| Message ID | 20231010235609.work.594-kees@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp208600vqb;
Tue, 10 Oct 2023 16:56:52 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IG45xPyUUjnxqoiZx2NNBmYZk3/hZSQpbh1btDg3dGIdL2JwVTzJq1YEFLUDa3UbBQwiJTu
X-Received: by 2002:a05:6358:cc28:b0:143:92d5:1fdb with SMTP id
gx40-20020a056358cc2800b0014392d51fdbmr17261174rwb.0.1696982212038;
Tue, 10 Oct 2023 16:56:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696982211; cv=none;
d=google.com; s=arc-20160816;
b=ZdVU4NPkNoFF4f7IEtEZjXvf3FO9f9SMDRzz4qnVqMcfArz9nkNpxS8wbChukFnY6C
h/X3+BgKZ0gQYX5nx5z2ptAzXkjyWw0ujcn6hTBrktPKejdE/nA9uOEwfedpNZAAdMDj
ssrbT9eF+hgOhamkfFS+ZxBJz2x/zlqaC262J2x4ObhDrCM2kPL/87uRhF4vBvRGuWWu
n/4h7OyAcMoBSiC6Mo/ZxIaA7GRVqat8JYASi9m7HVzIHGyYX9d7cKq7d4yV8972NGbH
+4sX2mP3MKBGqfHRnPpS4X95ELgyLtK38/n4IidiuaZr+MKzCOE7BaMAM9+DmUjZs35p
7DsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=SdPr3RKtwxQhWuHnqZTk9V1Z28AKlq2nPJ/l3gwUyjE=;
fh=DQSc4j4325ucCh8buQx6ZWNdMkxGyBeIjCjy4nYDRII=;
b=JSArNjzBFLQUARWOBCSEPMt8PovX/pniW0v3RrIcP/vcg9wrHRerOkm2gBIC3uJHej
jEZp+ozqvKCOJ+VMww40MyCrrlafN+3XUyDtbpEeMicqOwWMotuyJ9jo6joYCLBf+qpg
q3rtOh8iQvvm7udUuIFYB9InyCOjizzkY+JUAWyVAE/iS+lMRumd6A8R0RkNPH2r48gp
6jRosKWnPEmPzs9HowCShA7t/5aq9VtzG5JrECJ4L8efJpHXxQkFavWWjhigogpyb8Gu
A3utntq1J1n/1pcDj9mBAhTbQmlhAL+Ay4gy/zcDOXxFAm9Eg1iOGOLBi9LWiQHS+hgw
1OwA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=m427+hn9;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:4 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4])
by mx.google.com with ESMTPS id
o2-20020a17090a5b0200b0027909685905si12622477pji.149.2023.10.10.16.56.51
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 10 Oct 2023 16:56:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:4 as permitted sender)
client-ip=2620:137:e000::3:4;
Authentication-Results: mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=m427+hn9;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:4 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by howler.vger.email (Postfix) with ESMTP id C48BF80A1E26;
Tue, 10 Oct 2023 16:56:49 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1344239AbjJJX4U (ORCPT <rfc822;rua109.linux@gmail.com>
+ 19 others); Tue, 10 Oct 2023 19:56:20 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50006 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1344228AbjJJX4S (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 10 Oct 2023 19:56:18 -0400
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com
[IPv6:2607:f8b0:4864:20::102e])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D708794
for <linux-kernel@vger.kernel.org>;
Tue, 10 Oct 2023 16:56:16 -0700 (PDT)
Received: by mail-pj1-x102e.google.com with SMTP id
98e67ed59e1d1-27cfb8442f9so482233a91.2
for <linux-kernel@vger.kernel.org>;
Tue, 10 Oct 2023 16:56:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=chromium.org; s=google; t=1696982176; x=1697586976;
darn=vger.kernel.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=SdPr3RKtwxQhWuHnqZTk9V1Z28AKlq2nPJ/l3gwUyjE=;
b=m427+hn96EjA9k673xw/YA0i4csQFSbT/Hq8f9wirAjqlOyW7qB17FdXINXZ9nUwq1
NYj6f0XnuvwhsidixeHHgvqdNQpaOkpyGrmQsYuuyha15E9j0A7t5KMgRjJDVfkqba+6
GX0iFcxYS4yicR2YLmE/TbWHqP1HlIpUkwjYg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1696982176; x=1697586976;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=SdPr3RKtwxQhWuHnqZTk9V1Z28AKlq2nPJ/l3gwUyjE=;
b=aznihZX0AWj+MzLkLIV5nfNnhm+udLNbEDT0xgVYijKO+c0YjTiA0xjG6vATuv+uAP
XAFA/xcyrLeYS4ET2SqUdZ6PkxIiej2xptZcmRPZl3pug6w7SygJpmP7XrqJbcxUaRpy
TjSJBOJ3z7VYLhZtR0EoblvDAMTvVlEEThm5j/zg8YvEne9Z8km6Qm9mfrSQ2jNRpIjn
qh0O82lJlB8x33cvMyBdd5TC3PodJmIqlZVSkQ1t2A6PUnRtLS/VmJtK092Nq7kMsQNJ
oNedNaOyljw1T+rst45wZJOlrzUEcKawuoZ48F65tLbRXcYHNUlF+nBlIsxB11IyN5fy
EN3Q==
X-Gm-Message-State: AOJu0YzmI5fAO4ljgInnOi30GcLrz/Kg5GepkjkbkjESHrIEMPX9H8h5
OruvP8KQ3K7be4dhi3xPUmaL8w==
X-Received: by 2002:a17:90a:d804:b0:273:efc0:33eb with SMTP id
a4-20020a17090ad80400b00273efc033ebmr14987050pjv.14.1696982176352;
Tue, 10 Oct 2023 16:56:16 -0700 (PDT)
Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net.
[198.0.35.241])
by smtp.gmail.com with ESMTPSA id
fa9-20020a17090af0c900b0027360359b70sm12746037pjb.48.2023.10.10.16.56.15
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 10 Oct 2023 16:56:15 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Kees Cook <keescook@chromium.org>,
Brian Foster <bfoster@redhat.com>,
linux-bcachefs@vger.kernel.org, kernel test robot <lkp@intel.com>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH] bcachefs: Refactor bkey_i to use a flexible array
Date: Tue, 10 Oct 2023 16:56:12 -0700
Message-Id: <20231010235609.work.594-kees@kernel.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=3104; i=keescook@chromium.org;
h=from:subject:message-id; bh=NfdMvLiG7AP1UedLusFnQqnFA5ZiezwfWaxIM+i+tRA=;
b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlJeScSUyz3NZfxL43a/8LlJ7zzNz0b3ul121Gl
upxtR3bHn2JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZSXknAAKCRCJcvTf3G3A
JoNbD/4whEZUDyONG/LAxsYi0gic1AeiW2Z37d9rJL7Rfib1H9dD+bou+gfPycZoOl1o5d0cZCY
bCtHhYf5PFfCLaRRmUGRKtfc41Wgc1b3VFfadHluT7vP26PMUnNlvw7NFYJvT4/LDXDBOML20YI
iYnbwgq/WlTapLBDULe9PutZ67M7Y4f6g56i2801W0pQwW0v1ue08ShxGEvHdCFLwJMYTHjFfJi
27ylDaeszwHHC80vtS9UAnrpllO5aXideMB2wAg55qT8J+LoxVqoixEcJ9vwiK9p/7bn78iJjWS
uYDQV24ERXP/K3lHSAuuqhi3PMGtiCBvyZvI0aUZmV0buzqlcN4AuAEjBhrGlxRoil/KJrPKfbI
UEj7HsIliQ5cCGXEXwaJPzifXGa10MgWAJSBlOUfpzkUMrwVyMDW7MwRkayQ3M8bOAnhLFYqnq1
Io+kKq29sLs+DBo9vTApgL4Rod2o+uFrF2EIDI/jrl+6pqBjxojxCzNVgH7AZzixKBFq1VSjw2e
e9Ff+cEZXZ878o+k81FTz42FxT+DT/zlqiD+/KGPhOnj5J5LLXILogAps2eLpfi2B5fm5Ty4Hbj
GsfXuU6y0XIX4wDT8xmB+O5SzFTAaDeSvb/Td4xmnQmqhxaVyonefLCpkR+kVcyX6nDGtEo6ZV4
hPufHRL lXjHsLzg==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=2.7 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]);
Tue, 10 Oct 2023 16:56:49 -0700 (PDT)
X-Spam-Level: **
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1779414819781348006
X-GMAIL-MSGID: 1779414819781348006
|
| Series |
bcachefs: Refactor bkey_i to use a flexible array
|
|
Commit Message
Kees Cook
Oct. 10, 2023, 11:56 p.m. UTC
The memcpy() in bch2_bkey_append_ptr() is operating on an embedded
fake flexible array. Instead, make it explicit, and convert the memcpy
to target the flexible array instead. Fixes the W=1 warning seen for
-Wstringop-overflow:
In file included from include/linux/string.h:254,
from include/linux/bitmap.h:11,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/radix-tree.h:14,
from include/linux/backing-dev-defs.h:6,
from fs/bcachefs/bcachefs.h:182:
fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
57 | #define __underlying_memcpy __builtin_memcpy
| ^
include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
648 | __underlying_##op(p, q, __fortify_size); \
| ^~~~~~~~~~~~~
include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
| ^~~~~~~~~~~~~~~~~~~~
fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
| ^~~~~~
fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
287 | struct bch_val v;
| ^
Cc: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Brian Foster <bfoster@redhat.com>
Cc: linux-bcachefs@vger.kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202309192314.VBsjiIm5-lkp@intel.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
---
fs/bcachefs/bcachefs_format.h | 5 ++++-
fs/bcachefs/extents.h | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
Comments
On Tue, Oct 10, 2023 at 04:56:12PM -0700, Kees Cook wrote: > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded > fake flexible array. Instead, make it explicit, and convert the memcpy > to target the flexible array instead. Fixes the W=1 warning seen for > -Wstringop-overflow: > > In file included from include/linux/string.h:254, > from include/linux/bitmap.h:11, > from include/linux/cpumask.h:12, > from include/linux/smp.h:13, > from include/linux/lockdep.h:14, > from include/linux/radix-tree.h:14, > from include/linux/backing-dev-defs.h:6, > from fs/bcachefs/bcachefs.h:182: > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr': > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] > 57 | #define __underlying_memcpy __builtin_memcpy > | ^ > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > 648 | __underlying_##op(p, q, __fortify_size); \ > | ^~~~~~~~~~~~~ > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > | ^~~~~~~~~~~~~~~~~~~~ > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy' > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k), > | ^~~~~~ > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0 > 287 | struct bch_val v; > | ^ > > Cc: Kent Overstreet <kent.overstreet@linux.dev> > Cc: Brian Foster <bfoster@redhat.com> > Cc: linux-bcachefs@vger.kernel.org > Reported-by: kernel test robot <lkp@intel.com> > Closes: https://lore.kernel.org/oe-kbuild-all/202309192314.VBsjiIm5-lkp@intel.com/ > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > fs/bcachefs/bcachefs_format.h | 5 ++++- > fs/bcachefs/extents.h | 2 +- > 2 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h > index f0d130440baa..f5e8cb43697b 100644 > --- a/fs/bcachefs/bcachefs_format.h > +++ b/fs/bcachefs/bcachefs_format.h > @@ -300,7 +300,10 @@ struct bkey_i { > __u64 _data[0]; > > struct bkey k; > - struct bch_val v; > + union { > + struct bch_val v; > + DECLARE_FLEX_ARRAY(__u8, bytes); > + }; > }; Hi Kees, I'm curious if this is something that could be buried in bch_val given it's already kind of a fake structure..? If not, my only nitty comment is that memcpy(k->bytes[], ...) makes it kind of read like we're copying in opaque key data rather than value data, so perhaps a slightly more descriptive field name would be helpful. But regardless I'd wait until Kent has a chance to comment before changing anything.. Brian > > #define KEY(_inode, _offset, _size) \ > diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h > index 7ee8d031bb6c..6248e17bbac5 100644 > --- a/fs/bcachefs/extents.h > +++ b/fs/bcachefs/extents.h > @@ -642,7 +642,7 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr > > ptr.type = 1 << BCH_EXTENT_ENTRY_ptr; > > - memcpy((void *) &k->v + bkey_val_bytes(&k->k), > + memcpy(&k->bytes[bkey_val_bytes(&k->k)], > &ptr, > sizeof(ptr)); > k->k.u64s++; > -- > 2.34.1 >
On Fri, Oct 13, 2023 at 07:26:11AM -0400, Brian Foster wrote: > On Tue, Oct 10, 2023 at 04:56:12PM -0700, Kees Cook wrote: > > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded > > fake flexible array. Instead, make it explicit, and convert the memcpy > > to target the flexible array instead. Fixes the W=1 warning seen for > > -Wstringop-overflow: > > > > In file included from include/linux/string.h:254, > > from include/linux/bitmap.h:11, > > from include/linux/cpumask.h:12, > > from include/linux/smp.h:13, > > from include/linux/lockdep.h:14, > > from include/linux/radix-tree.h:14, > > from include/linux/backing-dev-defs.h:6, > > from fs/bcachefs/bcachefs.h:182: > > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr': > > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] > > 57 | #define __underlying_memcpy __builtin_memcpy > > | ^ > > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > > 648 | __underlying_##op(p, q, __fortify_size); \ > > | ^~~~~~~~~~~~~ > > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > > | ^~~~~~~~~~~~~~~~~~~~ > > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy' > > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k), > > | ^~~~~~ > > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0 > > 287 | struct bch_val v; > > | ^ > > > > Cc: Kent Overstreet <kent.overstreet@linux.dev> > > Cc: Brian Foster <bfoster@redhat.com> > > Cc: linux-bcachefs@vger.kernel.org > > Reported-by: kernel test robot <lkp@intel.com> > > Closes: https://lore.kernel.org/oe-kbuild-all/202309192314.VBsjiIm5-lkp@intel.com/ > > Signed-off-by: Kees Cook <keescook@chromium.org> > > --- > > fs/bcachefs/bcachefs_format.h | 5 ++++- > > fs/bcachefs/extents.h | 2 +- > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h > > index f0d130440baa..f5e8cb43697b 100644 > > --- a/fs/bcachefs/bcachefs_format.h > > +++ b/fs/bcachefs/bcachefs_format.h > > @@ -300,7 +300,10 @@ struct bkey_i { > > __u64 _data[0]; > > > > struct bkey k; > > - struct bch_val v; > > + union { > > + struct bch_val v; > > + DECLARE_FLEX_ARRAY(__u8, bytes); > > + }; > > }; > > Hi Kees, > > I'm curious if this is something that could be buried in bch_val given > it's already kind of a fake structure..? If not, my only nitty comment I was thinking it would be best to keep the flexible array has "high" in the struct as possible, as in the future more refactoring will be needed to avoid having flex arrays overlap with other members in composite structures. So instead of pushing into bch_val, I left it at the highest level possible, bch_i, as that's the struct being used by the memcpy(). Eventually proper unions will be needed instead of overlapping bch_i with other types, as in: struct btree_root { struct btree *b; /* On disk root - see async splits: */ __BKEY_PADDED(key, BKEY_BTREE_PTR_VAL_U64s_MAX); u8 level; u8 alive; s8 error; }; But that's all for the future. Right now I wanted to deal with the more pressing matter of a 0-sized array not being zero sized. :) > is that memcpy(k->bytes[], ...) makes it kind of read like we're copying > in opaque key data rather than value data, so perhaps a slightly more > descriptive field name would be helpful. But regardless I'd wait until > Kent has a chance to comment before changing anything.. How about "v_bytes" instead of "bytes"? Or if it really is preferred, I can move the flex array into bch_val -- it just seems like the wrong layer... -Kees > > Brian > > > > > #define KEY(_inode, _offset, _size) \ > > diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h > > index 7ee8d031bb6c..6248e17bbac5 100644 > > --- a/fs/bcachefs/extents.h > > +++ b/fs/bcachefs/extents.h > > @@ -642,7 +642,7 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr > > > > ptr.type = 1 << BCH_EXTENT_ENTRY_ptr; > > > > - memcpy((void *) &k->v + bkey_val_bytes(&k->k), > > + memcpy(&k->bytes[bkey_val_bytes(&k->k)], > > &ptr, > > sizeof(ptr)); > > k->k.u64s++; > > -- > > 2.34.1 > > >
On Fri, Oct 13, 2023 at 04:44:21PM -0700, Kees Cook wrote: > On Fri, Oct 13, 2023 at 07:26:11AM -0400, Brian Foster wrote: > > On Tue, Oct 10, 2023 at 04:56:12PM -0700, Kees Cook wrote: > > > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded > > > fake flexible array. Instead, make it explicit, and convert the memcpy > > > to target the flexible array instead. Fixes the W=1 warning seen for > > > -Wstringop-overflow: > > > > > > In file included from include/linux/string.h:254, > > > from include/linux/bitmap.h:11, > > > from include/linux/cpumask.h:12, > > > from include/linux/smp.h:13, > > > from include/linux/lockdep.h:14, > > > from include/linux/radix-tree.h:14, > > > from include/linux/backing-dev-defs.h:6, > > > from fs/bcachefs/bcachefs.h:182: > > > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr': > > > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] > > > 57 | #define __underlying_memcpy __builtin_memcpy > > > | ^ > > > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > > > 648 | __underlying_##op(p, q, __fortify_size); \ > > > | ^~~~~~~~~~~~~ > > > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > > > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > > > | ^~~~~~~~~~~~~~~~~~~~ > > > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy' > > > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k), > > > | ^~~~~~ > > > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0 > > > 287 | struct bch_val v; > > > | ^ > > > > > > Cc: Kent Overstreet <kent.overstreet@linux.dev> > > > Cc: Brian Foster <bfoster@redhat.com> > > > Cc: linux-bcachefs@vger.kernel.org > > > Reported-by: kernel test robot <lkp@intel.com> > > > Closes: https://lore.kernel.org/oe-kbuild-all/202309192314.VBsjiIm5-lkp@intel.com/ > > > Signed-off-by: Kees Cook <keescook@chromium.org> > > > --- > > > fs/bcachefs/bcachefs_format.h | 5 ++++- > > > fs/bcachefs/extents.h | 2 +- > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h > > > index f0d130440baa..f5e8cb43697b 100644 > > > --- a/fs/bcachefs/bcachefs_format.h > > > +++ b/fs/bcachefs/bcachefs_format.h > > > @@ -300,7 +300,10 @@ struct bkey_i { > > > __u64 _data[0]; > > > > > > struct bkey k; > > > - struct bch_val v; > > > + union { > > > + struct bch_val v; > > > + DECLARE_FLEX_ARRAY(__u8, bytes); > > > + }; > > > }; > > > > Hi Kees, > > > > I'm curious if this is something that could be buried in bch_val given > > it's already kind of a fake structure..? If not, my only nitty comment > > I was thinking it would be best to keep the flexible array has "high" in > the struct as possible, as in the future more refactoring will be needed > to avoid having flex arrays overlap with other members in composite > structures. So instead of pushing into bch_val, I left it at the highest > level possible, bch_i, as that's the struct being used by the memcpy(). > > Eventually proper unions will be needed instead of overlapping bch_i > with other types, as in: > > struct btree_root { > struct btree *b; > > /* On disk root - see async splits: */ > __BKEY_PADDED(key, BKEY_BTREE_PTR_VAL_U64s_MAX); > u8 level; > u8 alive; > s8 error; > }; > > But that's all for the future. Right now I wanted to deal with the more > pressing matter of a 0-sized array not being zero sized. :) > Ok, but I'm not really following how one approach vs. the other relates to this particular example of an embedded bkey_i. I'm probably just not familiar enough with the current issues with 0-sized arrays and the anticipated path forward. Can you elaborate for somebody who is more focused on trying to manage the design/complexity of these various key data structures? For example, what's the practical difference here (for future work) if the flex array lives in bch_val vs. bkey_i? Note that I don't necessarily have a strong opinion on this atm, but if there's a "for future reasons" aspect to this approach I'd like to at least understand it a little better. ;) > > is that memcpy(k->bytes[], ...) makes it kind of read like we're copying > > in opaque key data rather than value data, so perhaps a slightly more > > descriptive field name would be helpful. But regardless I'd wait until > > Kent has a chance to comment before changing anything.. > > How about "v_bytes" instead of "bytes"? Or if it really is preferred, > I can move the flex array into bch_val -- it just seems like the wrong > layer... > Yeah.. v_bytes, value_bytes, etc. etc. Anything that avoids misleading code when using the field is good with me. Thanks. Brian > -Kees > > > > > Brian > > > > > > > > #define KEY(_inode, _offset, _size) \ > > > diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h > > > index 7ee8d031bb6c..6248e17bbac5 100644 > > > --- a/fs/bcachefs/extents.h > > > +++ b/fs/bcachefs/extents.h > > > @@ -642,7 +642,7 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr > > > > > > ptr.type = 1 << BCH_EXTENT_ENTRY_ptr; > > > > > > - memcpy((void *) &k->v + bkey_val_bytes(&k->k), > > > + memcpy(&k->bytes[bkey_val_bytes(&k->k)], > > > &ptr, > > > sizeof(ptr)); > > > k->k.u64s++; > > > -- > > > 2.34.1 > > > > > > > -- > Kees Cook >
On Mon, Oct 16, 2023 at 08:41:58AM -0400, Brian Foster wrote: > On Fri, Oct 13, 2023 at 04:44:21PM -0700, Kees Cook wrote: > > On Fri, Oct 13, 2023 at 07:26:11AM -0400, Brian Foster wrote: > > > On Tue, Oct 10, 2023 at 04:56:12PM -0700, Kees Cook wrote: > > > > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded > > > > fake flexible array. Instead, make it explicit, and convert the memcpy > > > > to target the flexible array instead. Fixes the W=1 warning seen for > > > > -Wstringop-overflow: > > > > > > > > In file included from include/linux/string.h:254, > > > > from include/linux/bitmap.h:11, > > > > from include/linux/cpumask.h:12, > > > > from include/linux/smp.h:13, > > > > from include/linux/lockdep.h:14, > > > > from include/linux/radix-tree.h:14, > > > > from include/linux/backing-dev-defs.h:6, > > > > from fs/bcachefs/bcachefs.h:182: > > > > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr': > > > > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] > > > > 57 | #define __underlying_memcpy __builtin_memcpy > > > > | ^ > > > > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > > > > 648 | __underlying_##op(p, q, __fortify_size); \ > > > > | ^~~~~~~~~~~~~ > > > > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > > > > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > > > > | ^~~~~~~~~~~~~~~~~~~~ > > > > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy' > > > > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k), > > > > | ^~~~~~ > > > > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0 > > > > 287 | struct bch_val v; > > > > | ^ > > > > > > > > Cc: Kent Overstreet <kent.overstreet@linux.dev> > > > > Cc: Brian Foster <bfoster@redhat.com> > > > > Cc: linux-bcachefs@vger.kernel.org > > > > Reported-by: kernel test robot <lkp@intel.com> > > > > Closes: https://lore.kernel.org/oe-kbuild-all/202309192314.VBsjiIm5-lkp@intel.com/ > > > > Signed-off-by: Kees Cook <keescook@chromium.org> > > > > --- > > > > fs/bcachefs/bcachefs_format.h | 5 ++++- > > > > fs/bcachefs/extents.h | 2 +- > > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h > > > > index f0d130440baa..f5e8cb43697b 100644 > > > > --- a/fs/bcachefs/bcachefs_format.h > > > > +++ b/fs/bcachefs/bcachefs_format.h > > > > @@ -300,7 +300,10 @@ struct bkey_i { > > > > __u64 _data[0]; > > > > > > > > struct bkey k; > > > > - struct bch_val v; > > > > + union { > > > > + struct bch_val v; > > > > + DECLARE_FLEX_ARRAY(__u8, bytes); > > > > + }; > > > > }; > > > > > > Hi Kees, > > > > > > I'm curious if this is something that could be buried in bch_val given > > > it's already kind of a fake structure..? If not, my only nitty comment > > > > I was thinking it would be best to keep the flexible array has "high" in > > the struct as possible, as in the future more refactoring will be needed > > to avoid having flex arrays overlap with other members in composite > > structures. So instead of pushing into bch_val, I left it at the highest > > level possible, bch_i, as that's the struct being used by the memcpy(). > > > > Eventually proper unions will be needed instead of overlapping bch_i > > with other types, as in: > > > > struct btree_root { > > struct btree *b; > > > > /* On disk root - see async splits: */ > > __BKEY_PADDED(key, BKEY_BTREE_PTR_VAL_U64s_MAX); > > u8 level; > > u8 alive; > > s8 error; > > }; > > > > But that's all for the future. Right now I wanted to deal with the more > > pressing matter of a 0-sized array not being zero sized. :) > > > > Ok, but I'm not really following how one approach vs. the other relates > to this particular example of an embedded bkey_i. I'm probably just not > familiar enough with the current issues with 0-sized arrays and the > anticipated path forward. Can you elaborate for somebody who is more > focused on trying to manage the design/complexity of these various key > data structures? For example, what's the practical difference here (for > future work) if the flex array lives in bch_val vs. bkey_i? I was looking strictly at the layer it was happening: the function that calls memcpy() is working on a bkey_i, so I figured that was the place for it currently. > Note that I don't necessarily have a strong opinion on this atm, but if > there's a "for future reasons" aspect to this approach I'd like to at > least understand it a little better. ;) The future work here is about making sure flexible arrays don't overlap with non-flexible array members[1], and that will require giving some thought to how the structures are arranged. The specific "problem" being solved is the ambiguity in the C language for dealing with flexible arrays. For example, this will already throw a warning: struct whoops { u32 stuff; u8 how_many_shorts; u16 shorts[]; u64 flags; }; Doing struct_size()-style allocations will end up with a clobbered "flags" member when accessing the first 4 "shorts", etc. This neighboring overwrite corruption code pattern has happened (and been fixed) a bunch[2] in the kernel when someone adds a new member to a struct at the end without noticing the flexible array. (In the past, it was usually via the 0-sized arrays, e.g. "u16 shorts[0]".) One of the many benefits of using C99 flex arrays is that the compiler will warn now (when it's in the same struct), and "flags" can be moved to the right place, etc. *However*, the compiler wasn't warning about composite structures, like this: struct inner { u32 stuff; u8 how_many_shorts; u16 shorts[]; }; struct whoops { struct inner instance; u64 flags; }; This ends up being an ambiguous situation: is "flags" an interpretation of the first 4 "shorts", or is it an accidental overlap that will lead to memory corruption? So, in our ongoing battle to eliminate ambiguities in the codebase, we've moving away from this code pattern (with the help of the future -Wflex-array-member-not-at-end compiler option), by switching to unambiguous structure layouts. The common "intentional overlap" use-case is very similar to the bcachefs code. For example: struct header { u32 long flags; struct other things; size_t byte_count; u8 bytes[]; }; struct cmd_one { struct header hdr; u64 detail; u8 bits; }; struct cmd_two { struct header hdr; u32 foo, bar; u64 baz; }; The use of "struct header" effectively says "we have some number of bytes, but we don't know *what* it is yet". Is it cmd_one, or cmd_two? Instead of combining the flex array with the header, we can either split it off: struct header { u32 long flags; struct other things; size_t byte_count; }; struct cmd_unknown { struct header; u8 bytes[]; }; Or we can merge all the structs together: struct everything { u32 long flags; struct other things; size_t byte_count; union { struct cmd_one { u64 detail; u8 bits; }; struct cmd_two { u32 foo, bar; u64 baz; }; struct unknown { u8 bytes[]; }; }; }; In the first style, the flexible array is distinctly separate. In the second style the overlap is explicitly shown via the union. I expect it will take a long time to make the kernel "flex array overlap clean", so while I don't feel any rush, I've been generally trying to avoid seeing new instances of ambiguous overlap _added_ to the kernel. :) bcachefs is in a unique places where because it's been out of tree its code patterns aren't "new", but it's just been "added" upstream. *shrug* So we'll deal with the existing warnings we've already got, and prepare for the future warnings as we can. Hopefully that helps! -Kees [1] See "-Wflex-array-member-not-at-end": https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] Going all the way back to 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > > > is that memcpy(k->bytes[], ...) makes it kind of read like we're copying > > > in opaque key data rather than value data, so perhaps a slightly more > > > descriptive field name would be helpful. But regardless I'd wait until > > > Kent has a chance to comment before changing anything.. > > > > How about "v_bytes" instead of "bytes"? Or if it really is preferred, > > I can move the flex array into bch_val -- it just seems like the wrong > > layer... > > > > Yeah.. v_bytes, value_bytes, etc. etc. Anything that avoids misleading > code when using the field is good with me. Thanks. > > Brian > > > -Kees > > > > > > > > Brian > > > > > > > > > > > #define KEY(_inode, _offset, _size) \ > > > > diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h > > > > index 7ee8d031bb6c..6248e17bbac5 100644 > > > > --- a/fs/bcachefs/extents.h > > > > +++ b/fs/bcachefs/extents.h > > > > @@ -642,7 +642,7 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr > > > > > > > > ptr.type = 1 << BCH_EXTENT_ENTRY_ptr; > > > > > > > > - memcpy((void *) &k->v + bkey_val_bytes(&k->k), > > > > + memcpy(&k->bytes[bkey_val_bytes(&k->k)], > > > > &ptr, > > > > sizeof(ptr)); > > > > k->k.u64s++; > > > > -- > > > > 2.34.1 > > > > > > > > > > > -- > > Kees Cook > > >
On Mon, Oct 16, 2023 at 02:18:19PM -0700, Kees Cook wrote: > On Mon, Oct 16, 2023 at 08:41:58AM -0400, Brian Foster wrote: > > On Fri, Oct 13, 2023 at 04:44:21PM -0700, Kees Cook wrote: > > > On Fri, Oct 13, 2023 at 07:26:11AM -0400, Brian Foster wrote: > > > > On Tue, Oct 10, 2023 at 04:56:12PM -0700, Kees Cook wrote: ... > > > > > > > > Hi Kees, > > > > > > > > I'm curious if this is something that could be buried in bch_val given > > > > it's already kind of a fake structure..? If not, my only nitty comment > > > > > > I was thinking it would be best to keep the flexible array has "high" in > > > the struct as possible, as in the future more refactoring will be needed > > > to avoid having flex arrays overlap with other members in composite > > > structures. So instead of pushing into bch_val, I left it at the highest > > > level possible, bch_i, as that's the struct being used by the memcpy(). > > > > > > Eventually proper unions will be needed instead of overlapping bch_i > > > with other types, as in: > > > > > > struct btree_root { > > > struct btree *b; > > > > > > /* On disk root - see async splits: */ > > > __BKEY_PADDED(key, BKEY_BTREE_PTR_VAL_U64s_MAX); > > > u8 level; > > > u8 alive; > > > s8 error; > > > }; > > > > > > But that's all for the future. Right now I wanted to deal with the more > > > pressing matter of a 0-sized array not being zero sized. :) > > > > > > > Ok, but I'm not really following how one approach vs. the other relates > > to this particular example of an embedded bkey_i. I'm probably just not > > familiar enough with the current issues with 0-sized arrays and the > > anticipated path forward. Can you elaborate for somebody who is more > > focused on trying to manage the design/complexity of these various key > > data structures? For example, what's the practical difference here (for > > future work) if the flex array lives in bch_val vs. bkey_i? > > I was looking strictly at the layer it was happening: the function that > calls memcpy() is working on a bkey_i, so I figured that was the place > for it currently. > > > Note that I don't necessarily have a strong opinion on this atm, but if > > there's a "for future reasons" aspect to this approach I'd like to at > > least understand it a little better. ;) > > The future work here is about making sure flexible arrays don't overlap > with non-flexible array members[1], and that will require giving some > thought to how the structures are arranged. > ... > The use of "struct header" effectively says "we have some number of bytes, > but we don't know *what* it is yet". Is it cmd_one, or cmd_two? Instead > of combining the flex array with the header, we can either split it off: > > struct header { > u32 long flags; > struct other things; > size_t byte_count; > }; > > struct cmd_unknown { > struct header; > u8 bytes[]; > }; > > Or we can merge all the structs together: > > struct everything { > u32 long flags; > struct other things; > size_t byte_count; > union { > struct cmd_one { > u64 detail; > u8 bits; > }; > struct cmd_two { > u32 foo, bar; > u64 baz; > }; > struct unknown { > u8 bytes[]; > }; > }; > }; > > In the first style, the flexible array is distinctly separate. In the > second style the overlap is explicitly shown via the union. > > I expect it will take a long time to make the kernel "flex array overlap > clean", so while I don't feel any rush, I've been generally trying to > avoid seeing new instances of ambiguous overlap _added_ to the kernel. :) > Got it. This helps explain potential wonkiness of a variant with the flex array buried in bch_val. > bcachefs is in a unique places where because it's been out of tree > its code patterns aren't "new", but it's just been "added" upstream. > *shrug* So we'll deal with the existing warnings we've already got, > and prepare for the future warnings as we can. > Ack. > Hopefully that helps! > Indeed it does, thanks! Brian > -Kees > > [1] See "-Wflex-array-member-not-at-end": > https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > [2] Going all the way back to 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > > > > > > is that memcpy(k->bytes[], ...) makes it kind of read like we're copying > > > > in opaque key data rather than value data, so perhaps a slightly more > > > > descriptive field name would be helpful. But regardless I'd wait until > > > > Kent has a chance to comment before changing anything.. > > > > > > How about "v_bytes" instead of "bytes"? Or if it really is preferred, > > > I can move the flex array into bch_val -- it just seems like the wrong > > > layer... > > > > > > > Yeah.. v_bytes, value_bytes, etc. etc. Anything that avoids misleading > > code when using the field is good with me. Thanks. > > > > Brian > > > > > -Kees > > > > > > > > > > > Brian > > > > > > > > > > > > > > #define KEY(_inode, _offset, _size) \ > > > > > diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h > > > > > index 7ee8d031bb6c..6248e17bbac5 100644 > > > > > --- a/fs/bcachefs/extents.h > > > > > +++ b/fs/bcachefs/extents.h > > > > > @@ -642,7 +642,7 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr > > > > > > > > > > ptr.type = 1 << BCH_EXTENT_ENTRY_ptr; > > > > > > > > > > - memcpy((void *) &k->v + bkey_val_bytes(&k->k), > > > > > + memcpy(&k->bytes[bkey_val_bytes(&k->k)], > > > > > &ptr, > > > > > sizeof(ptr)); > > > > > k->k.u64s++; > > > > > -- > > > > > 2.34.1 > > > > > > > > > > > > > > > -- > > > Kees Cook > > > > > > > -- > Kees Cook >
On Fri, Oct 13, 2023 at 04:44:21PM -0700, Kees Cook wrote: > On Fri, Oct 13, 2023 at 07:26:11AM -0400, Brian Foster wrote: > > Hi Kees, > > > > I'm curious if this is something that could be buried in bch_val given > > it's already kind of a fake structure..? If not, my only nitty comment > > I was thinking it would be best to keep the flexible array has "high" in > the struct as possible, as in the future more refactoring will be needed > to avoid having flex arrays overlap with other members in composite > structures. So instead of pushing into bch_val, I left it at the highest > level possible, bch_i, as that's the struct being used by the memcpy(). I agree with Brian here - I'd like this buried in bch_val, if possible. I also went with unsafe_memcpy() for now - that's now in my for-next tree. I'm not seeing any advantage of DECLARE_FLEX_ARRAY over that - perhaps later if we could use __counted_by that would make more sense.
On Wed, Oct 18, 2023 at 06:04:07PM -0400, Kent Overstreet wrote: > On Fri, Oct 13, 2023 at 04:44:21PM -0700, Kees Cook wrote: > > On Fri, Oct 13, 2023 at 07:26:11AM -0400, Brian Foster wrote: > > > Hi Kees, > > > > > > I'm curious if this is something that could be buried in bch_val given > > > it's already kind of a fake structure..? If not, my only nitty comment > > > > I was thinking it would be best to keep the flexible array has "high" in > > the struct as possible, as in the future more refactoring will be needed > > to avoid having flex arrays overlap with other members in composite > > structures. So instead of pushing into bch_val, I left it at the highest > > level possible, bch_i, as that's the struct being used by the memcpy(). > > I agree with Brian here - I'd like this buried in bch_val, if possible. > > I also went with unsafe_memcpy() for now - that's now in my for-next > tree. I'm not seeing any advantage of DECLARE_FLEX_ARRAY over that - > perhaps later if we could use __counted_by that would make more sense. This won't help here because of the combination of -fstrict-flex-arrays=3 and -Wstringop-overflow (the latter is in W=1 builds). The builtin memcpy still complains about the 0-sized destination. I'll send a v3 with this in bch_val.
On Wed, Oct 18, 2023 at 03:36:00PM -0700, Kees Cook wrote: > On Wed, Oct 18, 2023 at 06:04:07PM -0400, Kent Overstreet wrote: > > On Fri, Oct 13, 2023 at 04:44:21PM -0700, Kees Cook wrote: > > > On Fri, Oct 13, 2023 at 07:26:11AM -0400, Brian Foster wrote: > > > > Hi Kees, > > > > > > > > I'm curious if this is something that could be buried in bch_val given > > > > it's already kind of a fake structure..? If not, my only nitty comment > > > > > > I was thinking it would be best to keep the flexible array has "high" in > > > the struct as possible, as in the future more refactoring will be needed > > > to avoid having flex arrays overlap with other members in composite > > > structures. So instead of pushing into bch_val, I left it at the highest > > > level possible, bch_i, as that's the struct being used by the memcpy(). > > > > I agree with Brian here - I'd like this buried in bch_val, if possible. > > > > I also went with unsafe_memcpy() for now - that's now in my for-next > > tree. I'm not seeing any advantage of DECLARE_FLEX_ARRAY over that - > > perhaps later if we could use __counted_by that would make more sense. > > This won't help here because of the combination of -fstrict-flex-arrays=3 > and -Wstringop-overflow (the latter is in W=1 builds). The builtin memcpy > still complains about the 0-sized destination. I'll send a v3 with this > in bch_val. Actually, I've sent a v3 that totally replaces the memcpy with a direct assignment instead. No struct changes needed!
diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h index f0d130440baa..f5e8cb43697b 100644 --- a/fs/bcachefs/bcachefs_format.h +++ b/fs/bcachefs/bcachefs_format.h @@ -300,7 +300,10 @@ struct bkey_i { __u64 _data[0]; struct bkey k; - struct bch_val v; + union { + struct bch_val v; + DECLARE_FLEX_ARRAY(__u8, bytes); + }; }; #define KEY(_inode, _offset, _size) \ diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h index 7ee8d031bb6c..6248e17bbac5 100644 --- a/fs/bcachefs/extents.h +++ b/fs/bcachefs/extents.h @@ -642,7 +642,7 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr ptr.type = 1 << BCH_EXTENT_ENTRY_ptr; - memcpy((void *) &k->v + bkey_val_bytes(&k->k), + memcpy(&k->bytes[bkey_val_bytes(&k->k)], &ptr, sizeof(ptr)); k->k.u64s++;