Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1456175pxv; Fri, 2 Jul 2021 04:22:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyfmfxmV6fIxv3uAREaJS+5CPvTuK06QKZbEF7r4cRaFYQ+brr8A/4R21/Jk4Flqq0BsrE8 X-Received: by 2002:aa7:d310:: with SMTP id p16mr6085280edq.65.1625224946829; Fri, 02 Jul 2021 04:22:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625224946; cv=none; d=google.com; s=arc-20160816; b=H5J0mhANt0LdWtAIamn0wtRIWug2uB/rjR8bXHmKZ+qz38j0h6MUQcVWjAG6H49V8j pyvAiLh9hNAQyilD46nphqqbwWicrnFsOMfy4XW/qiu9qG4/lvpRW/U1nfZZb+9qsPfM mz74polFHg+XihRGvu5iIxNI5FONeVpDYOa6gf3OL4A5eGLbhsAbzUwuzrPSHEP6TAsB pIG8bHYOgxktQy4hfRyPaSJRB6nFC02lBjMhyruU7cuMgqqGteTuDkHslJbtY3Fe+yDn ksa6iZtGQmAsg14wAAe6bXTMia1om38uXfNGMfMzF1c5cAC49Uwo33NuQogoSFNTLbAr azqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:mail-followup-to :reply-to:message-id:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=badF2A4qEOZ32Uu+PhlD0CDqgloiQf4kfcO0SCCAJdM=; b=ncdmR5FXVTsLf704vhIb3WxHH1torpUK0oewq28Wxighdqmgub7jh/qq/c0aZ248n4 MG7blewosesbCpzhfZzvvDmMUwR7VxP5o7NaZiQUALfZKwZdj6seWZh5//7slMe3yjV8 p8vXzhgSC6ypYHmsb8o/zRKwtbXMVw+3eBMBC8Ug6tJHRvLk38T7dEqQCNs2rfHxuiYz lTgKYQmK0AHX8n1CdsxuZ2jPsaICYcwzxZPSFsb06NEM+rOSUpKc8BnNLrdF/bbPVNGJ HcnPRi4qjNDIwU6pfzdA/A5aNoKEL4nfvOex3S98M1UP0MDWvkj3/xJU6le0GYobi6xg Y1lg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=mmG8zpRi; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g20si3428412ejm.455.2021.07.02.04.22.02; Fri, 02 Jul 2021 04:22:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=mmG8zpRi; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231742AbhGBLWx (ORCPT + 99 others); Fri, 2 Jul 2021 07:22:53 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:55922 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230424AbhGBLWw (ORCPT ); Fri, 2 Jul 2021 07:22:52 -0400 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 1A59D22985; Fri, 2 Jul 2021 11:20:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1625224819; h=from:from:reply-to:reply-to:date:date:message-id:message-id:to:to: cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=badF2A4qEOZ32Uu+PhlD0CDqgloiQf4kfcO0SCCAJdM=; b=mmG8zpRixprVY2svVvl2d+F7FbvbS7Cjl72YOi2Y/QLzJRoV47UJ1/7XTYskXXMvMxlHsj ZYV9bD4Jb4VEn5Qp8No1LLypLmbjJ1MY6RHxNAfqTKthzQVYcRTvoH9ICaSCo237/cdSnB krqp2+4fq9Ur/txsJxkD+1o5Tuk33Sw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1625224819; h=from:from:reply-to:reply-to:date:date:message-id:message-id:to:to: cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=badF2A4qEOZ32Uu+PhlD0CDqgloiQf4kfcO0SCCAJdM=; b=HGKLej9Ipsp5dwAm5vXLy5+ZP3P41NISkuD3pmUqIdW1nanFgZmqUlftgSylKLnQroLLrA jJ9wtD1v7ONhHJAA== Received: from ds.suse.cz (ds.suse.cz [10.100.12.205]) by relay2.suse.de (Postfix) with ESMTP id E582EA3B87; Fri, 2 Jul 2021 11:20:18 +0000 (UTC) Received: by ds.suse.cz (Postfix, from userid 10065) id E9721DA6FD; Fri, 2 Jul 2021 13:17:47 +0200 (CEST) Date: Fri, 2 Jul 2021 13:17:47 +0200 From: David Sterba To: Qu Wenruo Cc: "Gustavo A. R. Silva" , Chris Mason , Josef Bacik , David Sterba , linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH][next] btrfs: Fix multiple out-of-bounds warnings Message-ID: <20210702111747.GF2610@twin.jikos.cz> Reply-To: dsterba@suse.cz Mail-Followup-To: dsterba@suse.cz, Qu Wenruo , "Gustavo A. R. Silva" , Chris Mason , Josef Bacik , David Sterba , linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org References: <20210702010653.GA84106@embeddedor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 02, 2021 at 06:20:33PM +0800, Qu Wenruo wrote: > > > On 2021/7/2 上午9:06, Gustavo A. R. Silva wrote: > > Fix the following out-of-bounds warnings by using a flexible-array > > member *pages[] at the bottom of struct extent_buffer: > > > > fs/btrfs/disk-io.c:225:34: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds] > > The involved code looks like: > > static void csum_tree_block(struct extent_buffer *buf, u8 *result) > { > struct btrfs_fs_info *fs_info = buf->fs_info; > const int num_pages = fs_info->nodesize >> PAGE_SHIFT; > ... > for (i = 1; i < num_pages; i++) { > kaddr = page_address(buf->pages[i]); > crypto_shash_update(shash, kaddr, PAGE_SIZE); > } > > For Power case, the page size is 64K and nodesize is at most 64K for > btrfs, thus num_pages will either be 0 or 1. > > In that case, the for loop should never get reached, thus it's not > possible to really get beyond the boundary. > > To me, the real problem is we have no way to tell compiler that > fs_info->nodesize is ensured to be no larger than 64K. > > > Although using flex array can mask the problem, but it's really masking > the problem as now compiler has no idea how large the array can really be. Agreed, that's the problem, we'd be switching compile-time static information about the array with dynamic. > David still has the final say on how to fix it, but I'm really wondering > is there any way to give compiler some hint about the possible value > range for things like fs_info->nodesize? We can add some macros that are also page size dependent and evaluate to a constant that can be in turn used to optimize the loop to a single call of the loop body. Looking at csum_tree_block we should really use the num_extent_pages helper that does the same thing but handles when nodesize >> PAGE_SIZE is zero (and returns 1).