On 17.08.2021 23:05:29, Kees Cook wrote:
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memset(), avoid intentionally writing across neighboring fields.
Add struct_group() to mark both regions of struct flexcan_regs that get initialized to zero. Avoid the future warnings:
In function 'fortify_memset_chk', inlined from 'memset_io' at ./include/asm-generic/io.h:1169:2, inlined from 'flexcan_ram_init' at drivers/net/can/flexcan.c:1403:2: ./include/linux/fortify-string.h:199:4: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning] 199 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function 'fortify_memset_chk', inlined from 'memset_io' at ./include/asm-generic/io.h:1169:2, inlined from 'flexcan_ram_init' at drivers/net/can/flexcan.c:1408:3: ./include/linux/fortify-string.h:199:4: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning] 199 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc: Wolfgang Grandegger wg@grandegger.com Cc: Marc Kleine-Budde mkl@pengutronix.de Cc: "David S. Miller" davem@davemloft.net Cc: Jakub Kicinski kuba@kernel.org Cc: linux-can@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook keescook@chromium.org
Acked-by: Marc Kleine-Budde mkl@pengutronix.de
- memset_io(®s->mb[0][0], 0,
offsetof(struct flexcan_regs, rx_smb1[3]) -offsetof(struct flexcan_regs, mb[0][0]) + 0x4);
- memset_io(®s->init, 0, sizeof(regs->init));
This even makes the code more readable! \o/
if (priv->can.ctrlmode & CAN_CTRLMODE_FD)
memset_io(®s->tx_smb_fd[0], 0,offsetof(struct flexcan_regs, rx_smb1_fd[17]) -offsetof(struct flexcan_regs, tx_smb_fd[0]) + 0x4);
memset_io(®s->init_fd, 0, sizeof(regs->init_fd));reg_ctrl2 &= ~FLEXCAN_CTRL2_WRMFRZ; priv->write(reg_ctrl2, ®s->ctrl2);
regards, Marc