On Thu, Dec 29, 2022 at 12:28:14PM -0800, Guenter Roeck wrote:
On Thu, Dec 29, 2022 at 6:43 AM Julius Werner jwerner@chromium.org wrote:
I can confirm that this warning is a false positive, at least. We're intentionally copying bytes from beyond the end of the header structure in this case.
I don't know what kind of kernel system detects this stuff at runtime and how to silence it. Probably need to add a void pointer cast or something?
This is part of kernel hardening code. Kees Cook might know what to do about it.
One could probably throw in casts, like this example did:
0d043351e5ba ext4: fix fortify warning in fs/ext4/fast_commit.c:1551
Or one could probably imitate this example, and insert an appropriate flexible array (possibly with yet another union?):
b43088f30db1 s390/zcrypt: fix warning about field-spanning write
Side mostly-unrelated note: coreboot_table_populate() doesn't do any bounds checking that the individual entry copies don't overflow the table buffer size. We're _probably_ not that interested in recovering from a malicious (or even buggy) Coreboot, but it does seem like an area of improvement.
Brian
Guenter
On Thu, Dec 29, 2022 at 11:46 AM Paul Menzel pmenzel@molgen.mpg.de wrote:
Dear Linux folks,
Running Linux v6.2-rc1+ on a motherboard using coreboot as firmware, the warning below is shown.
[ 1.630244] ------------[ cut here ]------------ [ 1.630249] memcpy: detected field-spanning write (size 168) of single field "&device->entry" at drivers/firmware/google/coreboot_table.c:103 (size 8) [ 1.630299] WARNING: CPU: 1 PID: 150 at drivers/firmware/google/coreboot_table.c:103 coreboot_table_probe+0x1ea/0x210 [coreboot_table]
[...]