openwrt

mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2026-02-09 20:32:50 +01:00

History

Jan Hoffmann 6df4e4663b ltq-vdsl-vr11-mei: fix field-spanning write warning Since the update to kernel 6.1, a warning like this appears in the kernel log: [ 49.773953] ------------[ cut here ]------------ [ 49.773998] WARNING: CPU: 3 PID: 2349 at target-arm_cortex-a7+neon-vfpv4_musl_eabi/linux-ipq40xx_generic/dsl_cpe_mei-ugw_8.5.2.10/src/drv_mei_cpe_msg_process.c:3570 MEI_IoctlCmdMsgWrite+0x290/0x2c8 [drv_mei_cpe] [ 49.777670] memcpy: detected field-spanning write (size 4) of single field "pDestPtr" at target-arm_cortex-a7+neon-vfpv4_musl_eabi/linux-ipq40xx_generic/dsl_cpe_mei-ugw_8.5.2.10/src/drv_mei_cpe_msg_process.c:3570 (size 2) ... [ 50.087078] ---[ end trace 0000000000000000 ]--- The variable "pDestPtr" points to the field "header.index" in a CMV_STD_MESSAGE_T struct (header is a CMV_STD_MESSAGE_HEADER_T struct). The offending code intentionally copies data beyond this field, which is followed by "header.length" and "payload". To fix this, change the assignment of "pDestPtr" to use the pointer to the message plus the offset of the "header.index" field. This way, the compiler knows about the size and thus the false positive warning disappears. While at it, also adjust all places where similar code is used to copy from a CMV_STD_MESSAGE_T struct. Also mark all related structs as packed, because the code (and the driver in general) seems to rely on that anyway. Fixes: https://github.com/openwrt/openwrt/issues/17142 Signed-off-by: Jan Hoffmann <jan@3e8.eu> Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250206225444.2521817-1-jan@3e8.eu/ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>		2025-02-22 18:53:05 +01:00
..
ath10k-ct	ath10k-ct: select mac80211 debugfs support	2024-10-06 23:19:38 +02:00
bcm27xx-gpu-fw	bcm27xx-gpu-fw: update to v1.20241126	2024-12-28 18:50:36 +01:00
bcm63xx-cfe	bcm63xx-cfe: update to latest version	2024-06-26 19:26:34 +02:00
bpf-headers	bpf-headers: update to version 6.6	2024-09-20 23:17:43 +02:00
button-hotplug	button-hotplug: simplify build	2022-10-24 20:49:34 +02:00
cryptodev-linux	cryptodev-linux: change home-page URL	2024-11-12 14:28:36 +01:00
dtc/patches	package: kernel: dtc: Add DTO support	2017-11-06 16:39:41 +01:00
gpio-button-hotplug	treewide: remove THIS_MODULE assignment	2024-11-10 02:16:31 +01:00
gpio-nct5104d	treewide: remove THIS_MODULE assignment	2024-11-10 02:16:31 +01:00
lantiq	ltq-vdsl-vr11-mei: fix field-spanning write warning	2025-02-22 18:53:05 +01:00
leds-gca230718	kernel: leds-gca230718: remove _remove	2024-12-24 00:23:35 +01:00
leds-ws2812b	kernel: ws2812b: use devm for mutex_init	2024-10-06 12:21:51 +02:00
linux	kernel: modules: netdevices: add realtek DSA modules	2025-02-06 09:51:13 +01:00
mac80211	mac80211: rt2x00: fix eeprom load from PCI eFuse	2025-02-13 00:26:22 +01:00
mt76	mt76: update to Git HEAD (2025-02-14)	2025-02-14 11:30:39 +01:00
mt7621-qtn-rgmii	treewide: rename ZyXEL to Zyxel	2024-08-25 15:08:25 +02:00
mwlwifi	mwlwifi: update to version 10.4.11-20250206	2025-02-19 09:55:25 +01:00
nat46	treewide: update PKG_MIRROR_HASH to zst	2024-04-06 11:24:18 +02:00
qca-nss-dp	nss-dp: switchdev: apply flag dependency directives	2025-02-14 12:39:17 +01:00
qca-ssdk	qca-ssdk: add support for ipq50xx	2025-02-06 09:51:13 +01:00
r8101	kernel: r8101: print link status when link up	2024-08-18 19:31:55 +02:00
r8125	kernel: r8125: update to v9.014.01	2024-11-06 11:41:20 +01:00
r8126	kernel: r8126: update to v10.014.01	2024-11-05 00:33:02 +01:00
r8168	kernel: r8168: update to v8.055.00	2025-02-05 08:56:07 +01:00
rtc-rv5c386a	kernel: Make use of KERNEL_MAKE	2022-12-17 20:12:31 +01:00
rtl8812au-ct	rtl8812au-ct: fix build with mac80211 6.9.9 backport	2024-07-13 14:25:36 +02:00
trelay	package: drop PKG_VERSION for purely local packages	2020-07-15 18:33:56 +02:00
ubnt-ledbar	ubnt-ledbar: fix compilation error	2024-10-08 22:24:54 +02:00
ubootenv-nvram	treewide: remove THIS_MODULE assignment	2024-11-10 02:16:31 +01:00