[PATCH] [RESEND] orangefs: fix out-of-bounds fsid access
From: Arnd Bergmann
Date: Wed Mar 20 2024 - 14:07:10 EST
From: Arnd Bergmann <arnd@xxxxxxxx>
orangefs_statfs() copies two consecutive fields of the superblock into
the statfs structure, which triggers a warning from the string fortification
helpers:
In file included from fs/orangefs/super.c:8:
include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
__read_overflow2_field(q_size_field, size);
Change the memcpy() to an individual assignment of the two fields, which helps
both the compiler and human readers understand better what it does.
Link: https://lore.kernel.org/all/20230622101701.3399585-1-arnd@xxxxxxxxxx/
Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
---
I sent this last year but never got a reply
---
fs/orangefs/super.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/orangefs/super.c b/fs/orangefs/super.c
index fd20ed1de4e9..c714380ab38b 100644
--- a/fs/orangefs/super.c
+++ b/fs/orangefs/super.c
@@ -201,7 +201,10 @@ static int orangefs_statfs(struct dentry *dentry, struct kstatfs *buf)
(long)new_op->downcall.resp.statfs.files_avail);
buf->f_type = sb->s_magic;
- memcpy(&buf->f_fsid, &ORANGEFS_SB(sb)->fs_id, sizeof(buf->f_fsid));
+ buf->f_fsid = (__kernel_fsid_t) {{
+ ORANGEFS_SB(sb)->fs_id,
+ ORANGEFS_SB(sb)->id,
+ }};
buf->f_bsize = new_op->downcall.resp.statfs.block_size;
buf->f_namelen = ORANGEFS_NAME_MAX;
--
2.39.2