Re: [PATCH] e2fsck: fix portability problems caused by unaligned accesses

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: harshad shirwadkar <harshadshirwadkar@gmail.com>
Cc: Theodore Ts'o <tytso@mit.edu>, Andreas Dilger <adilger@dilger.ca>,
	Ext4 Developers List <linux-ext4@vger.kernel.org>,
	Harshad Shirwadkar <harshads@google.com>
Subject: Re: [PATCH] e2fsck: fix portability problems caused by unaligned accesses
Date: Tue, 4 May 2021 13:45:02 -0700	[thread overview]
Message-ID: <YJGyTjYKcEkx+fQq@gmail.com> (raw)
In-Reply-To: <CAD+ocbwS9h4knUbhiXFUicvi-PwKSnPdF7hrZUhbg1MkzbDmrw@mail.gmail.com>

On Tue, May 04, 2021 at 01:14:22PM -0700, harshad shirwadkar wrote:
> I see thanks for the explanation. I quickly tried it too and saw that
> UBSAN warnings went away but I got compiler warnings
> "recovery.c:413:27: warning: taking address of packed member
> 't_blocknr_high' of class or structure 'journal_block_tag_s' may
> result in an unaligned pointer value [-Waddress-of-packed-member]".
> These compiler warnings seem to be added in [1].
> 
> These warnings make me think that de-referencing a member of a packed
> struct is still not safe. My concern is this - If we define
> journal_block_tag_t as a packed struct AND if we have following unsafe
> code, then we won't see UBSAN warnings and the following unaligned
> accesses would go unnoticed. That may not go well on certain
> architectures.
> 
> j_block_tag_t *unaligned_ptr;
> 
> flags = unaligned_ptr->t_flags;
> 
> It looks like if the compiler doesn't support
> -Waddress-of-packed-member [1], we may not even see these warnings, we
> won't see UBSAN warnings and the unaligned accesses may cause problems
> on the architectures that you mentioned.
> 
> In other words, what I'm trying to say is that while
> __atribute__((packed)) would silence UBSAN warnings (and we should do
> it), it's still not sufficient to ensure that our code doesn't do
> unaligned accesses to the struct in question. Does that make sense?
> 
> - Harshad

No, 'flags = unaligned_ptr->t_flags' is fine, provided that unaligned_ptr is a
pointer to a struct with the packed attribute.  What -Waddress-of-packed-member
will warn about is if you do something like &unaligned_ptr->t_flags to get a
pointer directly to the t_flags field, as such pointers can then be incorrectly
used for misaligned accesses.

If we really don't want to use __attribute__((packed)) that is fine, but then
we'll need to remember to use an unaligned accessor *every* field access (except
for bytes), which seems harder to me -- and the compiler won't warn when one of
these is missing.  (They can only be detected at runtime using UBSAN.)

- Eric

next prev parent reply	other threads:[~2021-05-04 20:45 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-04  3:10 [PATCH] e2fsck: fix portability problems caused by unaligned accesses Theodore Ts'o
2021-05-04  6:29 ` Andreas Dilger
2021-05-04  9:40   ` harshad shirwadkar
2021-05-04 13:49     ` Theodore Ts'o
2021-05-04 16:46       ` Eric Biggers
2021-05-04 17:55         ` harshad shirwadkar
2021-05-04 19:14           ` Eric Biggers
2021-05-04 19:53             ` Theodore Ts'o
2021-05-04 20:14               ` harshad shirwadkar
2021-05-04 20:45                 ` Eric Biggers [this message]
2021-05-04 21:10                   ` Theodore Ts'o
2021-05-04 21:30                     ` Eric Biggers
2021-05-07  6:45                       ` Eric Biggers
2021-05-07 15:56                         ` Theodore Ts'o
2021-05-07 16:22                           ` harshad shirwadkar
2021-05-04 20:35               ` Eric Biggers
2021-05-04 15:18   ` Theodore Ts'o
2021-05-06 18:30 ` [PATCH -v2] " Theodore Ts'o
2021-05-06 23:30   ` harshad shirwadkar
2021-05-07  1:50     ` Theodore Ts'o

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YJGyTjYKcEkx+fQq@gmail.com \
    --to=ebiggers@kernel.org \
    --cc=adilger@dilger.ca \
    --cc=harshads@google.com \
    --cc=harshadshirwadkar@gmail.com \
    --cc=linux-ext4@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.