From nobody Sun Feb 8 11:40:21 2026 Received: from mail-pl1-f225.google.com (mail-pl1-f225.google.com [209.85.214.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5ACC73191D0 for ; Wed, 31 Dec 2025 10:28:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.225 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767176935; cv=none; b=m6FJF8dIlhagCMKgyQwUOPlihNhoNdivMjVsLJ2Kg1u5I48EjFkqlgRkm5zKZqCxBHJa7j+Gf4MTAWT0k+u9OXo6qR6JZkFUBPM/wcxEcr4eC2KKzkj8O1az+LRT7xYot1P7D4XdkaeDyjqB9xd9eZ1+MeqHws1GIfLf6xAVaCI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767176935; c=relaxed/simple; bh=G/ZhUjmDDhcPrFgzKSf53vaiynE6E43XY/+UxifF9h0=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=Uf5hTAYwHB8bH0f6+cBNLnG94SumqRMFVaVwQ3/K8EKRK7mj3sSfoLjbfdDSxQWbSSbvlfQFwOosrG73KHmDTaeCsrYphpdYm3fUBb6ri3z0yyxJSBjGpbbXhivQQ+7sGIszxwyoKh6EI35w2A8wFpzQUgoayKKOCqDOhzXjS6U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=CG6E3ytb; arc=none smtp.client-ip=209.85.214.225 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="CG6E3ytb" Received: by mail-pl1-f225.google.com with SMTP id d9443c01a7336-2a09d981507so78831235ad.1 for ; Wed, 31 Dec 2025 02:28:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767176931; x=1767781731; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=17YsCloS89Rp+LrUIY8Ph1LvawoB0k2+NF16uLKUGNs=; b=k0qJZbxD1DrM/8Fpa7E9PFFSIz0BiX3wxY1RY7v+DHhyEgGVK5v35tRMcvf1pkLxnF dI2zpz/tcYthWA15TJdU8AxS6e32VIsiwSm9W3WHZM7Xa4tqGTF+KZgHewiCx3AAHN9q P8P3nddSI1huNaO/dLcfmDXa1PJCVFmVQqmjtpoqFRoJi8Gd0m5pA6nwx96Y9xNUo60m Ke1DJcrK+Ojnk6qElzFs9lmvOspMVk5u7vTTqykEde/h+d1Z9eAlAp0Lap5pNGTyG0EF iqSm6P22ZUyJFpeVIsIvSNL6nUd9r9OaPisvG1D1NhCDgCEG9HpDQJD73sUIHZ4HwrZL nwwQ== X-Forwarded-Encrypted: i=1; AJvYcCWDS5x4JqA1JA4aOKm4+ScbS81h1+8t57Jy1dGm4W8wdxMUkQAHLP/MfER06vU3zTYwCGlM4KqYmDIQMaQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yw+8DkPRN06JhkPpmViPyQYpbDb8ZR9DPaIYsxavWPUZMP5HcEQ IwaEl6BKwTL/H/IiMerB3mAsmt2iY1s0eRNM9j7YxE8EchlemqQNx5rn4Zf4myMDaFioosPuAB3 fCpkOxq3cxIodm50nju1pZlM4XPWY12Gf/zsPKaZfohEp5k2vYrVZuYkKfRnTUA12e3AkooervV 2IxC5Aocxy6tvR0dEFqfdU3G/ruAjuY6lTFAFGycFqxxcgR8taQaiTAYTt6pxn7pKYBYo43MKCB a0PhNbLDNTQUFyTBgEI2Xrs4A== X-Gm-Gg: AY/fxX7IZ+XL/ytbl4qPmNfrxTxkcRF8FXKNSmLQr/cEsnZznisnyX/vmDDTBAlKviH TK2CHct1LOr2eXxLr8/HdajBCttdKEC0CwBNLNvy84uRVdzmuUzN6TgBtAcuI4iYVfivRcP5P1D 5iyXkojjnx+msDZDYmkRDAEnvoYHPRZ7EesXfzbVwRYgdJW6NPAI5JpU4qzT15vwi4f+63Ds/1y +irS9JodRWkN5CHE0vO7LVYzqILuRoaNkXyEl3lxJsB/tn5umNvVQCBfPltLhhjZY1IAv8Q89+O IsCAB7/qRi21kh5uECG8QAl3SMFDdlITcKR/ITB1rfzkXm0WG5v+WDDFSbM0gv+qsCPHhAixpFD NXpSiX3oYcLNq3ugz5lAothyQPTHO+pkIKOF1eXl23AIW6UxENSlxofmcimw/M9Y3geOGo3VxtM g1HswF5xGdHNQxEfWnZ8+5q6pDH5ytX6plGuii/VeXEaQmoQ== X-Google-Smtp-Source: AGHT+IHwvdP7a90kyu8Cdnz/abgRjjccPtF45hbtuxZfvQ/j0SGj2FIiV3rDOEMdy1S3+HYq2U07wP+G8d3D X-Received: by 2002:a17:903:2450:b0:2a0:e5c3:d149 with SMTP id d9443c01a7336-2a2f0d40410mr377212045ad.23.1767176931573; Wed, 31 Dec 2025 02:28:51 -0800 (PST) Received: from smtp-us-east1-p01-i01-si01.dlp.protect.broadcom.com (address-144-49-247-2.dlp.protect.broadcom.com. [144.49.247.2]) by smtp-relay.gmail.com with ESMTPS id d9443c01a7336-2a2f3d5625bsm38684685ad.46.2025.12.31.02.28.51 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Dec 2025 02:28:51 -0800 (PST) X-Relaying-Domain: broadcom.com X-CFilter-Loop: Reflected Received: by mail-dl1-f72.google.com with SMTP id a92af1059eb24-11ddcc9f85eso20261384c88.0 for ; Wed, 31 Dec 2025 02:28:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1767176930; x=1767781730; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=17YsCloS89Rp+LrUIY8Ph1LvawoB0k2+NF16uLKUGNs=; b=CG6E3ytb7GTrRoLviwY+HQ4chjiidzeAQ/A/eazj1P2ntX/baFhTroNumoHT81k7lQ LBHGERPlAWcBGsw5e1ppHTF6u3XkMza6W08Hhi+K5JXaQUSDx/ALZPKWpo3DyveFpLSu 97+toV7FOESq9McllKVLVLyerc4FfBOTcg3tU= X-Forwarded-Encrypted: i=1; AJvYcCUyFjiLAkHroy9N/0BqJRvXbC+B0pk+ESkEBo6lwROqMZfZAN4EeKR7fQdmprPR6yRMpX9Ude0vTc66WH4=@vger.kernel.org X-Received: by 2002:a05:7022:688:b0:119:e569:f86c with SMTP id a92af1059eb24-12171a75857mr35097122c88.9.1767176929714; Wed, 31 Dec 2025 02:28:49 -0800 (PST) X-Received: by 2002:a05:7022:688:b0:119:e569:f86c with SMTP id a92af1059eb24-12171a75857mr35097111c88.9.1767176929152; Wed, 31 Dec 2025 02:28:49 -0800 (PST) Received: from shivania.lvn.broadcom.net ([192.19.161.250]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-121725548b5sm138692126c88.17.2025.12.31.02.28.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Dec 2025 02:28:48 -0800 (PST) From: Shivani Agarwal To: stable@vger.kernel.org, gregkh@linuxfoundation.org Cc: miklos@szeredi.hu, amir73il@gmail.com, linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, ajay.kaher@broadcom.com, alexey.makhalov@broadcom.com, vamsi-krishna.brahmajosyula@broadcom.com, yin.ding@broadcom.com, tapas.kundu@broadcom.com, Kees Cook , syzbot+9d14351a171d0d1c7955@syzkaller.appspotmail.com, "Gustavo A . R . Silva" , Miklos Szeredi , Shivani Agarwal Subject: [PATCH v5.10] ovl: Use "buf" flexible array for memcpy() destination Date: Wed, 31 Dec 2025 02:08:09 -0800 Message-Id: <20251231100809.642262-1-shivani.agarwal@broadcom.com> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-DetectorID-Processed: b00c1d49-9d2e-4205-b15f-d015386d3d5e Content-Type: text/plain; charset="utf-8" From: Kees Cook commit cf8aa9bf97cadf85745506c6a3e244b22c268d63 upstream. The "buf" flexible array needs to be the memcpy() destination to avoid false positive run-time warning from the recent FORTIFY_SOURCE hardening: memcpy: detected field-spanning write (size 93) of single field "&fh->fb" at fs/overlayfs/export.c:799 (size 21) Reported-by: syzbot+9d14351a171d0d1c7955@syzkaller.appspotmail.com Link: https://lore.kernel.org/all/000000000000763a6c05e95a5985@google.com/ Signed-off-by: Kees Cook Reviewed-by: Gustavo A. R. Silva Signed-off-by: Miklos Szeredi Signed-off-by: Greg Kroah-Hartman [Shivani: Modified to apply on 5.10.y] Signed-off-by: Shivani Agarwal --- fs/overlayfs/export.c | 2 +- fs/overlayfs/overlayfs.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c index f98128317..dd3e1969e 100644 --- a/fs/overlayfs/export.c +++ b/fs/overlayfs/export.c @@ -788,7 +788,7 @@ static struct ovl_fh *ovl_fid_to_fh(struct fid *fid, in= t buflen, int fh_type) return ERR_PTR(-ENOMEM); =20 /* Copy unaligned inner fh into aligned buffer */ - memcpy(&fh->fb, fid, buflen - OVL_FH_WIRE_OFFSET); + memcpy(fh->buf, fid, buflen - OVL_FH_WIRE_OFFSET); return fh; } =20 diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 87b7a4a74..5ac968f70 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -104,7 +104,7 @@ struct ovl_fh { u8 padding[3]; /* make sure fb.fid is 32bit aligned */ union { struct ovl_fb fb; - u8 buf[0]; + DECLARE_FLEX_ARRAY(u8, buf); }; } __packed; =20 --=20 2.40.4