From nobody Sat Apr 11 21:31:56 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1772709551; cv=none; d=zohomail.com; s=zohoarc; b=M5DjyE3e1a/BJN8p7QFCQEwEb7UumIQL/zBxiulgJGOvWYyg1cFQEn73FO2UfFnvo7IGmIExZsFMl2KfUvREhoKofl8v5FilcrZuVcVBG2wOLq8st2Te5rEMC7ykSApIoCY23fLQVUp+KBPBy61zlQQU4E2LZO2oTlBkaHUjujc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1772709551; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=kBw5xZpZ5HLo1LF7ZTMTO+WtNbjWd3O9pSahygjjBYA=; b=UDI43P6eCB5PFuOdBCxElBufhUygqzKZRo3WwvqbSbBRtQw+xSfQxiS4sBQcpZg08TOQvvqNmG0KpqJNUJE9P/An+IjmuzxBk4rbXzHV6kee4OI2gTyU0biU0Ey+8EGaKmca3nESj64jbxP6uDm9o3E9TQ3YJqA71ydLlcaQwis= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1772709551927314.06947437496547; Thu, 5 Mar 2026 03:19:11 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vy6j1-0007zP-Mv; Thu, 05 Mar 2026 06:18:39 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vy6j0-0007z6-7A for qemu-devel@nongnu.org; Thu, 05 Mar 2026 06:18:38 -0500 Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vy6iy-0000R8-Bs for qemu-devel@nongnu.org; Thu, 05 Mar 2026 06:18:37 -0500 Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-439c9eb5d36so1566244f8f.2 for ; Thu, 05 Mar 2026 03:18:35 -0800 (PST) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-439b1b97927sm35837007f8f.28.2026.03.05.03.18.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Mar 2026 03:18:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1772709514; x=1773314314; darn=nongnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=kBw5xZpZ5HLo1LF7ZTMTO+WtNbjWd3O9pSahygjjBYA=; b=BZsq7sHr7zWYDZavmH9jPZxkPR9hX3QgFjICW2LTaKLAI3UIwljEL/TdpspuX8HbTD Tv8Tho34p9wW9geY3qvG3sV1QtVPSJjXnvK+jSpNkKgRfv/loFbk6D5iPF5BnHXGbmqC CtlWyn/eUmXJEgoEwa2H9aahtPP/j8ijA5qLx5QpD34mWXmrbbo+Komt5TIUSiDt2wWV 8gvvNwsi2ADnWqIPNQi7SBdr0hJF6afry3/ckrD4YEnPahaGXigJB+TqCkc5nWlYs/5G LRGJ+OAF5VZbtB/39sPmNoqLxi1fCrrUJxXwBJD3mNOzfjlLN8ucOBEbB6JseoDS7rQ9 alLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772709514; x=1773314314; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=kBw5xZpZ5HLo1LF7ZTMTO+WtNbjWd3O9pSahygjjBYA=; b=Afh0jnCB56n9HYjvq8oHxjcO8+L9FlYNUY8sMJmfihFuK9bks6WZskIOwsfzEcMq/P 65H4NcI0jSiOuw+MjXUG1Sh6JiTBs6qGd70Hd28ZjaYxFxyz1McHtnjJ5UX+ZirTEjJ6 Km3gkrqPAd/YA0t4NpV6eBV5J66msoA0ObVMJGz6l3etBCD1mugG55pE8Nc02/bBs5YM Z+TPmAFutkJ57rFjT77Ydj7M17sgVXtCneO/+XDGfg/eCbsRz/UZGdYIsweHNUe9MsMm v2OYEwAB4HTPsAADU2ocua6P8KC9ZYiMKsq4P24GkWnTha2jWmohk+xCuiaX+xq10gDb +vXw== X-Gm-Message-State: AOJu0YxJ6aD5MEXpqjfALEg/h47dT5d4HbmVCzPzQhFx+2ZziIosAhNe rYoC5xmT4HxRTHvnAGxW0aqnzQIcMZfxz/eMmvHXHZbgjpSZvYA/A+oT3BjWhAS8POB9H2Dse++ PABqz X-Gm-Gg: ATEYQzyyhO2kpBn3hkFkiI/QwTZoHhPY8KduJazCHa7I6dTAQ6tiPJN0gLWLCMIRFq/ Vc22nr0QPSExyMzMhNFr4n/Wbj1khH/WAqDP9oYUGe1JYStcYU91oTROj6TvVgqwoYJp3P/4yRH JU1FyftcEmChp/vRxOUp2pvmqH21A0BXpW26NGD59RZnWqnguV7gLU6UduDbL1v36U2XajhV9Oy fIss1YXJPaW2P43KwI+q+Y3YwGCFCNGDo2qtw+IuKgqUTpUEnnnRA01T2K/shzlHm58ZGsmFL/I 24GMXzCl1BBhigee89MW3thgs5vCQxHyB6h4Oa1trRa9WHDCT7w14GoIawvIVf9DnxWi3OKZXsb Qt5qmmox+jVSbMUgJfD69Ol5dqZyq/8o2GcHACFqZGVJYfvLA+wJNRUfmhs4jiq0g+LuyLVJgQW e5Dxw8h6TsPMp1TFfohWmKCTfsqYtBX53ujhoXMmzYJGLntkHU6W45QB4+Y0SqHJiOojYcbJn9k JFgnd43VW38IZrzR9re2GmzRBDrsNQ= X-Received: by 2002:a5d:5d82:0:b0:439:c5c5:4146 with SMTP id ffacd0b85a97d-439c7f64bdcmr10642548f8f.11.1772709514291; Thu, 05 Mar 2026 03:18:34 -0800 (PST) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Jason Wang , Yodel Eldar Subject: [PATCH] hw/net/rtl8319: Work around GCC sanitizer / -Wstringop-overflow bug Date: Thu, 5 Mar 2026 11:18:32 +0000 Message-ID: <20260305111832.1068093-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::42d; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1772709555063154100 If you compile QEMU with GCC with -fsanitize=3Daddress and -Wstringop-overflow, this causes GCC to produce a false-positive warning which it does not produce when the sanitizer is not enabled (and which makes compilation fail if you're using -Werror, as we do by default for builds from git): ../../hw/net/rtl8139.c: In function =E2=80=98rtl8139_io_writeb=E2=80=99: ../../hw/net/rtl8139.c:2264:17: error: writing 8 bytes into a region of siz= e 0 [-Werror=3Dstringop-overflow=3D] 2264 | memcpy(data_to_checksum, saved_ip_header + 12, 8); | ^ In file included from ../../hw/net/rtl8139.c:62: /home/pm215/qemu/include/net/eth.h:50:14: note: at offset [8, 48] into dest= ination object =E2=80=98ip_ver_len=E2=80=99 of size 1 50 | uint8_t ip_ver_len; /* version and header length */ | ^~~~~~~~~~ ../../hw/net/rtl8139.c:2192:21: error: writing 8 bytes into a region of siz= e 0 [-Werror=3Dstringop-overflow=3D] 2192 | memcpy(data_to_checksum, saved_ip_header + 12, = 8); | ^ /home/pm215/qemu/include/net/eth.h:50:14: note: at offset [8, 48] into dest= ination object =E2=80=98ip_ver_len=E2=80=99 of size 1 50 | uint8_t ip_ver_len; /* version and header length */ | ^~~~~~~~~~ ../../hw/net/rtl8139.c:2192:21: error: writing 8 bytes into a region of siz= e 0 [-Werror=3Dstringop-overflow=3D] 2192 | memcpy(data_to_checksum, saved_ip_header + 12, = 8); | ^ /home/pm215/qemu/include/net/eth.h:50:14: note: at offset [8, 48] into dest= ination object =E2=80=98ip_ver_len=E2=80=99 of size 1 50 | uint8_t ip_ver_len; /* version and header length */ | ^~~~~~~~~~ In file included from /home/pm215/qemu/include/system/memory.h:21, from /home/pm215/qemu/include/hw/pci/pci.h:4, from /home/pm215/qemu/include/hw/pci/pci_device.h:4, from ../../hw/net/rtl8139.c:54: In function =E2=80=98stl_he_p=E2=80=99, inlined from =E2=80=98stl_be_p=E2=80=99 at /home/pm215/qemu/include/qem= u/bswap.h:371:5, inlined from =E2=80=98rtl8139_cplus_transmit_one=E2=80=99 at ../../hw/n= et/rtl8139.c:2244:21, inlined from =E2=80=98rtl8139_cplus_transmit=E2=80=99 at ../../hw/net/r= tl8139.c:2345:28, inlined from =E2=80=98rtl8139_io_writeb=E2=80=99 at ../../hw/net/rtl813= 9.c:2728:17: /home/pm215/qemu/include/qemu/bswap.h:284:5: error: writing 4 bytes into a = region of size 0 [-Werror=3Dstringop-overflow=3D] 284 | __builtin_memcpy(ptr, &v, sizeof(v)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/pm215/qemu/include/net/eth.h: In function =E2=80=98rtl8139_io_writeb= =E2=80=99: /home/pm215/qemu/include/net/eth.h:50:14: note: at offset [24, 64] into des= tination object =E2=80=98ip_ver_len=E2=80=99 of size 1 50 | uint8_t ip_ver_len; /* version and header length */ | ^~~~~~~~~~ This has been triaged as a bug in GCC: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D114494 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D99673 (the sanitizer pass rewrites the IR in a way that conflicts with its use by the warning pass that runs afterwards). Since this is the only place in our code where we hit this, work around it by rewriting the relevant bit of code, and noting in a comment why we do so. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3006 Suggested-by: Daniel P. Berrang=C3=A9 Signed-off-by: Peter Maydell Reviewed-by: Daniel P. Berrang=C3=A9 --- Here's a patch that takes the "just work around this one problem" approach to the gcc sanitizer compile failure. On the fence about whether this is worth backporting to stable. --- hw/net/rtl8139.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c index 2ad6338ebe..eb4dfcfbe0 100644 --- a/hw/net/rtl8139.c +++ b/hw/net/rtl8139.c @@ -2092,7 +2092,20 @@ static int rtl8139_cplus_transmit_one(RTL8139State *= s) eth_payload_data =3D saved_buffer + ETH_HLEN; eth_payload_len =3D saved_size - ETH_HLEN; =20 - ip =3D (struct ip_header*)eth_payload_data; + /* + * It would be more natural to write this as + * ip =3D (struct ip_header *)eth_payload_data; + * (the IP header is at the start of the ethernet payload). + * However, writing it that way triggers a GCC bug where an + * interaction between -fsanitize=3Daddress and -Wstringop-ove= rflow + * results in a false-positive stringop-overflow warning that = is + * only emitted when the address sanitizer is enabled: + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D114494 + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D99673 + * So we work around this by writing the expression in an equi= valent + * way that doesn't run into this bug. + */ + ip =3D (struct ip_header *)saved_buffer + ETH_HLEN; =20 if (IP_HEADER_VERSION(ip) !=3D IP_HEADER_VERSION_4) { DPRINTF("+++ C+ mode packet has bad IP version %d " --=20 2.43.0