Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp2267594rdb; Thu, 21 Sep 2023 13:27:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHwrAFcDy8t5lUr+9OlM1rh8g3mXrkdmDYmF2ukeLNoDSFyF0th+Gi6ryMmenDOOltW1/Mj X-Received: by 2002:a05:6a00:d58:b0:692:6d3f:485b with SMTP id n24-20020a056a000d5800b006926d3f485bmr1453535pfv.3.1695328075529; Thu, 21 Sep 2023 13:27:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695328075; cv=none; d=google.com; s=arc-20160816; b=wIgTax5EHKpKPH/a6Q5cgBlv4a7PKj9ws6E+FDrtLxaDOjaC+fxVsW/r4l1UsOlQNL b1jnFrFomNs9/YSZErJS7vYJZ+sJe+rcQiFM/Rrtg5QSU6OGqYbNGZbmRekr01XBjWWW ANQqVmtSg9MtZh6Aj2SQnrM1YLzNcQWh8uRSeYvoDGsXD6celnldI7GctoiUNO6fpdMd djEWuOGQtnR7rBPkX+HKaQB8kwPTg6AABopVaJkFhSfvM04kpB/EXq/UPE0HmlFHAGAj MCN/rfNC4ILTauo3DxpZZrF4sAsji8plj1mi7u6UNM69JyExaUCLlJJxJu0YNCGH9aNi MXPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=duasdIDps1Ar+JiX8MLjxGEHHubOxG32YmdpyidUjAA=; fh=d8T7HxciI6eyp/OeRO50TOPCwDQ47PYoY+X2myTwLJ0=; b=Q6POvIDnM8zxwvyh0XT2bQZ+tSHYDgQNc8/+kqEmykuu1ZFaqB4N47oJkjM8ImTqjU BoW3kcGcNhVs2T6poz9lYwgVwEdHbNxFhFPBeUrWLtTqmcVM5ljEjJ46GloBJunOk2QE rMWLIzDitgsFawdRMz5CQb4w7H0H+PfJqQWpl0cm860WwNfOUBUIeWXF02avKzRrwNPy 248ITUnn073cbDieL0Va7ZzR5bhzdeJ2SX+tDz5/AsDqG+KJqLOH3MLxAGujY+DIInm1 T0UhB2OuXtc8/kYsh++X+wG+yXIZPyKAHtlRgTUXq8azoF0QkBqoV2q1s/1gye447AJm pPsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=qFpG4RkE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id q207-20020a632ad8000000b00565f5281804si2206002pgq.195.2023.09.21.13.27.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Sep 2023 13:27:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=qFpG4RkE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 4383D83EE9FF; Thu, 21 Sep 2023 11:37:16 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230016AbjIUShP (ORCPT + 99 others); Thu, 21 Sep 2023 14:37:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53546 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229799AbjIUSgi (ORCPT ); Thu, 21 Sep 2023 14:36:38 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73C7BDAFC7 for ; Thu, 21 Sep 2023 11:32:13 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id 4fb4d7f45d1cf-52fe27898e9so1470866a12.0 for ; Thu, 21 Sep 2023 11:32:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; t=1695321132; x=1695925932; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=duasdIDps1Ar+JiX8MLjxGEHHubOxG32YmdpyidUjAA=; b=qFpG4RkEhgRgb2vau6Tpv6uWtagYsxHtB9cl4sw4vdMzsVh48WPJQZBcu1FG8Bkmkv 5wLMa5BGUWNjz1Y8MSCRItgfaTDeyWt/eTf68t4WPIYqdvXSuedzXhi3CYqa4xyfdTk9 Pm0p5pgWKp7TLtr44x/JvxkbcU3EamMCnwy+A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695321132; x=1695925932; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=duasdIDps1Ar+JiX8MLjxGEHHubOxG32YmdpyidUjAA=; b=pIlD96gNSeeC7s0neR/7xjhwaw9bBYoLwzcnbWCOw4pN+PiECkZdgWWila/vwWCbDV Lbswn7YITpFbU/8qc6IBihdjUu76ppzDUUuLROZxlqWhyB13plSW1wMGt1MACudBFVcf 9t2auURNsOMQqFu94RmHbeUcDvLeSKXy73Mq4mb9Zs3ggA1wijtNTT/aLTt06FHHQwqf iUd2QvaO3KYBSIp0NPKJxAcXfDtfVAoTcPU4lhk3+8cYLUAn8EBqeTORmUAYQG/FwqgN sSEb2tU8arIUjLK7RZRnww82XunprHiPD+DxsZGX8WU3uG9yKIOD0qj78/ih5Ug0RuvA Z++Q== X-Gm-Message-State: AOJu0YwB5ctaY1s4vQNZxOSJN95llmEbjh7fN3jOYkSsJIDYuEnRsMH7 AsYfPF8vGsSAErsyhz0TtbuL0uRmGJoqbkFhIa0ABkjb2R5WO/gY3Lg= X-Received: by 2002:a17:906:d3:b0:99e:1358:ffdf with SMTP id 19-20020a17090600d300b0099e1358ffdfmr3894831eji.72.1695281665917; Thu, 21 Sep 2023 00:34:25 -0700 (PDT) MIME-Version: 1.0 References: <20230914-salzig-manifest-f6c3adb1b7b4@brauner> <20230914-lockmittel-verknallen-d1a18d76ba44@brauner> <20230918-grafik-zutreffen-995b321017ae@brauner> <20230918-hierbei-erhielten-ba5ef74a5b52@brauner> <20230918-stuhl-spannend-9904d4addc93@brauner> <20230918-bestialisch-brutkasten-1fb34abdc33c@brauner> <20230919003800.93141-1-mattlloydhouse@gmail.com> <20230919212840.144314-1-mattlloydhouse@gmail.com> <20230920132606.187860-1-mattlloydhouse@gmail.com> In-Reply-To: <20230920132606.187860-1-mattlloydhouse@gmail.com> From: Miklos Szeredi Date: Thu, 21 Sep 2023 09:34:14 +0200 Message-ID: Subject: Re: [RFC PATCH 2/3] add statmnt(2) syscall To: Matthew House Cc: Christian Brauner , Miklos Szeredi , Linus Torvalds , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , Ian Kent , David Howells , Al Viro , Christian Brauner , Amir Goldstein Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00,DATE_IN_PAST_06_12, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 21 Sep 2023 11:37:16 -0700 (PDT) On Wed, 20 Sept 2023 at 15:26, Matthew House wrote: > The declared type of a variable *is* one of the different types, as far as > the aliasing rules are concerned. In C17, section 6.5 ("Expressions"): > > > The *effective type* of an object for an access to its stored value is > > the declared type of the object, if any. [More rules about objects with > > no declared type, i.e., those created with malloc(3) or realloc(3)...] > > > > An object shall have its stored value accessed only by an lvalue > > expression that has one of the following types: > > > > -- a type compatible with the effective type of the object, > > > > -- a qualified version of a type compatible with the effective type of > > the object, > > > > -- a type that is the signed or unsigned type corresponding to the > > effective type of the object, > > > > -- a type that is the signed or unsigned type corresponding to a > > qualified version of the effective type of the object, > > > > -- an aggregate or union type that includes one of the aforementioned > > types among its members (including, recursively, a member of a > > subaggregate or contained union), or > > > > -- a character type. > > In this case, buf is declared in the program as a char[10000] array, so the > declared type of each element is char, and the effective type of each > element is also char. If we want to access, say, st->mnt_id, the lvalue > expression has type __u64, and it tries to access 8 of the char objects. > However, the integer type that __u64 expands to doesn't meet any of those > criteria, so the aliasing rules are violated and the behavior is undefined. Some of the above is new information for me. However for all practical purposes the code doesn't violate aliasing rules. Even the most aggressive "-Wstrict-aliasing=1" doesn't trigger a warning. I guess this is because gcc takes the definition to be symmetric, i.e. anything may safely be aliased to a char pointer and a char pointer may safely be aliased to anything. I'm not saying that that is what the language definition says, just that gcc interprets the language definition that way. Also plain "-Wstrict-aliasing" doesn't trigger even if the type of the array is not char, because gcc tries hard not to warn about cases where there's no dereference of the aliased pointer. This is consistent with what I said and what the gcc manpage says: only accesses count, declarations don't. > > I've always felt that capacity doubling is a bit wasteful, but it's > definitely something I can live with, especially if providing size feedback > is as complex as you suggest. Still, I'm not a big fan of single-buffer > interfaces in general, with how poorly they tend to interact with C's > aliasing rules. (Also, those kinds of interfaces also invite alignment > errors: for instance, your snippet above is missing the necessary union to > prevent the buffer from being misaligned, which would cause UB when you > cast it to a struct statmnt *.) Okay, alignment is a different story. I'll note this in the man page. Thanks, Miklos