Re: [Intel-wired-lan] [PATCH net-next v6 19/21] pfcp: always set pfcp metadata

Thu, 04 Apr 2024 02:49:05 -0700 

On Wed, Apr 03, 2024 at 10:59:36PM +0200, Arnd Bergmann wrote:
> On Wed, Mar 27, 2024, at 16:23, Alexander Lobakin wrote:
> 
> > +static int pfcp_encap_recv(struct sock *sk, struct sk_buff *skb)
> > +{
> > +   IP_TUNNEL_DECLARE_FLAGS(flags) = { };
> > +   struct metadata_dst *tun_dst;
> > +   struct pfcp_metadata *md;
> > +   struct pfcphdr *unparsed;
> > +   struct pfcp_dev *pfcp;
> > +
> > +   if (unlikely(!pskb_may_pull(skb, PFCP_HLEN)))
> > +           goto drop;
> > +
> > +   pfcp = rcu_dereference_sk_user_data(sk);
> > +   if (unlikely(!pfcp))
> > +           goto drop;
> > +
> > +   unparsed = pfcp_hdr(skb);
> > +
> > +   ip_tunnel_flags_zero(flags);
> > +   tun_dst = udp_tun_rx_dst(skb, sk->sk_family, flags, 0,
> > +                            sizeof(*md));
> > +   if (unlikely(!tun_dst))
> > +           goto drop;
> > +
> > +   md = ip_tunnel_info_opts(&tun_dst->u.tun_info);
> > +   if (unlikely(!md))
> > +           goto drop;
> > +
> > +   if (unparsed->flags & PFCP_SEID_FLAG)
> > +           pfcp_session_recv(pfcp, skb, md);
> > +   else
> > +           pfcp_node_recv(pfcp, skb, md);
> > +
> > +   __set_bit(IP_TUNNEL_PFCP_OPT_BIT, flags);
> > +   ip_tunnel_info_opts_set(&tun_dst->u.tun_info, md, sizeof(*md),
> > +                           flags);
> > +
> 
> The memcpy() in the ip_tunnel_info_opts_set() causes
> a string.h fortification warning, with at least gcc-13:
> 
>     In function 'fortify_memcpy_chk',
>         inlined from 'ip_tunnel_info_opts_set' at 
> include/net/ip_tunnels.h:619:3,
>         inlined from 'pfcp_encap_recv' at drivers/net/pfcp.c:84:2:
>     include/linux/fortify-string.h:553:25: error: call to 
> '__write_overflow_field' declared with attribute warning: detected write 
> beyond size of field (1st parameter); maybe use struct_group()? 
> [-Werror=attribute-warning]
>       553 |                         __write_overflow_field(p_size_field, 
> size);
> 
> As far as I can tell, the warning is caused by the
> ambiguity of the union, but what I noticed is that
> it also seems to copy a buffer to itself, as 'md'
> is initialized to tun_dst->u.tun_info as well.
> 
> Is this intentional?

I used ip_tunnel_info_opts_set() to set options_len and flags.
You are right that it can and probably should be changed to:

__set_bit(IP_TUNNEL_PFCP_OPT_BIT, tun_dst->u.tun_info.key.tun_flags);
tun_dst->u.tun_info.options_len = sizeof(*md);

instead of copying the buffer. Thanks for pointing it.

Should I sent a fix to the net or patch to the maintainer? Sorry, don't
know how this kind of situations are being solved.

Michal

> 
>       Arnd

Reply via email to