| Message ID | 20240909110938.247976-1-arnd@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | firmware: arm_ffa: avoid string-fortify warningn in export_uuid() | expand |
On Mon, Sep 09, 2024 at 11:09:24AM +0000, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@arndb.de> > > Copying to a 16 byte structure into an 8-byte struct member > causes a compile-time warning: > > In file included from drivers/firmware/arm_ffa/driver.c:25: > In function 'fortify_memcpy_chk', > inlined from 'export_uuid' at include/linux/uuid.h:88:2, > inlined from 'ffa_msg_send_direct_req2' at drivers/firmware/arm_ffa/driver.c:488:2: > include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] > 571 | __write_overflow_field(p_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Use a union for the conversion instead and make sure the byte order > is fixed in the process. > Thanks for spotting and fixing the issue. I tested enabling CONFIG_FORTIFY_SOURCE but couldn't hit this with gcc 13 and clang 20 Also do you want this sent as fix on top of my FF-A PR now or after -rc1 ? -- Regards, Sudeep
On Wed, Sep 11, 2024, at 14:14, Sudeep Holla wrote: > On Mon, Sep 09, 2024 at 11:09:24AM +0000, Arnd Bergmann wrote: >> From: Arnd Bergmann <arnd@arndb.de> >> >> Copying to a 16 byte structure into an 8-byte struct member >> causes a compile-time warning: >> >> In file included from drivers/firmware/arm_ffa/driver.c:25: >> In function 'fortify_memcpy_chk', >> inlined from 'export_uuid' at include/linux/uuid.h:88:2, >> inlined from 'ffa_msg_send_direct_req2' at drivers/firmware/arm_ffa/driver.c:488:2: >> include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] >> 571 | __write_overflow_field(p_size_field, size); >> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> Use a union for the conversion instead and make sure the byte order >> is fixed in the process. >> > > Thanks for spotting and fixing the issue. I tested enabling > CONFIG_FORTIFY_SOURCE but couldn't hit this with gcc 13 and clang 20 Unfortunately I also don't have a reproducer at the moment, but I know it was from a randconfig build with gcc-14.2. I tried another few hundred randconfigs now with my patch reverted but it didn't come back. I assume it only shows up in rare combinations of some options, Do you have any additional information on the endianess question? Is this arm_ffa firmware code supposed to work with big-endian kernels? > Also do you want this sent as fix on top of my FF-A PR now or after -rc1 ? Earlier would be better I think. I usually have one set of bugfixes before rc1 even if it doesn't make it into the first set of branches. Arnd
On Wed, Sep 11, 2024 at 02:44:25PM +0000, Arnd Bergmann wrote: > On Wed, Sep 11, 2024, at 14:14, Sudeep Holla wrote: > > On Mon, Sep 09, 2024 at 11:09:24AM +0000, Arnd Bergmann wrote: > >> From: Arnd Bergmann <arnd@arndb.de> > >> > >> Copying to a 16 byte structure into an 8-byte struct member > >> causes a compile-time warning: > >> > >> In file included from drivers/firmware/arm_ffa/driver.c:25: > >> In function 'fortify_memcpy_chk', > >> inlined from 'export_uuid' at include/linux/uuid.h:88:2, > >> inlined from 'ffa_msg_send_direct_req2' at drivers/firmware/arm_ffa/driver.c:488:2: > >> include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] > >> 571 | __write_overflow_field(p_size_field, size); > >> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >> > >> Use a union for the conversion instead and make sure the byte order > >> is fixed in the process. > >> > > > > Thanks for spotting and fixing the issue. I tested enabling > > CONFIG_FORTIFY_SOURCE but couldn't hit this with gcc 13 and clang 20 > > Unfortunately I also don't have a reproducer at the moment, > but I know it was from a randconfig build with gcc-14.2. I tried > another few hundred randconfigs now with my patch reverted but it > didn't come back. I assume it only shows up in rare combinations > of some options, > Oh OK. > Do you have any additional information on the endianess question? > Is this arm_ffa firmware code supposed to work with big-endian > kernels? > I am trying to check if that is a requirement. Also the specification doesn't have any specific mention about it. Since it executes on the same AP cores as Linux in different EL, I assume the entire stack must be running same endian-ness. I will check internally. Unlike SCMI, I haven't tested FF-A with big-endian kernel so far. > > Also do you want this sent as fix on top of my FF-A PR now or after -rc1 ? > > Earlier would be better I think. I usually have one set of > bugfixes before rc1 even if it doesn't make it into the > first set of branches. > I will try to send earlier unless this endian-ness triggers more questions. I will update here anyways.
On Mon, 09 Sep 2024 11:09:24 +0000, Arnd Bergmann wrote: > Copying to a 16 byte structure into an 8-byte struct member > causes a compile-time warning: > > In file included from drivers/firmware/arm_ffa/driver.c:25: > In function 'fortify_memcpy_chk', > inlined from 'export_uuid' at include/linux/uuid.h:88:2, > inlined from 'ffa_msg_send_direct_req2' at drivers/firmware/arm_ffa/driver.c:488:2: > include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] > 571 | __write_overflow_field(p_size_field, size); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > [...] Sorry for the delay, was trying to see if I can test BE kernel and see if it needs more fixing. The spec does require all memory region to be LE. I will do that later, for now I am pulling this as fix for v6.12 Applied to sudeep.holla/linux (for-next/ffa/fixes), thanks! [1/1] firmware: arm_ffa: avoid string-fortify warningn in export_uuid() https://git.kernel.org/sudeep.holla/c/629253b2f6d7 -- Regards, Sudeep
diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c index 4d231bc375e0..8dd81db9b071 100644 --- a/drivers/firmware/arm_ffa/driver.c +++ b/drivers/firmware/arm_ffa/driver.c @@ -481,11 +481,16 @@ static int ffa_msg_send_direct_req2(u16 src_id, u16 dst_id, const uuid_t *uuid, struct ffa_send_direct_data2 *data) { u32 src_dst_ids = PACK_TARGET_INFO(src_id, dst_id); + union { + uuid_t uuid; + __le64 regs[2]; + } uuid_regs = { .uuid = *uuid }; ffa_value_t ret, args = { - .a0 = FFA_MSG_SEND_DIRECT_REQ2, .a1 = src_dst_ids, + .a0 = FFA_MSG_SEND_DIRECT_REQ2, + .a1 = src_dst_ids, + .a2 = le64_to_cpu(uuid_regs.regs[0]), + .a3 = le64_to_cpu(uuid_regs.regs[1]), }; - - export_uuid((u8 *)&args.a2, uuid); memcpy((void *)&args + offsetof(ffa_value_t, a4), data, sizeof(*data)); invoke_ffa_fn(args, &ret);