From: Daniel Micay <danielmicay@gmail.com>
To: Arnd Bergmann <arnd@arndb.de>, Bart Van Assche <Bart.VanAssche@wdc.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"keescook@chromium.org" <keescook@chromium.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
"parav@mellanox.com" <parav@mellanox.com>,
"monis@mellanox.com" <monis@mellanox.com>,
"Michal.Kalderon@cavium.com" <Michal.Kalderon@cavium.com>,
"sean.hefty@intel.com" <sean.hefty@intel.com>,
"Ariel.Elior@cavium.com" <Ariel.Elior@cavium.com>,
"hal.rosenstock@gmail.com" <hal.rosenstock@gmail.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"dledford@redhat.com" <dledford@redhat.com>,
"noaos@mellanox.com" <noaos@mellanox.com>
Subject: Re: [PATCH] infiniband: avoid overflow warning
Date: Mon, 31 Jul 2017 15:35:37 -0400 [thread overview]
Message-ID: <1501529737.1180.1.camel@gmail.com> (raw)
In-Reply-To: <CAK8P3a04DR6NT5jXJSmcw_cDjuKQ-y6f1SQz0cD9Bp=OaoaAhQ@mail.gmail.com>
On Mon, 2017-07-31 at 21:19 +0200, Arnd Bergmann wrote:
> On Mon, Jul 31, 2017 at 6:17 PM, Bart Van Assche <Bart.VanAssche@wdc.c
> om> wrote:
> > On Mon, 2017-07-31 at 18:04 +0200, Arnd Bergmann wrote:
> > > On Mon, Jul 31, 2017 at 5:32 PM, Bart Van Assche <Bart.VanAssche@w
> > > dc.com> wrote:
> > > > So inetaddr_event() assigns AF_INET so .sin_family and gcc warns
> > > > about code
> > > > that is only executed if .sin_family == AF_INET6? Since this
> > > > warning is the
> > > > result of incorrect interprocedural analysis by gcc, shouldn't
> > > > this be
> > > > reported as a bug to the gcc authors?
> > >
> > > I think the interprocedural analysis here is just a little worse
> > > than it could
> > > be, but it's not actually correct. It's not gcc that prints the
> > > warning (if
> > > it did, then I'd agree it would be a gcc bug) but the warning is
> > > triggered
> > > intentionally by the fortified version of memcpy in
> > > include/linux/string.h.
> > >
> > > The problem as I understand it is that gcc cannot guarantee that
> > > it
> > > tracks the value of addr->sa_family at least as far as the size
> > > of the
> > > stack object, and it has no strict reason to do so, so the inlined
> > > rdma_ip2gid() will still contain both cases.
> >
> > Hello Arnd,
> >
> > Had you already considered to uninline the rdma_ip2gid() function?
>
> Not really, that would prevent the normal optimization from happening,
> so that would be worse than uninlining addr_event() as I tried.
>
> It would of course get rid of the warning, so if you think that's a
> better
> solution, I won't complain.
>
> Arnd
You could also use __memcpy but using a struct assignment seems cleaner.
The compile-time fortify errors aren't perfect since they rely on GCC
being able to optimize them out and there can be dead code that has
intentional overflows, etc. Their purpose is just to move many runtime
errors (which don't have these false positives) to compile-time since
it's a lot less painful to deal with a few false positives like this
than errors slipping through to runtime (although it's less important
since it's going to be using WARN for the time being).
If the compile-time errors would removed, all of the real overflows
would still be detected at runtime. One option would be having something
like #define __NO_FORTIFY but *only* disabling the compile-time part of
the checks to work around false positives. *shrug*
next prev parent reply other threads:[~2017-07-31 19:35 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-31 6:50 [PATCH] infiniband: avoid overflow warning Arnd Bergmann
2017-07-31 7:08 ` Moni Shoua
2017-07-31 7:30 ` Arnd Bergmann
2017-07-31 15:32 ` Bart Van Assche
2017-07-31 16:04 ` Arnd Bergmann
2017-07-31 16:17 ` Bart Van Assche
2017-07-31 19:19 ` Arnd Bergmann
2017-07-31 19:35 ` Daniel Micay [this message]
2017-07-31 20:58 ` Kees Cook
2017-07-31 21:10 ` Arnd Bergmann
2017-07-31 21:18 ` Kees Cook
2017-07-31 21:37 ` Daniel Micay
2017-07-31 21:52 ` Arnd Bergmann
2017-07-31 22:06 ` Kees Cook
2017-08-18 16:40 ` Doug Ledford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1501529737.1180.1.camel@gmail.com \
--to=danielmicay@gmail.com \
--cc=Ariel.Elior@cavium.com \
--cc=Bart.VanAssche@wdc.com \
--cc=Michal.Kalderon@cavium.com \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=dledford@redhat.com \
--cc=hal.rosenstock@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=monis@mellanox.com \
--cc=noaos@mellanox.com \
--cc=parav@mellanox.com \
--cc=sean.hefty@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox