From: Kees Cook <keescook@chromium.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Marc Kleine-Budde <mkl@pengutronix.de>,
Eric Dumazet <edumazet@google.com>,
netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>
Subject: Re: ether_addr_equal_64bits breakage with gcc-12
Date: Fri, 11 Feb 2022 17:31:22 -0800 [thread overview]
Message-ID: <202202111642.EF22DF8BD@keescook> (raw)
In-Reply-To: <20220211163541.74b0836a@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
On Fri, Feb 11, 2022 at 04:35:41PM -0800, Jakub Kicinski wrote:
> On Fri, 11 Feb 2022 15:12:13 +0100 Marc Kleine-Budde wrote:
> > Hello,
> >
> > the current arm-linux-gnueabihf-gcc 12 snapshot in Debian breaks (at
> > least with CONFIG_WERROR=y):
> >
> > | CC net/core/dev.o
> > | net/core/dev.c: In function ‘bpf_prog_run_generic_xdp’:
> > | net/core/dev.c:4618:21: warning: ‘ether_addr_equal_64bits’ reading 8 bytes from a region of size 6 [-Wstringop-overread]
> > | 4618 | orig_host = ether_addr_equal_64bits(eth->h_dest, skb->dev->dev_addr);
> > | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > | net/core/dev.c:4618:21: note: referencing argument 1 of type ‘const u8[8]’ {aka ‘const unsigned char[8]’}
> > | net/core/dev.c:4618:21: note: referencing argument 2 of type ‘const u8[8]’ {aka ‘const unsigned char[8]’}
> > | In file included from net/core/dev.c:91:
> > | include/linux/etherdevice.h:375:20: note: in a call to function ‘ether_addr_equal_64bits’
> > | 375 | static inline bool ether_addr_equal_64bits(const u8 addr1[6+2],
> > | | ^~~~~~~~~~~~~~~~~~~~~~~
> > | net/core/dev.c:4619:22: warning: ‘is_multicast_ether_addr_64bits’ reading 8 bytes from a region of size 6 [-Wstringop-overread]
> > | 4619 | orig_bcast = is_multicast_ether_addr_64bits(eth->h_dest);
> > | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > | net/core/dev.c:4619:22: note: referencing argument 1 of type ‘const u8[8]’ {aka ‘const unsigned char[8]’}
> > | include/linux/etherdevice.h:137:20: note: in a call to function ‘is_multicast_ether_addr_64bits’
> > | 137 | static inline bool is_multicast_ether_addr_64bits(const u8 addr[6+2])
> > | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > | net/core/dev.c:4646:27: warning: ‘ether_addr_equal_64bits’ reading 8 bytes from a region of size 6 [-Wstringop-overread]
> > | 4646 | (orig_host != ether_addr_equal_64bits(eth->h_dest,
> > | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > | 4647 | skb->dev->dev_addr)) ||
> > | | ~~~~~~~~~~~~~~~~~~~
> > | net/core/dev.c:4646:27: note: referencing argument 1 of type ‘const u8[8]’ {aka ‘const unsigned char[8]’}
> > | net/core/dev.c:4646:27: note: referencing argument 2 of type ‘const u8[8]’ {aka ‘const unsigned char[8]’}
> > | include/linux/etherdevice.h:375:20: note: in a call to function ‘ether_addr_equal_64bits’
> > | 375 | static inline bool ether_addr_equal_64bits(const u8 addr1[6+2],
> > | | ^~~~~~~~~~~~~~~~~~~~~~~
> > | net/core/dev.c:4648:28: warning: ‘is_multicast_ether_addr_64bits’ reading 8 bytes from a region of size 6 [-Wstringop-overread]
> > | 4648 | (orig_bcast != is_multicast_ether_addr_64bits(eth->h_dest))) {
> > | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > | net/core/dev.c:4648:28: note: referencing argument 1 of type ‘const u8[8]’ {aka ‘const unsigned char[8]’}
> > | include/linux/etherdevice.h:137:20: note: in a call to function ‘is_multicast_ether_addr_64bits’
> > | 137 | static inline bool is_multicast_ether_addr_64bits(const u8 addr[6+2])
> > | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > | arm-linux-gnueabihf-gcc -v
> > | Using built-in specs.
> > | COLLECT_GCC=/usr/bin/arm-linux-gnueabihf-gcc
> > | COLLECT_LTO_WRAPPER=/usr/lib/gcc-cross/arm-linux-gnueabihf/12/lto-wrapper
> > | Target: arm-linux-gnueabihf
> > | Configured with: ../src/configure -v --with-pkgversion='Debian 12-20220126-1' --with-bugurl=file:///usr/share/doc/gcc-12/README.Bugs --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-12 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-libitm --disable-libquadmath --disable-libquadmath-support --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --without-target-system-zlib --enable-multiarch --disable-sjlj-exceptions --with-arch=armv7-a+fp --with-float=hard --with-mode=thumb --disable-werror --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=arm-linux-gnueabihf --program-prefix=arm-linux-gnueabihf- --includedir=/usr/arm-linux-gnueabihf/include
> > | Thread model: posix
> > | Supported LTO compression algorithms: zlib zstd
> > | gcc version 12.0.1 20220126 (experimental) [master r12-6872-gf3e6ef7d873] (Debian 12-20220126-1)
>
> Maybe Kees will have as suggestion - Kees, are there any best practices
> for dealing with such issues? For the reference we do a oversized load
> from a structure (read 8B of a 6B array):
Wheee.
So, the short theoretical "don't do that" scenario would be "what
happens if":
struct page *page;
void *ptr;
unsigned char *eth_addr;
page = alloc_pages(GFP_KERNEL, 0);
...
ptr = page_address(page);
...
/* "eth_addr" at end of allocated memory */
eth_addr = ptr + PAGE_SIZE - 6;
/* access fault... */
ether_addr_equal_64bits(eth_addr, ...);
But, yes, pragmatically, this is likely extremely rare.
Regardless, with the other cases like this that got fixed like this, it
was a matter of finding a way to represent the "actual" available memory
(best), or telling the compiler what real contract is (less good).
It looks like alignment isn't a concern, so I'd say adjust the prototype
to reflect the reality, and go with:
diff --git a/include/linux/etherdevice.h b/include/linux/etherdevice.h
index 2ad71cc90b37..92b10e67d5f8 100644
--- a/include/linux/etherdevice.h
+++ b/include/linux/etherdevice.h
@@ -134,7 +134,7 @@ static inline bool is_multicast_ether_addr(const u8 *addr)
#endif
}
-static inline bool is_multicast_ether_addr_64bits(const u8 addr[6+2])
+static inline bool is_multicast_ether_addr_64bits(const u8 *addr)
{
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
#ifdef __BIG_ENDIAN
@@ -372,8 +372,7 @@ static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2)
* Please note that alignment of addr1 & addr2 are only guaranteed to be 16 bits.
*/
-static inline bool ether_addr_equal_64bits(const u8 addr1[6+2],
- const u8 addr2[6+2])
+static inline bool ether_addr_equal_64bits(const u8 *addr1, const u8 *addr2)
{
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
u64 fold = (*(const u64 *)addr1) ^ (*(const u64 *)addr2);
--
Kees Cook
next prev parent reply other threads:[~2022-02-12 1:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-11 14:12 ether_addr_equal_64bits breakage with gcc-12 Marc Kleine-Budde
2022-02-12 0:35 ` Jakub Kicinski
2022-02-12 1:31 ` Kees Cook [this message]
2022-02-12 9:08 ` Marc Kleine-Budde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202202111642.EF22DF8BD@keescook \
--to=keescook@chromium.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=mkl@pengutronix.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.