Re: include/linux/fortify-string.h:50:33: warning: '__builtin_memset' offset [0, 7] is out of the bounds [0, 0]
From: Kees Cook
Date: Thu Dec 01 2022 - 19:35:31 EST
On Sun, Nov 27, 2022 at 12:37:10PM +0800, kernel test robot wrote:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: faf68e3523c21d07c5f7fdabd0daf6301ff8db3f
> commit: ba38961a069b0d8d03b53218a6c29d737577d448 um: Enable FORTIFY_SOURCE
> date: 3 months ago
> config: um-allyesconfig
> compiler: gcc-11 (Debian 11.3.0-8) 11.3.0
> reproduce (this is a W=1 build):
> # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba38961a069b0d8d03b53218a6c29d737577d448
> git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> git fetch --no-tags linus master
> git checkout ba38961a069b0d8d03b53218a6c29d737577d448
> # save the config file
> mkdir build_dir && cp config build_dir/.config
> make W=1 O=build_dir ARCH=um SHELL=/bin/bash
>
> If you fix the issue, kindly add following tag where applicable
> | Reported-by: kernel test robot <lkp@xxxxxxxxx>
>
> All warnings (new ones prefixed by >>):
>
> In file included from include/linux/string.h:253,
> from include/linux/bitmap.h:11,
> from include/linux/cpumask.h:12,
> from include/linux/mm_types_task.h:14,
> from include/linux/mm_types.h:5,
> from include/linux/buildid.h:5,
> from include/linux/module.h:14,
> from arch/um/drivers/virt-pci.c:6:
> arch/um/drivers/virt-pci.c: In function 'um_pci_send_cmd':
> include/linux/fortify-string.h:48:33: warning: argument 1 null where non-null expected [-Wnonnull]
> 48 | #define __underlying_memcpy __builtin_memcpy
> | ^
> include/linux/fortify-string.h:438:9: note: in expansion of macro '__underlying_memcpy'
> 438 | __underlying_##op(p, q, __fortify_size); \
> | ^~~~~~~~~~~~~
> include/linux/fortify-string.h:483:26: note: in expansion of macro '__fortify_memcpy_chk'
> 483 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> | ^~~~~~~~~~~~~~~~~~~~
> arch/um/drivers/virt-pci.c:100:9: note: in expansion of macro 'memcpy'
> 100 | memcpy(buf, cmd, cmd_size);
> | ^~~~~~
> include/linux/fortify-string.h:48:33: note: in a call to built-in function '__builtin_memcpy'
> 48 | #define __underlying_memcpy __builtin_memcpy
> | ^
> include/linux/fortify-string.h:438:9: note: in expansion of macro '__underlying_memcpy'
> 438 | __underlying_##op(p, q, __fortify_size); \
> | ^~~~~~~~~~~~~
> include/linux/fortify-string.h:483:26: note: in expansion of macro '__fortify_memcpy_chk'
> 483 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> | ^~~~~~~~~~~~~~~~~~~~
> arch/um/drivers/virt-pci.c:100:9: note: in expansion of macro 'memcpy'
> 100 | memcpy(buf, cmd, cmd_size);
> | ^~~~~~
> arch/um/drivers/virt-pci.c: In function 'um_pci_cfgspace_read':
> >> include/linux/fortify-string.h:50:33: warning: '__builtin_memset' offset [0, 7] is out of the bounds [0, 0] [-Warray-bounds]
> 50 | #define __underlying_memset __builtin_memset
> | ^
> include/linux/fortify-string.h:316:9: note: in expansion of macro '__underlying_memset'
> 316 | __underlying_memset(p, c, __fortify_size); \
> | ^~~~~~~~~~~~~~~~~~~
> include/linux/fortify-string.h:323:25: note: in expansion of macro '__fortify_memset_chk'
> 323 | #define memset(p, c, s) __fortify_memset_chk(p, c, s, \
> | ^~~~~~~~~~~~~~~~~~~~
> arch/um/drivers/virt-pci.c:192:9: note: in expansion of macro 'memset'
> 192 | memset(buf->data, 0xff, sizeof(buf->data));
> | ^~~~~~
I had noticed this too while running kunit tests, but never tracked it
down. That's done now. Patch sent:
https://lore.kernel.org/lkml/20221202003137.never.887-kees@xxxxxxxxxx
Thanks!
-Kees
--
Kees Cook