* [PATCH v2][next] cgroup: Avoid -Wstringop-overflow warnings @ 2023-08-16 20:50 Gustavo A. R. Silva 2023-08-16 20:51 ` Tejun Heo 0 siblings, 1 reply; 5+ messages in thread From: Gustavo A. R. Silva @ 2023-08-16 20:50 UTC (permalink / raw) To: Tejun Heo, Zefan Li, Johannes Weiner Cc: cgroups-u79uwXL29TY76Z2rM5mHXA, linux-kernel-u79uwXL29TY76Z2rM5mHXA, Gustavo A. R. Silva, linux-hardening-u79uwXL29TY76Z2rM5mHXA Change the notation from pointer-to-array to pointer-to-pointer. With this, we avoid the compiler complaining about trying to access a region of size zero as an argument during function calls. Address the following -Wstringop-overflow warnings seen when built with ARM architecture and aspeed_g4_defconfig configuration (notice that under this configuration CGROUP_SUBSYS_COUNT == 0): kernel/cgroup/cgroup.c:1208:16: warning: 'find_existing_css_set' accessing 4 bytes in a region of size 0 [-Wstringop-overflow=] kernel/cgroup/cgroup.c:1258:15: warning: 'css_set_hash' accessing 4 bytes in a region of size 0 [-Wstringop-overflow=] kernel/cgroup/cgroup.c:6089:18: warning: 'css_set_hash' accessing 4 bytes in a region of size 0 [-Wstringop-overflow=] kernel/cgroup/cgroup.c:6153:18: warning: 'css_set_hash' accessing 4 bytes in a region of size 0 [-Wstringop-overflow=] This results in no differences in binary output. Link: https://github.com/KSPP/linux/issues/316 Signed-off-by: Gustavo A. R. Silva <gustavoars-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> --- Changes in v2: - Use pointer-to-pointer instead of pointer-to-array. - Update changelog text. v1: - Link: https://lore.kernel.org/linux-hardening/ZIpm3pcs3iCP9UaR@work/ kernel/cgroup/cgroup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index ccbbba06da5b..68e2d9812e3f 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -929,7 +929,7 @@ static void css_set_move_task(struct task_struct *task, #define CSS_SET_HASH_BITS 7 static DEFINE_HASHTABLE(css_set_table, CSS_SET_HASH_BITS); -static unsigned long css_set_hash(struct cgroup_subsys_state *css[]) +static unsigned long css_set_hash(struct cgroup_subsys_state **css) { unsigned long key = 0UL; struct cgroup_subsys *ss; @@ -1070,7 +1070,7 @@ static bool compare_css_sets(struct css_set *cset, */ static struct css_set *find_existing_css_set(struct css_set *old_cset, struct cgroup *cgrp, - struct cgroup_subsys_state *template[]) + struct cgroup_subsys_state **template) { struct cgroup_root *root = cgrp->root; struct cgroup_subsys *ss; -- 2.34.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2][next] cgroup: Avoid -Wstringop-overflow warnings 2023-08-16 20:50 [PATCH v2][next] cgroup: Avoid -Wstringop-overflow warnings Gustavo A. R. Silva @ 2023-08-16 20:51 ` Tejun Heo [not found] ` <ZN02wFqzvwP2JI-K-NiLfg/pYEd1N0TnZuCh8vA@public.gmane.org> 0 siblings, 1 reply; 5+ messages in thread From: Tejun Heo @ 2023-08-16 20:51 UTC (permalink / raw) To: Gustavo A. R. Silva Cc: Zefan Li, Johannes Weiner, cgroups-u79uwXL29TY76Z2rM5mHXA, linux-kernel-u79uwXL29TY76Z2rM5mHXA, linux-hardening-u79uwXL29TY76Z2rM5mHXA Hello, On Wed, Aug 16, 2023 at 02:50:16PM -0600, Gustavo A. R. Silva wrote: > Change the notation from pointer-to-array to pointer-to-pointer. > With this, we avoid the compiler complaining about trying > to access a region of size zero as an argument during function > calls. Haha, I thought the functions were actually accessing the memory. This can't be an intended behavior on the compiler's side, right? Thanks. -- tejun ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <ZN02wFqzvwP2JI-K-NiLfg/pYEd1N0TnZuCh8vA@public.gmane.org>]
* Re: [PATCH v2][next] cgroup: Avoid -Wstringop-overflow warnings [not found] ` <ZN02wFqzvwP2JI-K-NiLfg/pYEd1N0TnZuCh8vA@public.gmane.org> @ 2023-08-16 20:57 ` Kees Cook 2023-08-16 21:01 ` Tejun Heo 0 siblings, 1 reply; 5+ messages in thread From: Kees Cook @ 2023-08-16 20:57 UTC (permalink / raw) To: Tejun Heo Cc: Gustavo A. R. Silva, Zefan Li, Johannes Weiner, cgroups-u79uwXL29TY76Z2rM5mHXA, linux-kernel-u79uwXL29TY76Z2rM5mHXA, linux-hardening-u79uwXL29TY76Z2rM5mHXA On Wed, Aug 16, 2023 at 10:51:12AM -1000, Tejun Heo wrote: > Hello, > > On Wed, Aug 16, 2023 at 02:50:16PM -0600, Gustavo A. R. Silva wrote: > > Change the notation from pointer-to-array to pointer-to-pointer. > > With this, we avoid the compiler complaining about trying > > to access a region of size zero as an argument during function > > calls. > > Haha, I thought the functions were actually accessing the memory. This can't > be an intended behavior on the compiler's side, right? I think it's a result of inlining -- the compiler ends up with a case where it looks like it might be possible to index a zero-sized array, but it is "accidentally safe". -- Kees Cook ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2][next] cgroup: Avoid -Wstringop-overflow warnings 2023-08-16 20:57 ` Kees Cook @ 2023-08-16 21:01 ` Tejun Heo 2023-08-17 17:23 ` Gustavo A. R. Silva 0 siblings, 1 reply; 5+ messages in thread From: Tejun Heo @ 2023-08-16 21:01 UTC (permalink / raw) To: Kees Cook Cc: Gustavo A. R. Silva, Zefan Li, Johannes Weiner, cgroups-u79uwXL29TY76Z2rM5mHXA, linux-kernel-u79uwXL29TY76Z2rM5mHXA, linux-hardening-u79uwXL29TY76Z2rM5mHXA On Wed, Aug 16, 2023 at 01:57:16PM -0700, Kees Cook wrote: > On Wed, Aug 16, 2023 at 10:51:12AM -1000, Tejun Heo wrote: > > Hello, > > > > On Wed, Aug 16, 2023 at 02:50:16PM -0600, Gustavo A. R. Silva wrote: > > > Change the notation from pointer-to-array to pointer-to-pointer. > > > With this, we avoid the compiler complaining about trying > > > to access a region of size zero as an argument during function > > > calls. > > > > Haha, I thought the functions were actually accessing the memory. This can't > > be an intended behavior on the compiler's side, right? > > I think it's a result of inlining -- the compiler ends up with a case > where it looks like it might be possible to index a zero-sized array, > but it is "accidentally safe". Ah I see. It's not that the compiler knows that ** access is safe. It's more that it only applies the check on arrays. Is that right? Gustavo, I don't mind the patch but can you update the patch description a bit explaining a bit more on what's going on with the complier? It doesn't have to be the full explanation but it'd be useful to explicitly point out that we're just working around the compiler being a bit silly. Thanks. -- tejun ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2][next] cgroup: Avoid -Wstringop-overflow warnings 2023-08-16 21:01 ` Tejun Heo @ 2023-08-17 17:23 ` Gustavo A. R. Silva 0 siblings, 0 replies; 5+ messages in thread From: Gustavo A. R. Silva @ 2023-08-17 17:23 UTC (permalink / raw) To: Tejun Heo, Kees Cook Cc: Gustavo A. R. Silva, Zefan Li, Johannes Weiner, cgroups, linux-kernel, linux-hardening On 8/16/23 15:01, Tejun Heo wrote: > On Wed, Aug 16, 2023 at 01:57:16PM -0700, Kees Cook wrote: >> On Wed, Aug 16, 2023 at 10:51:12AM -1000, Tejun Heo wrote: >>> Hello, >>> >>> On Wed, Aug 16, 2023 at 02:50:16PM -0600, Gustavo A. R. Silva wrote: >>>> Change the notation from pointer-to-array to pointer-to-pointer. >>>> With this, we avoid the compiler complaining about trying >>>> to access a region of size zero as an argument during function >>>> calls. >>> >>> Haha, I thought the functions were actually accessing the memory. This can't >>> be an intended behavior on the compiler's side, right? >> >> I think it's a result of inlining -- the compiler ends up with a case >> where it looks like it might be possible to index a zero-sized array, >> but it is "accidentally safe". > > Ah I see. It's not that the compiler knows that ** access is safe. It's more > that it only applies the check on arrays. Is that right? Gustavo, I don't That's correct. > mind the patch but can you update the patch description a bit explaining a > bit more on what's going on with the complier? It doesn't have to be the > full explanation but it'd be useful to explicitly point out that we're just > working around the compiler being a bit silly. I just sent v3: https://lore.kernel.org/linux-hardening/ZN5WkbPelHUSTXOA@work/ Thanks -- Gustavo ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-08-17 17:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-16 20:50 [PATCH v2][next] cgroup: Avoid -Wstringop-overflow warnings Gustavo A. R. Silva
2023-08-16 20:51 ` Tejun Heo
[not found] ` <ZN02wFqzvwP2JI-K-NiLfg/pYEd1N0TnZuCh8vA@public.gmane.org>
2023-08-16 20:57 ` Kees Cook
2023-08-16 21:01 ` Tejun Heo
2023-08-17 17:23 ` Gustavo A. R. Silva
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox