From: Jan Hendrik Farr <kernel@jfarr.cc>
To: Alan Huang <mmpgouride@gmail.com>
Cc: kent.overstreet@linux.dev, kees@kernel.org,
gustavoars@kernel.org, thorsten.blum@toblux.com,
linux-bcachefs@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] Revert "bcachefs: Annotate struct bch_xattr with __counted_by()"
Date: Thu, 1 May 2025 21:09:04 +0200 [thread overview]
Message-ID: <aBPG0OqCCM6weLMZ@archlinux> (raw)
In-Reply-To: <20250501184150.200319-1-mmpgouride@gmail.com>
On 02 02:41:50, Alan Huang wrote:
> This reverts commit 86e92eeeb23741a072fe7532db663250ff2e726a.
>
> After the x_name, there is a value. According to the disscussion[1],
> __counted_by assumes that the flexible array member contains exactly
> the amount of elements that are specified. Now there are users came across
> buffer overflow caused by the __counted_by here[2], so revert that.
Nit: It's not causing a buffer overflow. It's causing a false positive
detection of an out of bounds write.
>
> [1] https://lore.kernel.org/lkml/Zv8VDKWN1GzLRT-_@archlinux/T/#m0ce9541c5070146320efd4f928cc1ff8de69e9b2
> [2] https://privatebin.net/?a0d4e97d590d71e1#9bLmp2Kb5NU6X6cZEucchDcu88HzUQwHUah8okKPReEt
>
> Signed-off-by: Alan Huang <mmpgouride@gmail.com>
> ---
> fs/bcachefs/xattr_format.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/bcachefs/xattr_format.h b/fs/bcachefs/xattr_format.h
> index c7916011ef34..e9f810539552 100644
> --- a/fs/bcachefs/xattr_format.h
> +++ b/fs/bcachefs/xattr_format.h
> @@ -13,7 +13,7 @@ struct bch_xattr {
> __u8 x_type;
> __u8 x_name_len;
> __le16 x_val_len;
> - __u8 x_name[] __counted_by(x_name_len);
> + __u8 x_name[];
> } __packed __aligned(8);
>
> #endif /* _BCACHEFS_XATTR_FORMAT_H */
> --
> 2.48.1
>
next prev parent reply other threads:[~2025-05-01 19:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-01 18:41 [PATCH] Revert "bcachefs: Annotate struct bch_xattr with __counted_by()" Alan Huang
2025-05-01 19:09 ` Jan Hendrik Farr [this message]
2025-05-01 19:16 ` Kent Overstreet
2025-05-01 19:22 ` Jan Hendrik Farr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aBPG0OqCCM6weLMZ@archlinux \
--to=kernel@jfarr.cc \
--cc=gustavoars@kernel.org \
--cc=kees@kernel.org \
--cc=kent.overstreet@linux.dev \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=mmpgouride@gmail.com \
--cc=thorsten.blum@toblux.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.