From: Nathan Chancellor <nathan@kernel.org>
To: "Dmitry V. Levin" <ldv@strace.io>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Charlie Jenkins <charlie@rivosinc.com>,
Arnd Bergmann <arnd@arndb.de>,
strace-devel@lists.strace.io, linux-kernel@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: Re: [PATCH v7 2/6] syscall.h: add syscall_set_arguments()
Date: Tue, 8 Apr 2025 17:38:03 -0700 [thread overview]
Message-ID: <20250409003803.GA2876360@ax162> (raw)
In-Reply-To: <20250408223611.GA26876@strace.io>
On Wed, Apr 09, 2025 at 01:36:11AM +0300, Dmitry V. Levin wrote:
> On Tue, Apr 08, 2025 at 02:31:31PM -0700, Nathan Chancellor wrote:
> > On Mon, Mar 03, 2025 at 01:20:09PM +0200, Dmitry V. Levin wrote:
> > > +static inline void syscall_set_arguments(struct task_struct *task,
> > > + struct pt_regs *regs,
> > > + const unsigned long *args)
> > > +{
> > > + regs->orig_a0 = args[0];
> > > + args++;
> > > + memcpy(®s->a1, args, 5 * sizeof(regs->a1));
> > > +}
> >
> > This upsets the compiletime fortify checks, as I see a warning after
> > syscall_set_arguments() starts being used in kernel/ptrace.c later in
> > the series.
> >
> > $ make -skj"$(nproc)" ARCH=riscv CROSS_COMPILE=riscv64-linux- allmodconfig kernel/ptrace.o
> > In file included from include/linux/string.h:392,
> > from include/linux/bitmap.h:13,
> > from include/linux/cpumask.h:12,
> > from arch/riscv/include/asm/processor.h:55,
> > from include/linux/sched.h:13,
> > from kernel/ptrace.c:13:
> > In function 'fortify_memcpy_chk',
> > inlined from 'syscall_set_arguments.isra' at arch/riscv/include/asm/syscall.h:82:2:
> > include/linux/fortify-string.h:571:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
> > 571 | __write_overflow_field(p_size_field, size);
> > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > cc1: all warnings being treated as errors
>
> I certainly tested the series on riscv64, but somehow I haven't seen this
> compiler diagnostics before.
Maybe CONFIG_FORTIFY_SOURCE was not enabled? This comes from the
kernel's fortified memcpy checking function, fortify_memcpy_chk(), not
necessarily the compiler itself.
> > diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
> > index a5281cdf2b10..70ec19dc8506 100644
> > --- a/arch/riscv/include/asm/syscall.h
> > +++ b/arch/riscv/include/asm/syscall.h
> > @@ -78,8 +78,11 @@ static inline void syscall_set_arguments(struct task_struct *task,
> > const unsigned long *args)
> > {
> > regs->orig_a0 = args[0];
> > - args++;
> > - memcpy(®s->a1, args, 5 * sizeof(regs->a1));
> > + regs->a1 = args[1];
> > + regs->a2 = args[2];
> > + regs->a3 = args[3];
> > + regs->a4 = args[4];
> > + regs->a5 = args[5];
> > }
>
> I don't mind eliminating the memcpy() altogether, but
> I'd like to note that syscall_set_arguments() is an exact mirror
> of syscall_get_arguments(), so if the intentional overwrite in
> syscall_set_arguments() is not acceptable, then the intentional
> overread in syscall_get_arguments() shouldn't be acceptable either.
Yes, I noticed the symmetry too but I was only looking at it from the
overwrite perspective, not the overread one. That reminded me to double
check what fortify_memcpy_chk() actually checks for and I remembered
that the overread version of this warning is hidden under W=1 (I guess
because it happens more frequently).
$ make -skj"$(nproc)" ARCH=riscv CROSS_COMPILE=riscv64-linux- W=1 allmodconfig kernel/ptrace.o
In file included from include/linux/string.h:392,
from include/linux/bitmap.h:13,
from include/linux/cpumask.h:12,
from arch/riscv/include/asm/processor.h:55,
from include/linux/sched.h:13,
from kernel/ptrace.c:13:
In function 'fortify_memcpy_chk',
inlined from 'syscall_get_arguments.isra' at arch/riscv/include/asm/syscall.h:73:2:
include/linux/fortify-string.h:580:25: error: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
580 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
So memcpy() should indeed be eliminated from both, which obviously
clears up the warnings.
Cheers,
Nathan
diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h
index a5281cdf2b10..34313387f977 100644
--- a/arch/riscv/include/asm/syscall.h
+++ b/arch/riscv/include/asm/syscall.h
@@ -69,8 +69,11 @@ static inline void syscall_get_arguments(struct task_struct *task,
unsigned long *args)
{
args[0] = regs->orig_a0;
- args++;
- memcpy(args, ®s->a1, 5 * sizeof(args[0]));
+ args[1] = regs->a1;
+ args[2] = regs->a2;
+ args[3] = regs->a3;
+ args[4] = regs->a4;
+ args[5] = regs->a5;
}
static inline void syscall_set_arguments(struct task_struct *task,
@@ -78,8 +81,11 @@ static inline void syscall_set_arguments(struct task_struct *task,
const unsigned long *args)
{
regs->orig_a0 = args[0];
- args++;
- memcpy(®s->a1, args, 5 * sizeof(regs->a1));
+ regs->a1 = args[1];
+ regs->a2 = args[2];
+ regs->a3 = args[3];
+ regs->a4 = args[4];
+ regs->a5 = args[5];
}
static inline int syscall_get_arch(struct task_struct *task)
next prev parent reply other threads:[~2025-04-09 0:38 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-03 11:19 [PATCH v7 0/6] ptrace: introduce PTRACE_SET_SYSCALL_INFO API Dmitry V. Levin
2025-03-03 11:19 ` [PATCH v7 1/6] hexagon: add syscall_set_return_value() Dmitry V. Levin
2025-03-03 11:20 ` [PATCH v7 2/6] syscall.h: add syscall_set_arguments() Dmitry V. Levin
2025-04-08 21:31 ` Nathan Chancellor
2025-04-08 22:36 ` Dmitry V. Levin
2025-04-09 0:38 ` Nathan Chancellor [this message]
2025-04-09 6:40 ` Dmitry V. Levin
2025-04-09 15:52 ` Nathan Chancellor
2025-04-09 23:18 ` Dmitry V. Levin
2025-04-10 18:14 ` Nathan Chancellor
2025-03-03 11:20 ` [PATCH v7 3/6] syscall.h: introduce syscall_set_nr() Dmitry V. Levin
2025-03-03 11:20 ` [PATCH v7 4/6] ptrace_get_syscall_info: factor out ptrace_get_syscall_info_op Dmitry V. Levin
2025-03-03 11:20 ` [PATCH v7 5/6] ptrace: introduce PTRACE_SET_SYSCALL_INFO request Dmitry V. Levin
2025-03-03 11:20 ` [PATCH v7 6/6] selftests/ptrace: add a test case for PTRACE_SET_SYSCALL_INFO Dmitry V. Levin
2025-03-06 2:02 ` [PATCH v7 0/6] ptrace: introduce PTRACE_SET_SYSCALL_INFO API Dmitry V. Levin
2025-03-25 10:41 ` Dmitry V. Levin
2025-03-25 17:57 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250409003803.GA2876360@ax162 \
--to=nathan@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=charlie@rivosinc.com \
--cc=ldv@strace.io \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=oleg@redhat.com \
--cc=strace-devel@lists.strace.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox