcookkd0js/jMb0l
         3SAL+w8WnwuuDTKJ2CbE7dVXv6g21kh8RHIaVu938n35jSQM7hEVbw1MkrtxKi9EgC
         rCALm/kNMH8jdR3Q4NG/yu9dlnqW5VIJpguFKr4LOxOuNsl4rENZ40nBChYtD6SiAn
         THfiKOvClblybReIJPZ3v/DW4RbJVIHf2nrKaQvoCdBgD+4D6HHK4hdMvLJ4tCzYVx
         i9qqwhdgrFNPQ==
To:     Dmitry Antipov <dmantipov@yandex.ru>
Cc:     Kalle Valo <kvalo@kernel.org>, linux-wireless@vger.kernel.org,
        Dmitry Antipov <dmantipov@yandex.ru>,
        Johannes Berg <johannes@sipsolutions.net>
Subject: Re: [PATCH 2/2] [v2] wifi: ath9k: fix fortify warnings
In-Reply-To: <20230620080855.396851-2-dmantipov@yandex.ru>
References: <20230620080855.396851-1-dmantipov@yandex.ru>
 <20230620080855.396851-2-dmantipov@yandex.ru>
Date:   Tue, 20 Jun 2023 14:05:31 +0200
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <877crye3uc.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

Dmitry Antipov <dmantipov@yandex.ru> writes:

> When compiling with gcc 13.1 and CONFIG_FORTIFY_SOURCE=3Dy,
> I've noticed the following:
>
> In function =E2=80=98fortify_memcpy_chk=E2=80=99,
>     inlined from =E2=80=98ath_tx_complete_aggr=E2=80=99 at drivers/net/wi=
reless/ath/ath9k/xmit.c:556:4,
>     inlined from =E2=80=98ath_tx_process_buffer=E2=80=99 at drivers/net/w=
ireless/ath/ath9k/xmit.c:773:3:
> ./include/linux/fortify-string.h:529:25: warning: call to =E2=80=98__read=
_overflow2_field=E2=80=99
> declared with attribute warning: detected read beyond size of field (2nd =
parameter);
> maybe use struct_group()? [-Wattribute-warning]
>   529 |                         __read_overflow2_field(q_size_field, size=
);
>       |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> In function =E2=80=98fortify_memcpy_chk=E2=80=99,
>     inlined from =E2=80=98ath_tx_count_frames=E2=80=99 at drivers/net/wir=
eless/ath/ath9k/xmit.c:473:3,
>     inlined from =E2=80=98ath_tx_complete_aggr=E2=80=99 at drivers/net/wi=
reless/ath/ath9k/xmit.c:572:2,
>     inlined from =E2=80=98ath_tx_process_buffer=E2=80=99 at drivers/net/w=
ireless/ath/ath9k/xmit.c:773:3:
> ./include/linux/fortify-string.h:529:25: warning: call to =E2=80=98__read=
_overflow2_field=E2=80=99
> declared with attribute warning: detected read beyond size of field (2nd =
parameter);
> maybe use struct_group()? [-Wattribute-warning]
>   529 |                         __read_overflow2_field(q_size_field, size=
);
>       |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> In both cases, the compiler complains on:
>
> memcpy(ba, &ts->ba_low, WME_BA_BMP_SIZE >> 3);
>
> which is the legal way to copy both 'ba_low' and following 'ba_high'
> members of 'struct ath_tx_status' at once (that is, issue one 8-byte
> 'memcpy()' for two 4-byte fields). Since the fortification logic seems
> interprets this trick as an attempt to overread 4-byte 'ba_low', silence
> relevant warnings by using the convenient 'struct_group()' quirk.
>
> Suggested-by: Johannes Berg <johannes@sipsolutions.net>
> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>

Acked-by: Toke H=C3=B8iland-J=C3=B8rgensen <toke@toke.dk>