| Message ID | 20230822154336.12888-2-fw@strlen.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [net-next,01/10] netfilter: ebtables: fix fortify warnings in size_entry_mwt() | expand |
Hello: This series was applied to netdev/net-next.git (main) by Florian Westphal <fw@strlen.de>: On Tue, 22 Aug 2023 17:43:22 +0200 you wrote: > From: "GONG, Ruiqi" <gongruiqi1@huawei.com> > > When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following > warning appears: > > In function ‘fortify_memcpy_chk’, > inlined from ‘size_entry_mwt’ at net/bridge/netfilter/ebtables.c:2118:2: > ./include/linux/fortify-string.h:592:25: error: call to ‘__read_overflow2_field’ > declared with attribute warning: detected read beyond size of field (2nd parameter); > maybe use struct_group()? [-Werror=attribute-warning] > 592 | __read_overflow2_field(q_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > [...] Here is the summary with links: - [net-next,01/10] netfilter: ebtables: fix fortify warnings in size_entry_mwt() https://git.kernel.org/netdev/net-next/c/a7ed3465daa2 - [net-next,02/10] netfilter: ebtables: replace zero-length array members https://git.kernel.org/netdev/net-next/c/a2f02c9920b2 - [net-next,03/10] netfilter: ipset: refactor deprecated strncpy https://git.kernel.org/netdev/net-next/c/e53314034b23 - [net-next,04/10] netfilter: nf_tables: refactor deprecated strncpy https://git.kernel.org/netdev/net-next/c/6cdd75a4a66b - [net-next,05/10] netfilter: nf_tables: refactor deprecated strncpy https://git.kernel.org/netdev/net-next/c/7457af8bf994 - [net-next,06/10] netfilter: nft_osf: refactor deprecated strncpy https://git.kernel.org/netdev/net-next/c/6d87a4eae89e - [net-next,07/10] netfilter: nft_meta: refactor deprecated strncpy https://git.kernel.org/netdev/net-next/c/ad156c23d65c - [net-next,08/10] netfilter: x_tables: refactor deprecated strncpy https://git.kernel.org/netdev/net-next/c/06f7d3c3f82c - [net-next,09/10] netfilter: xtables: refactor deprecated strncpy https://git.kernel.org/netdev/net-next/c/aa222dd190d6 - [net-next,10/10] netfilter: nf_tables: allow loop termination for pending fatal signal https://git.kernel.org/netdev/net-next/c/169384fbe851 You are awesome, thank you!
diff --git a/include/uapi/linux/netfilter_bridge/ebtables.h b/include/uapi/linux/netfilter_bridge/ebtables.h index a494cf43a755..b0caad82b693 100644 --- a/include/uapi/linux/netfilter_bridge/ebtables.h +++ b/include/uapi/linux/netfilter_bridge/ebtables.h @@ -182,12 +182,14 @@ struct ebt_entry { unsigned char sourcemsk[ETH_ALEN]; unsigned char destmac[ETH_ALEN]; unsigned char destmsk[ETH_ALEN]; - /* sizeof ebt_entry + matches */ - unsigned int watchers_offset; - /* sizeof ebt_entry + matches + watchers */ - unsigned int target_offset; - /* sizeof ebt_entry + matches + watchers + target */ - unsigned int next_offset; + __struct_group(/* no tag */, offsets, /* no attrs */, + /* sizeof ebt_entry + matches */ + unsigned int watchers_offset; + /* sizeof ebt_entry + matches + watchers */ + unsigned int target_offset; + /* sizeof ebt_entry + matches + watchers + target */ + unsigned int next_offset; + ); unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); }; diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 757ec46fc45a..aa23479b20b2 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -2115,8 +2115,7 @@ static int size_entry_mwt(const struct ebt_entry *entry, const unsigned char *ba return ret; offsets[0] = sizeof(struct ebt_entry); /* matches come first */ - memcpy(&offsets[1], &entry->watchers_offset, - sizeof(offsets) - sizeof(offsets[0])); + memcpy(&offsets[1], &entry->offsets, sizeof(entry->offsets)); if (state->buf_kern_start) { buf_start = state->buf_kern_start + state->buf_kern_offset;