| Message ID | 20231018230728.make.202-kees@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2010:b0:403:3b70:6f57 with SMTP id fe16csp47786vqb;
Wed, 18 Oct 2023 16:08:13 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IF0LrW+jtKuKO5Q5fZgc66lZHHIDel2zDMw+IM6ttK5inXH010AiK/TC5ToG+khPCsWBbQF
X-Received: by 2002:a17:902:d506:b0:1c9:ba77:b27e with SMTP id
b6-20020a170902d50600b001c9ba77b27emr645961plg.46.1697670493481;
Wed, 18 Oct 2023 16:08:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697670493; cv=none;
d=google.com; s=arc-20160816;
b=SlA+x1D/xR02iqvmOA4OYnjU1I/5FBENfOXELlhGYIhC2LdlQN7k7YhFJf2O2wVpr+
Qw55JpYfqpfA7yVbpRbuvX3hlO48RBsW5HOchbUn6uieYQIelGkUiK4xgO2JKIyBSTlU
o9VPlKh50+ruxAAbS7W4N4NVdqVBYDwKMJTSUOBhP1hil/NrCe4fM8npZ2o5mER7cOEr
nwdzzaHpXb6FlT5zMuummHcOoAnwvIP53ZOGyRxA7r8JFdPomWHZgz8Qg6In6ISum7pq
AT+AqFFRXU9gNV1XQuaPl4wXXVqp7w0nZ4jYcSu7owMrU6O3WDxvhUECWA6jgTbKa6YI
4CIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=R431Lu2tyoC4sIz15EV5lX3ZFyKeoePoEoVt0MO1dUs=;
fh=DQSc4j4325ucCh8buQx6ZWNdMkxGyBeIjCjy4nYDRII=;
b=m9FEyhHeSPuiUmPKup5djOZ9koAma7xg4Tj/krYzq28rtdMSrSKPZdQO+dMGYM1pTw
igGthcmClAUHUBegOdjGstqYtuSbb0V5TTJAGhGaIqYAb8QgFCy10+9RhYSUJ8Vfwdx6
qQiyQBL5Nl+3S6fPrsUCLqR1gcKiyb/yf3F/HNelIe+DIj5vED4Lb5YG19w0wiT9b3I6
Gtdvhc7PL5wir+vDBtn/jhGkSXmd7OCNhdQS5NJM7f5OrZvjpbNQnbGUH7m6pmH/xW+E
5WiCmkhMablR0Dl+8NdxBQ3Tso5z/Z59fEmf051yzE3GIYgtWqwLzMnvvkXtc10PGq5G
gM7Q==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=E3WI12te;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:5 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5])
by mx.google.com with ESMTPS id
w13-20020a1709027b8d00b001c61bd7cee0si848485pll.211.2023.10.18.16.08.12
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 18 Oct 2023 16:08:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:5 as permitted sender)
client-ip=2620:137:e000::3:5;
Authentication-Results: mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=E3WI12te;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:5 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by groat.vger.email (Postfix) with ESMTP id 555EB80ECB3D;
Wed, 18 Oct 2023 16:08:09 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231583AbjJRXHj (ORCPT <rfc822;zwp10758@gmail.com> + 24 others);
Wed, 18 Oct 2023 19:07:39 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33700 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229966AbjJRXHh (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 18 Oct 2023 19:07:37 -0400
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com
[IPv6:2607:f8b0:4864:20::336])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA20511D
for <linux-kernel@vger.kernel.org>;
Wed, 18 Oct 2023 16:07:35 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id
46e09a7af769-6c4cbab83aaso4865826a34.1
for <linux-kernel@vger.kernel.org>;
Wed, 18 Oct 2023 16:07:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=chromium.org; s=google; t=1697670455; x=1698275255;
darn=vger.kernel.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=R431Lu2tyoC4sIz15EV5lX3ZFyKeoePoEoVt0MO1dUs=;
b=E3WI12tem9fzeK7acuEp8Jv9PXa9v2XEn2Oh+tRw3Y7LC5FJ5wmZrKS/ZEwHP8TVv+
2ETWN6j+oh2k1ClVWgU5xnyB/mIZRG8w9rhpVxNM8FUniMp6KYV7leHBrWXk4L13pGDX
yVGX6psT0iHLCjBpw+gQwjpCyPVqVMVlBGs6c=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1697670455; x=1698275255;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=R431Lu2tyoC4sIz15EV5lX3ZFyKeoePoEoVt0MO1dUs=;
b=F3rwA+Fh5tW3WNMK1OwhVrouY9JZXu8MtggTRWXaMpteOeIbrNP0jrRPCtrmJwYgHB
2Zw5INy3nWN7OMNKn/L0JN1NrZkdItrTRblT3w+DBJqgLsVxRqM+T4re/DOnC2lLwUyv
xiP2PVm6zb6l4EoAsIJgpbzXU9/edtMc+Ut2b7NZsxOVfvVpWlnE3SJpmKv2hrcuC+96
UEAJUfpT5lgHb1IfFq+xFF+cn+kJ2tXtGGLd9c5IJRSOCBoNzdeQE+jL2T+MkdjCTb7k
C70KO8fAPnyjtIONwK6GkTkPEgyoYrAjPqMFgiPO3HZGPL5M3VKP1sp++r7IZxmST61f
aG3g==
X-Gm-Message-State: AOJu0YyyF5+pUvN/vXacOp3Ny+UTqNoitK86YExsMqOzvaTOtEZYKAci
oUSso2Uj13zkml8oWwOmWkeLNrx7pg30pvqsu6s=
X-Received: by 2002:a9d:7f94:0:b0:6b8:7eef:a236 with SMTP id
t20-20020a9d7f94000000b006b87eefa236mr705148otp.30.1697670454973;
Wed, 18 Oct 2023 16:07:34 -0700 (PDT)
Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net.
[198.0.35.241])
by smtp.gmail.com with ESMTPSA id
y3-20020aa793c3000000b0068c006dd5c1sm3865865pff.115.2023.10.18.16.07.34
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 18 Oct 2023 16:07:34 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Kees Cook <keescook@chromium.org>,
Brian Foster <bfoster@redhat.com>,
linux-bcachefs@vger.kernel.org, kernel test robot <lkp@intel.com>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v3] bcachefs: Refactor memcpy into direct assignment
Date: Wed, 18 Oct 2023 16:07:32 -0700
Message-Id: <20231018230728.make.202-kees@kernel.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=3451; i=keescook@chromium.org;
h=from:subject:message-id; bh=QOcpNZ6xFBgRbLuiJg0LPhuBpkNCtaZvPdWptQoDmGk=;
b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlMGU03urZWFhgQiQ2LDQ0Ox3AGDcKzzHB8Q3MX
409RL/kBM6JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZTBlNAAKCRCJcvTf3G3A
JqxqD/wPtqLQa0jzyGwwwgqEZQ4N5/Pw5OcTTKA7fZIIvyL4397i3HBTmDa9mMLGT8LGy103Twn
rNZvDnb0URpsmGcOMqAWBSCoex23cZ6iNWxD76GBtzZFqfMVHigvL/k3Bt7UkwXQHLZ3BD8CWcd
ytB2bvjJPhmDm3OrzXGULnOX9Kido2hJ/DFt2Wfi2eCokXLCP7QCKwUhFZj2iKN3K5WS+2JOacO
So8cTh39uBnfqOXN4exT18uiO6h124qo2ANCVtDk9tQRTPderFoXcTErXU8ESPtd6w8Z8eawJoi
dydY4j0O3dAL+oX+K3hAhqdFdVYQIva0jot6N7vbAR7LG84Z49KnXiTVy903qk4pa+jftmD7wOL
ejxI6qVvY89+CRR3YYrf/4CoXJX7HDsuOJx8I49u84Jll3/JuDcGLl1/Cg+1vBaND0eB6fpVjx+
x4BoIohax7tUq39iyA3XyIJAUweZKDNu0QBiTXxQWkdXZEA9DZIVvSiSv2GEtDxUhizeXwh1FrT
QFmkJBkJPNeAEd/OecShQTl7yvFoAGGUn/n2oiH1SMjXQs/0lyrMFPdkS8SO/gh3HLpgNuMryCj
Rt0MEUZfYWzU150+1Eke9ZNRtVpqy6QJ0o8Qxqu5yAMmwsQmSrOu4/9s6g5nnaXBw2YDiZVVh6V
1wPLewj lwH1uSig==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]);
Wed, 18 Oct 2023 16:08:09 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1780136535143852144
X-GMAIL-MSGID: 1780136535143852144
|
| Series |
[v3] bcachefs: Refactor memcpy into direct assignment
|
|
Commit Message
Kees Cook
Oct. 18, 2023, 11:07 p.m. UTC
The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake
flexible array which looks to the compiler like it has 0 size. This
causes W=1 builds to emit warnings due to -Wstringop-overflow:
In file included from include/linux/string.h:254,
from include/linux/bitmap.h:11,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/radix-tree.h:14,
from include/linux/backing-dev-defs.h:6,
from fs/bcachefs/bcachefs.h:182:
fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
57 | #define __underlying_memcpy __builtin_memcpy
| ^
include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
648 | __underlying_##op(p, q, __fortify_size); \
| ^~~~~~~~~~~~~
include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
| ^~~~~~~~~~~~~~~~~~~~
fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
| ^~~~~~
fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
287 | struct bch_val v;
| ^
Avoid making any structure changes and just replace the u64 copy into a
direct assignment, side-stepping the entire problem.
Cc: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Brian Foster <bfoster@redhat.com>
Cc: linux-bcachefs@vger.kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202309192314.VBsjiIm5-lkp@intel.com/
Link: https://lore.kernel.org/r/20231010235609.work.594-kees@kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
v3 - replace memcpy with assignment
v2 - https://lore.kernel.org/all/20231016212735.it.314-kees@kernel.org
v1 - https://lore.kernel.org/r/20231010235609.work.594-kees@kernel.org
---
fs/bcachefs/extents.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Comments
On Wed, Oct 18, 2023 at 04:07:32PM -0700, Kees Cook wrote: > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake > flexible array which looks to the compiler like it has 0 size. This > causes W=1 builds to emit warnings due to -Wstringop-overflow: > > In file included from include/linux/string.h:254, > from include/linux/bitmap.h:11, > from include/linux/cpumask.h:12, > from include/linux/smp.h:13, > from include/linux/lockdep.h:14, > from include/linux/radix-tree.h:14, > from include/linux/backing-dev-defs.h:6, > from fs/bcachefs/bcachefs.h:182: > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr': > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] > 57 | #define __underlying_memcpy __builtin_memcpy > | ^ > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > 648 | __underlying_##op(p, q, __fortify_size); \ > | ^~~~~~~~~~~~~ > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > | ^~~~~~~~~~~~~~~~~~~~ > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy' > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k), > | ^~~~~~ > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0 > 287 | struct bch_val v; > | ^ > > Avoid making any structure changes and just replace the u64 copy into a > direct assignment, side-stepping the entire problem. This does make me wonder about the usefulness of the fortify source stuff if it can be sidestepped this way, but hey, I'll take it :) Pulled it into the testing branch, https://evilpiepirate.org/~testdashboard/ci?branch=bcachefs-testing
On Wed, Oct 18, 2023 at 08:32:32PM -0400, Kent Overstreet wrote: > On Wed, Oct 18, 2023 at 04:07:32PM -0700, Kees Cook wrote: > > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake > > flexible array which looks to the compiler like it has 0 size. This > > causes W=1 builds to emit warnings due to -Wstringop-overflow: > > > > In file included from include/linux/string.h:254, > > from include/linux/bitmap.h:11, > > from include/linux/cpumask.h:12, > > from include/linux/smp.h:13, > > from include/linux/lockdep.h:14, > > from include/linux/radix-tree.h:14, > > from include/linux/backing-dev-defs.h:6, > > from fs/bcachefs/bcachefs.h:182: > > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr': > > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] > > 57 | #define __underlying_memcpy __builtin_memcpy > > | ^ > > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > > 648 | __underlying_##op(p, q, __fortify_size); \ > > | ^~~~~~~~~~~~~ > > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > > | ^~~~~~~~~~~~~~~~~~~~ > > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy' > > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k), > > | ^~~~~~ > > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0 > > 287 | struct bch_val v; > > | ^ > > > > Avoid making any structure changes and just replace the u64 copy into a > > direct assignment, side-stepping the entire problem. > > This does make me wonder about the usefulness of the fortify source > stuff if it can be sidestepped this way, but hey, I'll take it :) Well, the "weird" cases like this are the ones that get attention. All the places it's working more cleanly are very effectively stomping real bugs. > Pulled it into the testing branch, https://evilpiepirate.org/~testdashboard/ci?branch=bcachefs-testing Thanks! -Kees
diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h index 7ee8d031bb6c..8c09c527fc4f 100644 --- a/fs/bcachefs/extents.h +++ b/fs/bcachefs/extents.h @@ -632,6 +632,8 @@ void bch2_bkey_extent_entry_drop(struct bkey_i *, union bch_extent_entry *); static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr ptr) { + struct bch_extent_ptr *dest; + EBUG_ON(bch2_bkey_has_device(bkey_i_to_s(k), ptr.dev)); switch (k->k.type) { @@ -641,10 +643,8 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr EBUG_ON(bkey_val_u64s(&k->k) >= BKEY_EXTENT_VAL_U64s_MAX); ptr.type = 1 << BCH_EXTENT_ENTRY_ptr; - - memcpy((void *) &k->v + bkey_val_bytes(&k->k), - &ptr, - sizeof(ptr)); + dest = (struct bch_extent_ptr *)((void *) &k->v + bkey_val_bytes(&k->k)); + *dest = ptr; k->k.u64s++; break; default: