From: Kees Cook <keescook@chromium.org>
To: Kent Overstreet <kent.overstreet@linux.dev>
Cc: Brian Foster <bfoster@redhat.com>,
linux-bcachefs@vger.kernel.org, kernel test robot <lkp@intel.com>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v3] bcachefs: Refactor memcpy into direct assignment
Date: Wed, 18 Oct 2023 19:28:37 -0700 [thread overview]
Message-ID: <202310181927.F9CCC45@keescook> (raw)
In-Reply-To: <20231019003232.5uwphr7de7nybsra@moria.home.lan>
On Wed, Oct 18, 2023 at 08:32:32PM -0400, Kent Overstreet wrote:
> On Wed, Oct 18, 2023 at 04:07:32PM -0700, Kees Cook wrote:
> > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake
> > flexible array which looks to the compiler like it has 0 size. This
> > causes W=1 builds to emit warnings due to -Wstringop-overflow:
> >
> > In file included from include/linux/string.h:254,
> > from include/linux/bitmap.h:11,
> > from include/linux/cpumask.h:12,
> > from include/linux/smp.h:13,
> > from include/linux/lockdep.h:14,
> > from include/linux/radix-tree.h:14,
> > from include/linux/backing-dev-defs.h:6,
> > from fs/bcachefs/bcachefs.h:182:
> > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
> > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
> > 57 | #define __underlying_memcpy __builtin_memcpy
> > | ^
> > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> > 648 | __underlying_##op(p, q, __fortify_size); \
> > | ^~~~~~~~~~~~~
> > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> > | ^~~~~~~~~~~~~~~~~~~~
> > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
> > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
> > | ^~~~~~
> > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
> > 287 | struct bch_val v;
> > | ^
> >
> > Avoid making any structure changes and just replace the u64 copy into a
> > direct assignment, side-stepping the entire problem.
>
> This does make me wonder about the usefulness of the fortify source
> stuff if it can be sidestepped this way, but hey, I'll take it :)
Well, the "weird" cases like this are the ones that get attention. All
the places it's working more cleanly are very effectively stomping real
bugs.
> Pulled it into the testing branch, https://evilpiepirate.org/~testdashboard/ci?branch=bcachefs-testing
Thanks!
-Kees
--
Kees Cook
prev parent reply other threads:[~2023-10-19 2:28 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-18 23:07 [PATCH v3] bcachefs: Refactor memcpy into direct assignment Kees Cook
2023-10-19 0:32 ` Kent Overstreet
2023-10-19 2:28 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202310181927.F9CCC45@keescook \
--to=keescook@chromium.org \
--cc=bfoster@redhat.com \
--cc=kent.overstreet@linux.dev \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox