| Message ID | 20231018230728.make.202-kees@kernel.org (mailing list archive) |
|---|---|
| State | Mainlined |
| Headers | show |
| Series | [v3] bcachefs: Refactor memcpy into direct assignment | expand |
On Wed, Oct 18, 2023 at 04:07:32PM -0700, Kees Cook wrote: > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake > flexible array which looks to the compiler like it has 0 size. This > causes W=1 builds to emit warnings due to -Wstringop-overflow: > > In file included from include/linux/string.h:254, > from include/linux/bitmap.h:11, > from include/linux/cpumask.h:12, > from include/linux/smp.h:13, > from include/linux/lockdep.h:14, > from include/linux/radix-tree.h:14, > from include/linux/backing-dev-defs.h:6, > from fs/bcachefs/bcachefs.h:182: > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr': > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] > 57 | #define __underlying_memcpy __builtin_memcpy > | ^ > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > 648 | __underlying_##op(p, q, __fortify_size); \ > | ^~~~~~~~~~~~~ > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > | ^~~~~~~~~~~~~~~~~~~~ > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy' > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k), > | ^~~~~~ > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0 > 287 | struct bch_val v; > | ^ > > Avoid making any structure changes and just replace the u64 copy into a > direct assignment, side-stepping the entire problem. This does make me wonder about the usefulness of the fortify source stuff if it can be sidestepped this way, but hey, I'll take it :) Pulled it into the testing branch, https://evilpiepirate.org/~testdashboard/ci?branch=bcachefs-testing
On Wed, Oct 18, 2023 at 08:32:32PM -0400, Kent Overstreet wrote: > On Wed, Oct 18, 2023 at 04:07:32PM -0700, Kees Cook wrote: > > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake > > flexible array which looks to the compiler like it has 0 size. This > > causes W=1 builds to emit warnings due to -Wstringop-overflow: > > > > In file included from include/linux/string.h:254, > > from include/linux/bitmap.h:11, > > from include/linux/cpumask.h:12, > > from include/linux/smp.h:13, > > from include/linux/lockdep.h:14, > > from include/linux/radix-tree.h:14, > > from include/linux/backing-dev-defs.h:6, > > from fs/bcachefs/bcachefs.h:182: > > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr': > > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] > > 57 | #define __underlying_memcpy __builtin_memcpy > > | ^ > > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' > > 648 | __underlying_##op(p, q, __fortify_size); \ > > | ^~~~~~~~~~~~~ > > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' > > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ > > | ^~~~~~~~~~~~~~~~~~~~ > > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy' > > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k), > > | ^~~~~~ > > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0 > > 287 | struct bch_val v; > > | ^ > > > > Avoid making any structure changes and just replace the u64 copy into a > > direct assignment, side-stepping the entire problem. > > This does make me wonder about the usefulness of the fortify source > stuff if it can be sidestepped this way, but hey, I'll take it :) Well, the "weird" cases like this are the ones that get attention. All the places it's working more cleanly are very effectively stomping real bugs. > Pulled it into the testing branch, https://evilpiepirate.org/~testdashboard/ci?branch=bcachefs-testing Thanks! -Kees
diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h index 7ee8d031bb6c..8c09c527fc4f 100644 --- a/fs/bcachefs/extents.h +++ b/fs/bcachefs/extents.h @@ -632,6 +632,8 @@ void bch2_bkey_extent_entry_drop(struct bkey_i *, union bch_extent_entry *); static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr ptr) { + struct bch_extent_ptr *dest; + EBUG_ON(bch2_bkey_has_device(bkey_i_to_s(k), ptr.dev)); switch (k->k.type) { @@ -641,10 +643,8 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr EBUG_ON(bkey_val_u64s(&k->k) >= BKEY_EXTENT_VAL_U64s_MAX); ptr.type = 1 << BCH_EXTENT_ENTRY_ptr; - - memcpy((void *) &k->v + bkey_val_bytes(&k->k), - &ptr, - sizeof(ptr)); + dest = (struct bch_extent_ptr *)((void *) &k->v + bkey_val_bytes(&k->k)); + *dest = ptr; k->k.u64s++; break; default:
The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake flexible array which looks to the compiler like it has 0 size. This causes W=1 builds to emit warnings due to -Wstringop-overflow: In file included from include/linux/string.h:254, from include/linux/bitmap.h:11, from include/linux/cpumask.h:12, from include/linux/smp.h:13, from include/linux/lockdep.h:14, from include/linux/radix-tree.h:14, from include/linux/backing-dev-defs.h:6, from fs/bcachefs/bcachefs.h:182: fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr': include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=] 57 | #define __underlying_memcpy __builtin_memcpy | ^ include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy' 648 | __underlying_##op(p, q, __fortify_size); \ | ^~~~~~~~~~~~~ include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk' 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ | ^~~~~~~~~~~~~~~~~~~~ fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy' 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k), | ^~~~~~ fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0 287 | struct bch_val v; | ^ Avoid making any structure changes and just replace the u64 copy into a direct assignment, side-stepping the entire problem. Cc: Kent Overstreet <kent.overstreet@linux.dev> Cc: Brian Foster <bfoster@redhat.com> Cc: linux-bcachefs@vger.kernel.org Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202309192314.VBsjiIm5-lkp@intel.com/ Link: https://lore.kernel.org/r/20231010235609.work.594-kees@kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> --- v3 - replace memcpy with assignment v2 - https://lore.kernel.org/all/20231016212735.it.314-kees@kernel.org v1 - https://lore.kernel.org/r/20231010235609.work.594-kees@kernel.org --- fs/bcachefs/extents.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)