Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp2388752rwl;
        Fri, 6 Jan 2023 05:56:32 -0800 (PST)
X-Google-Smtp-Source: AMrXdXsIdVGSJYQ21sDd6Nm7s8+Ok5TZcvNrLDRy5aZIMrFOLHg73paRhe3C9GP5uCDlhNw4LUZ3
X-Received: by 2002:a05:6a20:3b87:b0:af:7762:3c29 with SMTP id b7-20020a056a203b8700b000af77623c29mr68458728pzh.10.1673013392569;
        Fri, 06 Jan 2023 05:56:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673013392; cv=none;
        d=google.com; s=arc-20160816;
        b=JY+vUTNEu/DBcnlrjeSdA98TWTPQKhNKAqYFHIMvieND+xLtFREQoIwxCRNifbzsVb
         xttBT4Co4Z8ekz2L2JcBqydMhJOcLcjT0LHXkLn1s/6z0GApIGX9ACGgjIT0Ue8RNs/d
         EmveD0cq/nP7RndKqUjix+8Sdh1JtCD/Qgwsdie4q1gjLfqj5NoCIDFNIIROaKpEsV/4
         YM7VWnJKaT/C+94b835mS62dktIQ+eMO9sA58I1w9JwMsirmCivMvtxzhXHW6IXTbktn
         oDXMYNUwN7hYsNHR4+HutqP/DF8hx5iUodYDwJho7/Zy/5KepbjUm4w4Fg5OABcT6J1q
         ZcHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature:dkim-signature;
        bh=a3xS9J4Ev7cI3vqp+nZg9a5psmAQ7Jxm1E4l2JxtFMk=;
        b=kaATOpu7YPKgABQrNa0Eu4/oEx1XtWmDteuF9zNn6T9yojEYWUER4K2QQmQlZwnZTJ
         c+RNp3NFxdkX4f5Zn9+DFL0K0NGH/ldisk5ByzIU68IcvK5bphDjdMFWA/mqasfenBRS
         bZ1YyRFNiOwDPKDRe4W0METkFZu1RFzw1nnMp8G6cStuWo0m/1hfxYZ1j1z21YzwsI/S
         sLKis4nlfjTTdJW1ucekQSQ3L0g03T+IoPSd+kBAgmMTP1iPBAo5WgNspj9bPoaxX0xZ
         EuqXMau9I5m/9Iep5VfrlI7GeN1LSjBat/TH8cdGxJKmG2pLnwV0YCIEm257/HQUF75h
         ATPg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=XzuAEf49;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=HOgZ557i;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id w11-20020a63490b000000b0049148558226si1526451pga.681.2023.01.06.05.56.25;
        Fri, 06 Jan 2023 05:56:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=XzuAEf49;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=HOgZ557i;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233828AbjAFNjr (ORCPT <rfc822;5losepatience@gmail.com>
        + 54 others); Fri, 6 Jan 2023 08:39:47 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40134 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229601AbjAFNjd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 6 Jan 2023 08:39:33 -0500
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA0F96169;
        Fri,  6 Jan 2023 05:39:32 -0800 (PST)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out1.suse.de (Postfix) with ESMTPS id DA6023F541;
        Fri,  6 Jan 2023 13:39:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1673012370; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=a3xS9J4Ev7cI3vqp+nZg9a5psmAQ7Jxm1E4l2JxtFMk=;
        b=XzuAEf49pLMJ03gIabASS5tus7Ya1yP5EgX8CqH0oX4iQr/e/FCXok+fh3B32S36SrZdsu
        o00yApTqHpak62hZa391Ylx0gtGz9bhEKQE+q8xb8gAi17QCCTBxKU1WdeK1wyi9KUqjjK
        NSmnMCOf+8+uFy+VwwtyobgORi4awAk=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1673012370;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=a3xS9J4Ev7cI3vqp+nZg9a5psmAQ7Jxm1E4l2JxtFMk=;
        b=HOgZ557iqj0LmRSn5O93Zcy+M08NS+xwPrFKw1RF/BOiFbXk+N1CudPs37INCtlX3uFpY5
        /y/IUtkj5cSy1wAg==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 670E713596;
        Fri,  6 Jan 2023 13:39:29 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id rDcuDZEkuGOQYgAAMHmgww
        (envelope-from <colyli@suse.de>); Fri, 06 Jan 2023 13:39:29 +0000
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\))
Subject: Re: [PATCH] bcache: Silence memcpy() run-time false positive warnings
From:   Coly Li <colyli@suse.de>
In-Reply-To: <20230106060229.never.047-kees@kernel.org>
Date:   Fri, 6 Jan 2023 21:39:16 +0800
Cc:     Thorsten Leemhuis <linux@leemhuis.info>,
        Kent Overstreet <kent.overstreet@gmail.com>,
        linux-bcache@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CBD781CA-342F-482A-A5B0-C4EE2D7FE11B@suse.de>
References: <20230106060229.never.047-kees@kernel.org>
To:     Kees Cook <keescook@chromium.org>
X-Mailer: Apple Mail (2.3731.300.101.1.3)
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> 2023=E5=B9=B41=E6=9C=886=E6=97=A5 14:02=EF=BC=8CKees Cook =
<keescook@chromium.org> =E5=86=99=E9=81=93=EF=BC=9A
>=20
> struct bkey has internal padding in a union, but it isn't always named
> the same (e.g. key ## _pad, key_p, etc). This makes it extremely hard
> for the compiler to reason about the available size of copies done
> against such keys. Use unsafe_memcpy() for now, to silence the many
> run-time false positive warnings:
>=20

The keys is embedded in multiple data structures as a generalized model =
with some helpers, bkey_bytes() is one of them.

It is not surprised for such feeling when people read the code at first =
glance. And thank you for improving it :-)


>  memcpy: detected field-spanning write (size 264) of single field =
"&i->j" at drivers/md/bcache/journal.c:152 (size 240)
>  memcpy: detected field-spanning write (size 24) of single field =
"&b->key" at drivers/md/bcache/btree.c:939 (size 16)
>  emcpy: detected field-spanning write (size 24) of single field =
"&temp.key" at drivers/md/bcache/extents.c:428 (size 16)
>=20

How does the above information can be founded? Should I use llvm and =
enable FORTIFY_SOURCE?

I don=E2=80=99t say the bkey and bkey_bytes() stuffs are elegant, but =
why the compiler cannot find such situation? IMHO it is quite similar to =
something like =E2=80=9Cstruct foo *bar[0]=E2=80=9D at the end of a data =
structure.


> Reported-by: Thorsten Leemhuis <linux@leemhuis.info>
> Link: =
https://lore.kernel.org/all/19200730-a3ba-6f4f-bb81-71339bdbbf73@leemhuis.=
info/
> Cc: Coly Li <colyli@suse.de>
> Cc: Kent Overstreet <kent.overstreet@gmail.com>
> Cc: linux-bcache@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>

The code comments as justification is informative. Thanks for this.

Acked-by: Coly Li <colyli@suse.de>


Coly Li


> ---
> drivers/md/bcache/bcache_ondisk.h | 3 ++-
> drivers/md/bcache/journal.c       | 3 ++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
>=20
> diff --git a/drivers/md/bcache/bcache_ondisk.h =
b/drivers/md/bcache/bcache_ondisk.h
> index d086a0ce4bc2..6620a7f8fffc 100644
> --- a/drivers/md/bcache/bcache_ondisk.h
> +++ b/drivers/md/bcache/bcache_ondisk.h
> @@ -106,7 +106,8 @@ static inline unsigned long bkey_bytes(const =
struct bkey *k)
> return bkey_u64s(k) * sizeof(__u64);
> }
>=20
> -#define bkey_copy(_dest, _src) memcpy(_dest, _src, bkey_bytes(_src))
> +#define bkey_copy(_dest, _src) unsafe_memcpy(_dest, _src, =
bkey_bytes(_src), \
> + /* bkey is always padded */)
>=20
> static inline void bkey_copy_key(struct bkey *dest, const struct bkey =
*src)
> {
> diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c
> index e5da469a4235..c182c21de2e8 100644
> --- a/drivers/md/bcache/journal.c
> +++ b/drivers/md/bcache/journal.c
> @@ -149,7 +149,8 @@ reread: left =3D ca->sb.bucket_size - offset;
>    bytes, GFP_KERNEL);
> if (!i)
> return -ENOMEM;
> - memcpy(&i->j, j, bytes);
> + unsafe_memcpy(&i->j, j, bytes,
> + /* "bytes" was calculated by set_bytes() above */);
> /* Add to the location after 'where' points to */
> list_add(&i->list, where);
> ret =3D 1;
> --=20
> 2.34.1
>=20