The memcpy() in bch2_bkey_append_ptr() is operating on an embedded
fake flexible array. Instead, make it explicit, and convert the memcpy
to target the flexible array instead. Fixes the W=1 warning seen for
-Wstringop-overflow:
In file included from include/linux/string.h:254,
from include/linux/bitmap.h:11,
from include/linux/cpumask.h:12,
from include/linux/smp.h:13,
from include/linux/lockdep.h:14,
from include/linux/radix-tree.h:14,
from include/linux/backing-dev-defs.h:6,
from fs/bcachefs/bcachefs.h:182:
fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
57 | #define __underlying_memcpy __builtin_memcpy
| ^
include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
648 | __underlying_##op(p, q, __fortify_size); \
| ^~~~~~~~~~~~~
include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
| ^~~~~~~~~~~~~~~~~~~~
fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
| ^~~~~~
fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
287 | struct bch_val v;
| ^
Cc: Kent Overstreet <[email protected]>
Cc: Brian Foster <[email protected]>
Cc: [email protected]
Reported-by: kernel test robot <[email protected]>
Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
Signed-off-by: Kees Cook <[email protected]>
---
v2 - Change flex array name to "v_bytes" (bfoster)
v1 - https://lore.kernel.org/r/[email protected]
---
fs/bcachefs/bcachefs_format.h | 5 ++++-
fs/bcachefs/extents.h | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h
index f0d130440baa..cb1af3799b59 100644
--- a/fs/bcachefs/bcachefs_format.h
+++ b/fs/bcachefs/bcachefs_format.h
@@ -300,7 +300,10 @@ struct bkey_i {
__u64 _data[0];
struct bkey k;
- struct bch_val v;
+ union {
+ struct bch_val v;
+ DECLARE_FLEX_ARRAY(__u8, v_bytes);
+ };
};
#define KEY(_inode, _offset, _size) \
diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h
index 7ee8d031bb6c..896fcfca4f21 100644
--- a/fs/bcachefs/extents.h
+++ b/fs/bcachefs/extents.h
@@ -642,7 +642,7 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr
ptr.type = 1 << BCH_EXTENT_ENTRY_ptr;
- memcpy((void *) &k->v + bkey_val_bytes(&k->k),
+ memcpy(&k->v_bytes[bkey_val_bytes(&k->k)],
&ptr,
sizeof(ptr));
k->k.u64s++;
--
2.34.1
On 10/16/23 15:27, Kees Cook wrote:
> The memcpy() in bch2_bkey_append_ptr() is operating on an embedded
> fake flexible array. Instead, make it explicit, and convert the memcpy
> to target the flexible array instead. Fixes the W=1 warning seen for
> -Wstringop-overflow:
>
> In file included from include/linux/string.h:254,
> from include/linux/bitmap.h:11,
> from include/linux/cpumask.h:12,
> from include/linux/smp.h:13,
> from include/linux/lockdep.h:14,
> from include/linux/radix-tree.h:14,
> from include/linux/backing-dev-defs.h:6,
> from fs/bcachefs/bcachefs.h:182:
> fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
> include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
> 57 | #define __underlying_memcpy __builtin_memcpy
> | ^
> include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> 648 | __underlying_##op(p, q, __fortify_size); \
> | ^~~~~~~~~~~~~
> include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> | ^~~~~~~~~~~~~~~~~~~~
> fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
> 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
> | ^~~~~~
> fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
> 287 | struct bch_val v;
> | ^
>
> Cc: Kent Overstreet <[email protected]>
> Cc: Brian Foster <[email protected]>
> Cc: [email protected]
> Reported-by: kernel test robot <[email protected]>
> Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
> Signed-off-by: Kees Cook <[email protected]>'
Yes. This looks good.
Reviewed-by: Gustavo A. R. Silva <[email protected]>
Thanks!
--
Gustavo
> ---
> v2 - Change flex array name to "v_bytes" (bfoster)
> v1 - https://lore.kernel.org/r/[email protected]
> ---
> fs/bcachefs/bcachefs_format.h | 5 ++++-
> fs/bcachefs/extents.h | 2 +-
> 2 files changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h
> index f0d130440baa..cb1af3799b59 100644
> --- a/fs/bcachefs/bcachefs_format.h
> +++ b/fs/bcachefs/bcachefs_format.h
> @@ -300,7 +300,10 @@ struct bkey_i {
> __u64 _data[0];
>
> struct bkey k;
> - struct bch_val v;
> + union {
> + struct bch_val v;
> + DECLARE_FLEX_ARRAY(__u8, v_bytes);
> + };
> };
>
> #define KEY(_inode, _offset, _size) \
> diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h
> index 7ee8d031bb6c..896fcfca4f21 100644
> --- a/fs/bcachefs/extents.h
> +++ b/fs/bcachefs/extents.h
> @@ -642,7 +642,7 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr
>
> ptr.type = 1 << BCH_EXTENT_ENTRY_ptr;
>
> - memcpy((void *) &k->v + bkey_val_bytes(&k->k),
> + memcpy(&k->v_bytes[bkey_val_bytes(&k->k)],
> &ptr,
> sizeof(ptr));
> k->k.u64s++;
On Mon, Oct 16, 2023 at 02:27:39PM -0700, Kees Cook wrote:
> The memcpy() in bch2_bkey_append_ptr() is operating on an embedded
> fake flexible array. Instead, make it explicit, and convert the memcpy
> to target the flexible array instead. Fixes the W=1 warning seen for
> -Wstringop-overflow:
>
> In file included from include/linux/string.h:254,
> from include/linux/bitmap.h:11,
> from include/linux/cpumask.h:12,
> from include/linux/smp.h:13,
> from include/linux/lockdep.h:14,
> from include/linux/radix-tree.h:14,
> from include/linux/backing-dev-defs.h:6,
> from fs/bcachefs/bcachefs.h:182:
> fs/bcachefs/extents.c: In function 'bch2_bkey_append_ptr':
> include/linux/fortify-string.h:57:33: warning: writing 8 bytes into a region of size 0 [-Wstringop-overflow=]
> 57 | #define __underlying_memcpy __builtin_memcpy
> | ^
> include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
> 648 | __underlying_##op(p, q, __fortify_size); \
> | ^~~~~~~~~~~~~
> include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
> 693 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
> | ^~~~~~~~~~~~~~~~~~~~
> fs/bcachefs/extents.c:235:17: note: in expansion of macro 'memcpy'
> 235 | memcpy((void *) &k->v + bkey_val_bytes(&k->k),
> | ^~~~~~
> fs/bcachefs/bcachefs_format.h:287:33: note: destination object 'v' of size 0
> 287 | struct bch_val v;
> | ^
>
> Cc: Kent Overstreet <[email protected]>
> Cc: Brian Foster <[email protected]>
> Cc: [email protected]
> Reported-by: kernel test robot <[email protected]>
> Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
> Signed-off-by: Kees Cook <[email protected]>
> ---
> v2 - Change flex array name to "v_bytes" (bfoster)
> v1 - https://lore.kernel.org/r/[email protected]
> ---
Reviewed-by: Brian Foster <[email protected]>
> fs/bcachefs/bcachefs_format.h | 5 ++++-
> fs/bcachefs/extents.h | 2 +-
> 2 files changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h
> index f0d130440baa..cb1af3799b59 100644
> --- a/fs/bcachefs/bcachefs_format.h
> +++ b/fs/bcachefs/bcachefs_format.h
> @@ -300,7 +300,10 @@ struct bkey_i {
> __u64 _data[0];
>
> struct bkey k;
> - struct bch_val v;
> + union {
> + struct bch_val v;
> + DECLARE_FLEX_ARRAY(__u8, v_bytes);
> + };
> };
>
> #define KEY(_inode, _offset, _size) \
> diff --git a/fs/bcachefs/extents.h b/fs/bcachefs/extents.h
> index 7ee8d031bb6c..896fcfca4f21 100644
> --- a/fs/bcachefs/extents.h
> +++ b/fs/bcachefs/extents.h
> @@ -642,7 +642,7 @@ static inline void bch2_bkey_append_ptr(struct bkey_i *k, struct bch_extent_ptr
>
> ptr.type = 1 << BCH_EXTENT_ENTRY_ptr;
>
> - memcpy((void *) &k->v + bkey_val_bytes(&k->k),
> + memcpy(&k->v_bytes[bkey_val_bytes(&k->k)],
> &ptr,
> sizeof(ptr));
> k->k.u64s++;
> --
> 2.34.1
>