From: lihaojie <[email protected]> Adjust the positions of target_ref and target_comm to reduce their direct proximity. This can prevent the memset operation on target_ref from potentially affecting target_comm
The compiler's static analysis tool considers that the memset operation might affect the adjacent struct member target_comm, potentially causing subsequent writes to target_comm to exceed its boundaries. Even if an overflow does not actually occur, the compiler may issue a warning because it cannot fully determine the safety of the operation. Verification: - "pahole" shows no size nor member offset changes to struct audit_context. - "objdump -d" shows no object code changes. Signed-off-by: lihaojie <[email protected]> --- kernel/audit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/audit.h b/kernel/audit.h index 0211cb307d30..77c140228a4a 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -144,8 +144,8 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - struct lsm_prop target_ref; char target_comm[TASK_COMM_LEN]; + struct lsm_prop target_ref; struct audit_tree_refs *trees, *first_trees; struct list_head killed_trees; -- 2.25.1 On Tue, Dec 3, 2024 at 6:13 PM Paul Moore <[email protected]> wrote: > > That's obviously a cut-n-paste error above, please fix that. > > You also sent this patch three times, that's very annoying, please > don't do that in the future. > > Finally, can you provide a link with an explanation as to how the > struct_group() union/annotations is the only way to do this? It's > kinda ugly and if there is another way to do this I would like to > understand what it entails. Hi Paul, Thank you for your feedback. That's obviously a cut-n-paste error above, please fix that. - Corrected the verification section to refer to struct audit_context instead of struct vlan_ethhdr. You also sent this patch three times, that's very annoying, please don't do that in the future. - This is my first time submitting a patch to the community, I will pay attention afterwards Finally, can you provide a link with an explanation as to how the struct_group() union/annotations is the only way to do this? It's kinda ugly and if there is another way to do this I would like to understand what it entails. - I found linux codebase change, memcpy() change to strscpy() in audit_ptrace(), struct_group() cannot pass parameters to strscpy() so i submit patch v2, please check above.
