[PATCH] orangefs: fix out-of-bounds fsid access

From: Arnd Bergmann
Date: Thu Jun 22 2023 - 06:17:14 EST

Next message: rfoss: "Re: [PATCH v2] drm: bridge: dw-mipi-dsi: Fix enable/disable of DSI controller"
Previous message: Arnd Bergmann: "[PATCH] mlx5: avoid integer overflow warning for large page size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Arnd Bergmann <arnd@xxxxxxxx>

orangefs_statfs() copies two consecutive fields of the superblock into
the statfs structure, which triggers a warning from the string fortification
helpers:

In file included from fs/orangefs/super.c:8:
include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
__read_overflow2_field(q_size_field, size);

Change the memcpy() to an individual assignment of the two fields, which helps
both the compiler and human readers understand better what it does.

Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
---
fs/orangefs/super.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/orangefs/super.c b/fs/orangefs/super.c
index 5254256a224d7..509a74aca2dcb 100644
--- a/fs/orangefs/super.c
+++ b/fs/orangefs/super.c
@@ -201,7 +201,10 @@ static int orangefs_statfs(struct dentry *dentry, struct kstatfs *buf)
(long)new_op->downcall.resp.statfs.files_avail);

buf->f_type = sb->s_magic;
- memcpy(&buf->f_fsid, &ORANGEFS_SB(sb)->fs_id, sizeof(buf->f_fsid));
+ buf->f_fsid = (__kernel_fsid_t) {{
+ ORANGEFS_SB(sb)->fs_id,
+ ORANGEFS_SB(sb)->id,
+ }};
buf->f_bsize = new_op->downcall.resp.statfs.block_size;
buf->f_namelen = ORANGEFS_NAME_MAX;

--
2.39.2

Next message: rfoss: "Re: [PATCH v2] drm: bridge: dw-mipi-dsi: Fix enable/disable of DSI controller"
Previous message: Arnd Bergmann: "[PATCH] mlx5: avoid integer overflow warning for large page size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]