The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake
flexible array which looks to the compiler like it has 0 size. This
causes W=1 builds to emit warnings due to -Wstringop-overflow:
In file included from include/linux/string.h:254,
from include/linux/bitmap.h:11,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/radix-tree.h:14,
from include/linux/backing-dev-defs.h:6,
from fs/bcachefs/bcachefs.h:182:
fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
57 | #define __underlying_memcpy __builtin_memcpy
| ^
include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
648 | __underlying_##op(p, q, __fortify_size); \
| ^~~~~~~~~~~~~
include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
| ^~~~~~~~~~~~~~~~~~~~
fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
| ^~~~~~
fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
287 | struct bch_val v;
| ^
Avoid making any structure changes and just replace the u64 copy into a
direct assignment, side-stepping the entire problem.
Cc: Kent Overstreet <[email protected]>
Cc: Brian Foster <[email protected]>
Cc: [email protected]
Reported-by: kernel test robot <[email protected]>
Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Kees Cook <[email protected]>
---
v3 - replace memcpy with assignment
v2 - https://lore.kernel.org/all/[email protected]
v1 - https://lore.kernel.org/r/[email protected]
---
fs/bcachefs/extents.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h
index 7ee8d031bb6c..8c09c527fc4f 100644
--- a/fs/bcachefs/extents.h
+++ b/fs/bcachefs/extents.h
@@ -632,6 +632,8 @@ void bch2_bkey_extent_entry_drop(struct bkey_i *, union bch_extent_entry *);
static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr ptr)
{
+ struct bch_extent_ptr *dest;
+
EBUG_ON(bch2_bkey_has_device(bkey_i_to_s(k), ptr.dev));
switch (k->k.type) {
@@ -641,10 +643,8 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr
EBUG_ON(bkey_val_u64s(&k->k) >= BKEY_EXTENT_VAL_U64s_MAX);
ptr.type = 1 << BCH_EXTENT_ENTRY_ptr;
-
- memcpy((void *) &k->v + bkey_val_bytes(&k->k),
- &ptr,
- sizeof(ptr));
+ dest = (struct bch_extent_ptr *)((void *) &k->v + bkey_val_bytes(&k->k));
+ *dest = ptr;
k->k.u64s++;
break;
default:
--
2.34.1
On Wed, Oct 18, 2023 at 04:07:32PM -0700, Kees Cook wrote:
> The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake
> flexible array which looks to the compiler like it has 0 size. This
> causes W=1 builds to emit warnings due to -Wstringop-overflow:
>
> In file included from include/linux/string.h:254,
> from include/linux/bitmap.h:11,
> from include/linux/cpumask.h:12,
> from include/linux/smp.h:13,
> from include/linux/lockdep.h:14,
> from include/linux/radix-tree.h:14,
> from include/linux/backing-dev-defs.h:6,
> from fs/bcachefs/bcachefs.h:182:
> fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
> include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
> 57 | #define __underlying_memcpy __builtin_memcpy
> | ^
> include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> 648 | __underlying_##op(p, q, __fortify_size); \
> | ^~~~~~~~~~~~~
> include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> | ^~~~~~~~~~~~~~~~~~~~
> fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
> 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
> | ^~~~~~
> fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
> 287 | struct bch_val v;
> | ^
>
> Avoid making any structure changes and just replace the u64 copy into a
> direct assignment, side-stepping the entire problem.
This does make me wonder about the usefulness of the fortify source
stuff if it can be sidestepped this way, but hey, I'll take it :)
Pulled it into the testing branch, https://evilpiepirate.org/~testdashboard/ci?branch=bcachefs-testing
On Wed, Oct 18, 2023 at 08:32:32PM -0400, Kent Overstreet wrote:
> On Wed, Oct 18, 2023 at 04:07:32PM -0700, Kees Cook wrote:
> > The memcpy() in bch2_bkey_append_ptr() is operating on an embedded fake
> > flexible array which looks to the compiler like it has 0 size. This
> > causes W=1 builds to emit warnings due to -Wstringop-overflow:
> >
> > In file included from include/linux/string.h:254,
> > from include/linux/bitmap.h:11,
> > from include/linux/cpumask.h:12,
> > from include/linux/smp.h:13,
> > from include/linux/lockdep.h:14,
> > from include/linux/radix-tree.h:14,
> > from include/linux/backing-dev-defs.h:6,
> > from fs/bcachefs/bcachefs.h:182:
> > fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
> > include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
> > 57 | #define __underlying_memcpy __builtin_memcpy
> > | ^
> > include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> > 648 | __underlying_##op(p, q, __fortify_size); \
> > | ^~~~~~~~~~~~~
> > include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> > 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> > | ^~~~~~~~~~~~~~~~~~~~
> > fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
> > 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
> > | ^~~~~~
> > fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
> > 287 | struct bch_val v;
> > | ^
> >
> > Avoid making any structure changes and just replace the u64 copy into a
> > direct assignment, side-stepping the entire problem.
>
> This does make me wonder about the usefulness of the fortify source
> stuff if it can be sidestepped this way, but hey, I'll take it :)
Well, the "weird" cases like this are the ones that get attention. All
the places it's working more cleanly are very effectively stomping real
bugs.
> Pulled it into the testing branch, https://evilpiepirate.org/~testdashboard/ci?branch=bcachefs-testing
Thanks!
-Kees
--
Kees Cook