Re: include/linux/fortify-string.h:293:17: error: call to '__write_overflow' declared with attribute error: detected write beyond size of object (1st parameter)

From: Arnd Bergmann
Date: Tue Nov 26 2024 - 11:41:35 EST


On Tue, Nov 26, 2024, at 16:12, Arnd Bergmann wrote:
> On Tue, Nov 26, 2024, at 15:58, Naresh Kamboju wrote:
>> Build error:
>> ---------
>> In function 'sized_strscpy',
>> inlined from '__audit_ptrace' at kernel/auditsc.c:2732:2:
>> include/linux/fortify-string.h:293:17: error: call to
>> '__write_overflow' declared with attribute error: detected write
>> beyond size of object (1st parameter)
>> 293 | __write_overflow();
>> | ^~~~~~~~~~~~~~~~~~
>> In function 'sized_strscpy',
>> inlined from 'audit_signal_info_syscall' at kernel/auditsc.c:2759:3:
>> include/linux/fortify-string.h:293:17: error: call to
>> '__write_overflow' declared with attribute error: detected write
>> beyond size of object (1st parameter)
>> 293 | __write_overflow();
>> | ^~~~~~~~~~~~~~~~~~
>> make[4]: *** [scripts/Makefile.build:229: kernel/auditsc.o] Error 1
>
> I have run into this specific one before but failed to
> come up with a working fix.
>
> I think the specific warning started with
>
> https://lore.kernel.org/all/20240828030321.20688-3-laoar.shao@xxxxxxxxx/
>
> but reverting that just replaces it with a slightly different
> warning. In my randconfig tree I have a patch that comments out
> the two security_task_getlsmprop_obj(), and I don't think I get
> warnings at the moment, but I no longer see why I would have done
> that.

Update: this seems to reliably avoid the warning, but I'm
still a bit lost about what exactly gcc warns about. I assume
this is a false-positive warning somewhere.

Added Kees and Gustavo to Cc in case they know what's going on.

Arnd

diff --git a/kernel/audit.h b/kernel/audit.h
index 0211cb307d30..31cc41b167ae 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -145,7 +145,9 @@ struct audit_context {
kuid_t target_uid;
unsigned int target_sessionid;
struct lsm_prop target_ref;
- char target_comm[TASK_COMM_LEN];
+ struct_group(_target_comm,
+ char target_comm[TASK_COMM_LEN];
+ );

struct audit_tree_refs *trees, *first_trees;
struct list_head killed_trees;