]> git.baikalelectronics.ru Git - kernel.git/commitdiff
wifi: wil6210: fix fortify warnings
authorDmitry Antipov <dmantipov@yandex.ru>
Wed, 21 Jun 2023 09:36:55 +0000 (12:36 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 23 Sep 2023 09:11:01 +0000 (11:11 +0200)
[ Upstream commit 1ad8237e971630c66a1a6194491e0837b64d00e0 ]

When compiling with gcc 13.1 and CONFIG_FORTIFY_SOURCE=y,
I've noticed the following:

In function ‘fortify_memcpy_chk’,
    inlined from ‘wil_rx_crypto_check_edma’ at drivers/net/wireless/ath/wil6210/txrx_edma.c:566:2:
./include/linux/fortify-string.h:529:25: warning: call to ‘__read_overflow2_field’
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Wattribute-warning]
  529 |                         __read_overflow2_field(q_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

where the compiler complains on:

const u8 *pn;
...
pn = (u8 *)&st->ext.pn_15_0;
...
memcpy(cc->pn, pn, IEEE80211_GCMP_PN_LEN);

and:

In function ‘fortify_memcpy_chk’,
    inlined from ‘wil_rx_crypto_check’ at drivers/net/wireless/ath/wil6210/txrx.c:684:2:
./include/linux/fortify-string.h:529:25: warning: call to ‘__read_overflow2_field’
declared with attribute warning: detected read beyond size of field (2nd parameter);
maybe use struct_group()? [-Wattribute-warning]
  529 |                         __read_overflow2_field(q_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

where the compiler complains on:

const u8 *pn = (u8 *)&d->mac.pn_15_0;
...
memcpy(cc->pn, pn, IEEE80211_GCMP_PN_LEN);

In both cases, the fortification logic interprets 'memcpy()' as 6-byte
overread of 2-byte field 'pn_15_0' of 'struct wil_rx_status_extension'
and 'pn_15_0' of 'struct vring_rx_mac', respectively. To silence
these warnings, last two fields of the aforementioned structures
are grouped using 'struct_group_attr(pn, __packed' quirk.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230621093711.80118-1-dmantipov@yandex.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/net/wireless/ath/wil6210/txrx.c
drivers/net/wireless/ath/wil6210/txrx.h
drivers/net/wireless/ath/wil6210/txrx_edma.c
drivers/net/wireless/ath/wil6210/txrx_edma.h

index 237cbd5c5060bd3bc0b40c017317aaa23232128f..f29ac6de713994df19194b77bcd36a4e75fb2e7f 100644 (file)
@@ -666,7 +666,7 @@ static int wil_rx_crypto_check(struct wil6210_priv *wil, struct sk_buff *skb)
        struct wil_tid_crypto_rx *c = mc ? &s->group_crypto_rx :
                                      &s->tid_crypto_rx[tid];
        struct wil_tid_crypto_rx_single *cc = &c->key_id[key_id];
-       const u8 *pn = (u8 *)&d->mac.pn_15_0;
+       const u8 *pn = (u8 *)&d->mac.pn;
 
        if (!cc->key_set) {
                wil_err_ratelimited(wil,
index 1ae1bec1b97f1ae08b97dd8c065e8a504d3ebcb0..689f68d89a440cb96df508df18a8853e5edc4498 100644 (file)
@@ -343,8 +343,10 @@ struct vring_rx_mac {
        u32 d0;
        u32 d1;
        u16 w4;
-       u16 pn_15_0;
-       u32 pn_47_16;
+       struct_group_attr(pn, __packed,
+               u16 pn_15_0;
+               u32 pn_47_16;
+       );
 } __packed;
 
 /* Rx descriptor - DMA part
index 201c8c35e0c9efac4d58d32a91fb9f12b9daa42d..1ba1f21ebea26f971c9b8bbb964d0102ebae7807 100644 (file)
@@ -548,7 +548,7 @@ static int wil_rx_crypto_check_edma(struct wil6210_priv *wil,
        s = &wil->sta[cid];
        c = mc ? &s->group_crypto_rx : &s->tid_crypto_rx[tid];
        cc = &c->key_id[key_id];
-       pn = (u8 *)&st->ext.pn_15_0;
+       pn = (u8 *)&st->ext.pn;
 
        if (!cc->key_set) {
                wil_err_ratelimited(wil,
index c736f7413a35f870b79d46b1e89e404c4c1b546c..ee90e225bb050c28c3dce639ca7920082d136a29 100644 (file)
@@ -330,8 +330,10 @@ struct wil_rx_status_extension {
        u32 d0;
        u32 d1;
        __le16 seq_num; /* only lower 12 bits */
-       u16 pn_15_0;
-       u32 pn_47_16;
+       struct_group_attr(pn, __packed,
+               u16 pn_15_0;
+               u32 pn_47_16;
+       );
 } __packed;
 
 struct wil_rx_status_extended {