include/linux/fortify-string.h:179:17: error: call to '__write_overflow' declared with attribute error: detected write beyond size of object (1st parameter)

From: kernel test robot
Date: Tue Nov 23 2021 - 18:12:01 EST


tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 136057256686de39cc3a07c2e39ef6bc43003ff6
commit: c430f60036af44079170ff71a461b9d7cf5ee431 fortify: Move remaining fortify helpers into fortify-string.h
date: 8 weeks ago
config: arm-randconfig-r011-20211123 (https://download.01.org/0day-ci/archive/20211124/202111240718.sP0LNt2k-lkp@xxxxxxxxx/config.gz)
compiler: arm-linux-gnueabi-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c430f60036af44079170ff71a461b9d7cf5ee431
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout c430f60036af44079170ff71a461b9d7cf5ee431
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=arm SHELL=/bin/bash drivers/scsi/qla2xxx/ net/smc/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>

All errors (new ones prefixed by >>):

In file included from include/linux/string.h:253,
from include/linux/bitmap.h:10,
from include/linux/cpumask.h:12,
from include/linux/mm_types_task.h:14,
from include/linux/mm_types.h:5,
from include/linux/buildid.h:5,
from include/linux/module.h:14,
from drivers/scsi/qla2xxx/qla_def.h:12,
from drivers/scsi/qla2xxx/qla_mr.c:6:
In function 'memset',
inlined from 'qlafx00_start_scsi' at drivers/scsi/qla2xxx/qla_mr.c:3132:2:
>> include/linux/fortify-string.h:179:17: error: call to '__write_overflow' declared with attribute error: detected write beyond size of object (1st parameter)
179 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
In function 'memset',
inlined from 'qlafx00_fxdisc_iocb' at drivers/scsi/qla2xxx/qla_mr.c:3327:6:
>> include/linux/fortify-string.h:179:17: error: call to '__write_overflow' declared with attribute error: detected write beyond size of object (1st parameter)
179 | __write_overflow();
| ^~~~~~~~~~~~~~~~~~
--
In file included from <command-line>:
net/smc/smc_llc.c: In function 'smc_llc_add_pending_send':
include/linux/compiler_types.h:317:45: error: call to '__compiletime_assert_540' declared with attribute error: must increase SMC_WR_BUF_SIZE to at least sizeof(struct smc_llc_msg)
317 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
| ^
include/linux/compiler_types.h:298:25: note: in definition of macro '__compiletime_assert'
298 | prefix ## suffix(); \
| ^~~~~~
include/linux/compiler_types.h:317:9: note: in expansion of macro '_compiletime_assert'
317 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
| ^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:39:37: note: in expansion of macro 'compiletime_assert'
39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
| ^~~~~~~~~~~~~~~~~~
net/smc/smc_llc.c:365:9: note: in expansion of macro 'BUILD_BUG_ON_MSG'
365 | BUILD_BUG_ON_MSG(
| ^~~~~~~~~~~~~~~~
include/linux/compiler_types.h:317:45: error: call to '__compiletime_assert_541' declared with attribute error: must adapt SMC_WR_TX_SIZE to sizeof(struct smc_llc_msg); if not all smc_wr upper layer protocols use the same message size any more, must start to set link->wr_tx_sges[i].length on each individual smc_wr_tx_send()
317 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
| ^
include/linux/compiler_types.h:298:25: note: in definition of macro '__compiletime_assert'
298 | prefix ## suffix(); \
| ^~~~~~
include/linux/compiler_types.h:317:9: note: in expansion of macro '_compiletime_assert'
317 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
| ^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:39:37: note: in expansion of macro 'compiletime_assert'
39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
| ^~~~~~~~~~~~~~~~~~
net/smc/smc_llc.c:368:9: note: in expansion of macro 'BUILD_BUG_ON_MSG'
368 | BUILD_BUG_ON_MSG(
| ^~~~~~~~~~~~~~~~
In file included from include/linux/string.h:253,
from include/linux/bitmap.h:10,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/spinlock.h:63,
from include/linux/wait.h:9,
from include/linux/wait_bit.h:8,
from include/linux/fs.h:6,
from include/linux/highmem.h:5,
from include/linux/bvec.h:10,
from include/linux/skbuff.h:17,
from include/linux/tcp.h:17,
from include/net/tcp.h:20,
from net/smc/smc_llc.c:13:
In function 'memcpy',
inlined from 'smc_llc_send_message_wait' at net/smc/smc_llc.c:594:2,
inlined from 'smc_llc_send_link_delete_all' at net/smc/smc_llc.c:1328:8:
>> include/linux/fortify-string.h:194:25: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object (2nd parameter)
194 | __read_overflow2();
| ^~~~~~~~~~~~~~~~~~


vim +/__write_overflow +179 include/linux/fortify-string.h

a28a6e860c6cf2 Francis Laniel 2021-02-25 173
a28a6e860c6cf2 Francis Laniel 2021-02-25 174 __FORTIFY_INLINE void *memset(void *p, int c, __kernel_size_t size)
a28a6e860c6cf2 Francis Laniel 2021-02-25 175 {
a28a6e860c6cf2 Francis Laniel 2021-02-25 176 size_t p_size = __builtin_object_size(p, 0);
a28a6e860c6cf2 Francis Laniel 2021-02-25 177
a28a6e860c6cf2 Francis Laniel 2021-02-25 178 if (__builtin_constant_p(size) && p_size < size)
a28a6e860c6cf2 Francis Laniel 2021-02-25 @179 __write_overflow();
a28a6e860c6cf2 Francis Laniel 2021-02-25 180 if (p_size < size)
a28a6e860c6cf2 Francis Laniel 2021-02-25 181 fortify_panic(__func__);
a28a6e860c6cf2 Francis Laniel 2021-02-25 182 return __underlying_memset(p, c, size);
a28a6e860c6cf2 Francis Laniel 2021-02-25 183 }
a28a6e860c6cf2 Francis Laniel 2021-02-25 184
a28a6e860c6cf2 Francis Laniel 2021-02-25 185 __FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
a28a6e860c6cf2 Francis Laniel 2021-02-25 186 {
a28a6e860c6cf2 Francis Laniel 2021-02-25 187 size_t p_size = __builtin_object_size(p, 0);
a28a6e860c6cf2 Francis Laniel 2021-02-25 188 size_t q_size = __builtin_object_size(q, 0);
a28a6e860c6cf2 Francis Laniel 2021-02-25 189
a28a6e860c6cf2 Francis Laniel 2021-02-25 190 if (__builtin_constant_p(size)) {
a28a6e860c6cf2 Francis Laniel 2021-02-25 191 if (p_size < size)
a28a6e860c6cf2 Francis Laniel 2021-02-25 192 __write_overflow();
a28a6e860c6cf2 Francis Laniel 2021-02-25 193 if (q_size < size)
a28a6e860c6cf2 Francis Laniel 2021-02-25 @194 __read_overflow2();
a28a6e860c6cf2 Francis Laniel 2021-02-25 195 }
a28a6e860c6cf2 Francis Laniel 2021-02-25 196 if (p_size < size || q_size < size)
a28a6e860c6cf2 Francis Laniel 2021-02-25 197 fortify_panic(__func__);
a28a6e860c6cf2 Francis Laniel 2021-02-25 198 return __underlying_memcpy(p, q, size);
a28a6e860c6cf2 Francis Laniel 2021-02-25 199 }
a28a6e860c6cf2 Francis Laniel 2021-02-25 200

:::::: The code at line 179 was first introduced by commit
:::::: a28a6e860c6cf231cf3c5171c75c342adcd00406 string.h: move fortified functions definitions in a dedicated header.

:::::: TO: Francis Laniel <laniel_francis@xxxxxxxxxxxxxxxxxxx>
:::::: CC: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx