From: Kees Cook <keescook@chromium.org>
To: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Brian Foster <bfoster@redhat.com>,
linux-bcachefs@vger.kernel.org, kernel test robot <lkp@intel.com>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v3] bcachefs: Refactor memcpy into direct assignment
Date: Wed, 18 Oct 2023 19:28:37 -0700 [thread overview]
Message-ID: <202310181927.F9CCC45@keescook> (raw)
In-Reply-To: <20231019003232.5uwphr7de7nybsra@moria.home.lan>
On Wed, Oct 18, 2023 at 08:32:32PM -0400, Kent Overstreet wrote:
> On Wed, Oct 18, 2023 at 04:07:32PM -0700, Kees Cook wrote:
> > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake
> > flexible array which looks to the compiler like it has 0 size. This
> > causes W=1 builds to emit warnings due to -Wstringop-overflow:
> >
> > In file included from include/linux/string.h:254,
> > from include/linux/bitmap.h:11,
> > from include/linux/cpumask.h:12,
> > from include/linux/smp.h:13,
> > from include/linux/lockdep.h:14,
> > from include/linux/radix-tree.h:14,
> > from include/linux/backing-dev-defs.h:6,
> > from fs/bcachefs/bcachefs.h:182:
> > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
> > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
> > 57 | #define __underlying_memcpy __builtin_memcpy
> > | ^
> > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> > 648 | __underlying_##op(p, q, __fortify_size); \
> > | ^~~~~~~~~~~~~
> > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> > | ^~~~~~~~~~~~~~~~~~~~
> > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
> > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
> > | ^~~~~~
> > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
> > 287 | struct bch_val v;
> > | ^
> >
> > Avoid making any structure changes and just replace the u64 copy into a
> > direct assignment, side-stepping the entire problem.
>
> This does make me wonder about the usefulness of the fortify source
> stuff if it can be sidestepped this way, but hey, I'll take it :)
Well, the "weird" cases like this are the ones that get attention. All
the places it's working more cleanly are very effectively stomping real
bugs.
> Pulled it into the testing branch, https://evilpiepirate.org/~testdashboard/ci?branch=bcachefs-testing
Thanks!
-Kees
--
Kees Cook
prev parent reply other threads:[~2023-10-19 2:28 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-18 23:07 [PATCH v3] bcachefs: Refactor memcpy into direct assignment Kees Cook
2023-10-19 0:32 ` Kent Overstreet
2023-10-19 2:28 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202310181927.F9CCC45@keescook \
--to=keescook@chromium.org \
--cc=bfoster@redhat.com \
--cc=kent.overstreet@linux.dev \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.