Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp1357173rdb; Fri, 16 Feb 2024 13:07:58 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWp2NcBhWFw1+s9OsZkfGpDO/Qas0UJ52kVxFEZQoF9QomEZXVf3EauSZEqPJV//VIQONt+f+vE7YRWCvjNlmxQhTDmXEBmu1ZiOpsASg== X-Google-Smtp-Source: AGHT+IHn2qcthnnvl9QbxYSK7E4i792DniFZi5QUQ4f3wbwt7eAkl7ufcL/vewRcwCxQEIpuRyid X-Received: by 2002:a92:c90d:0:b0:363:ba45:c581 with SMTP id t13-20020a92c90d000000b00363ba45c581mr6303243ilp.15.1708117678415; Fri, 16 Feb 2024 13:07:58 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708117678; cv=pass; d=google.com; s=arc-20160816; b=Pvx/c7kyhbLHOj6jnsBwTnRnLMr6hvffk+4sYS11sijZQhSZQGMkT3LbqwfAhW5pDb yxIMVAe2TmEkWln9NxrWz5wwXgshMgNoz7ppufXxceeoDVWFbD1Xe4RLXnSVqifkhZkU PSjJ/zJ2qxeKksSlWAn/4lwdML1QUiH3efLPgdORLPNE0UMy10D6spwSuwzc3rVrCzxE /3yFMl4I5FXb+dbDG75WgYkAU3rYpLN2YxhDgpSe/pfeMfE7wKBkayKOwJlnhMkQdmnO /r67tkIz4Zd8BPTgxq/S2cD1XQbbkU5GSN8Hvi1o9oOVVg7hl9zkIVPzEEX0IIPSF7Cm Ff+A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=+e5Vl4QR4i87drRBiBFYu/rJBAZ2+ZxtOYuRUt7WZs8=; fh=SHB/FMktGRLo/ARcfVtmlQquUVa/1o8ABm7SHcrt50s=; b=h4cB/Sc6Gba3sn/V+NfaJLleydRf9KxYq31Ak6nkHOvDwOys3om6r+ngEc3xfKkI7C gtrj8EDpm2TGOsg/3OB33GSyLYan6HnvXzh8mtJwXsjEjrcY5VdEtQIpg8pa7z7wJYyb w61uBxOdr8g+YnzcTKkONvD4XsqTCYbNgoAVtHwFiY3Yd00CMcZwGeJG8Y4WuWa7GXMn DHgCPGTapRpHCrMHwzs1eQsMP4Igrm92MSaEsSqLDGKEsLcw9fvDldlK2o+pc/Em+Rdo zRncOjQaPhZO9WHE7bz1siOVY1qyCfVI4dl6TUh6CHfXQ8sDBgCuYEryYuOLsUZQUe7r yloA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jxl3kh0d; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-69328-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69328-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id b190-20020a6334c7000000b005dc8a59e303si428409pga.111.2024.02.16.13.07.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Feb 2024 13:07:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-69328-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jxl3kh0d; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-69328-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69328-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 1A12628F6A8 for ; Fri, 16 Feb 2024 20:45:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 90CBA146917; Fri, 16 Feb 2024 20:42:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jxl3kh0d" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A74DA135A41; Fri, 16 Feb 2024 20:42:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708116152; cv=none; b=KzblqxW4YGlob207Sw/wF/VKuZp9D0mnMFxOkdAUzII0GojGnpeli4Ga0BNVEAwlqismxIwuQ/MkFK28v5Hw7NBaWzUTMqDXmmg+lRkEig44qJjkKULl3fnkCjB/bHfsy85ATMOb4DMf9EN+rFay5XPdfb10y0l89srEp4vOP6M= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708116152; c=relaxed/simple; bh=F81shhblktltp1h8t42uFEnG2IFNx0MPP8DE2AnUpg8=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=HcqA5/fJbNvVwSOWuVG4IURRWyJ2BQyffYGgW6mtgSmhdV8+XcrAdWveVSPZGN8pkuS6bxo4+k4y+UGsbVAynmJN4GcAw9DG6PTuDGxsnLzoADr0x1ZmJakrG+F3fd9qSWc68AGaEGiDM5xaXjGf3II52F0ghveAx22rTK9Hlyc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jxl3kh0d; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 579DAC43390; Fri, 16 Feb 2024 20:42:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708116151; bh=F81shhblktltp1h8t42uFEnG2IFNx0MPP8DE2AnUpg8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jxl3kh0dTB9X6BR2LZOsRknePjNVjA03E9VBHUmVLm65j0oppYDjEIzuYrlqZ3xwC t1zjpPPoQ+7tT9zU9DuIWFTVFEQ2Sfu/fn3xPMpm7tYPUBmfKy1tSwlVGT/q4inBlQ CPuG3CKzSfLzypfDbPo8GgppslyblHytmHhQpuFaupFosLpu9v25BIWf3/ibbdzhau lJQ8+v4MsbT+loeClwwM6pA+dZpsZzirDa09Z1er2tfhrmIu1WVXs9ALx4I77Lm0/s 7G/fuLylB/xtcxZ2JIdnYxqCzNaoaseLeisxeSr8HAOIRdku+/OaDVnN80QHb8yZ98 bHM3Xv5ygml7g== Date: Fri, 16 Feb 2024 13:42:28 -0700 From: Nathan Chancellor To: Arnd Bergmann Cc: Steffen Klassert , Herbert Xu , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Arnd Bergmann , Nick Desaulniers , Bill Wendling , Justin Stitt , "Gustavo A. R. Silva" , Kees Cook , Leon Romanovsky , Lin Ma , Simon Horman , Breno Leitao , Tobias Brunner , Raed Salem , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev Subject: Re: [PATCH] [RFC] xfrm: work around a clang-19 fortifiy-string false-positive Message-ID: <20240216204228.GA3733086@dev-arch.thelio-3990X> References: <20240216202657.2493685-1-arnd@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240216202657.2493685-1-arnd@kernel.org> Hi Arnd, On Fri, Feb 16, 2024 at 09:26:40PM +0100, Arnd Bergmann wrote: > From: Arnd Bergmann > > clang-19 recently got branched from clang-18 and is not yet released. > The current version introduces exactly one new warning that I came > across in randconfig testing, in the copy_to_user_tmpl() function: > > include/linux/fortify-string.h:420:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning] > 420 | __write_overflow_field(p_size_field, size); > > I have not yet produced a minimized test case for it, but I have a > local workaround, which avoids the memset() here by replacing it with > an initializer. > > The memset is required to avoid leaking stack data to user space > and was added in commit 1f86840f8977 ("xfrm_user: fix info leak in > copy_to_user_tmpl()"). Simply changing the initializer to set all fields > still risks leaking data in the padding between them, which the compiler > is free to do here. To work around that problem, explicit padding fields > have to get added as well. > > My first idea was that just adding the padding would avoid the warning > as well, as the padding tends to confused the fortified string helpers, > but it turns out that both changes are required here. > > Since this is a false positive, a better fix would likely be to > fix the compiler. I have some observations and notes from my initial investigation into this issue on our GitHub issue tracker but I have not produced a minimized test case either. https://github.com/ClangBuiltLinux/linux/issues/1985 > Signed-off-by: Arnd Bergmann > --- > include/uapi/linux/xfrm.h | 3 +++ > net/xfrm/xfrm_user.c | 3 +-- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h > index 6a77328be114..99adac4fa648 100644 > --- a/include/uapi/linux/xfrm.h > +++ b/include/uapi/linux/xfrm.h > @@ -27,6 +27,7 @@ struct xfrm_id { > xfrm_address_t daddr; > __be32 spi; > __u8 proto; > + __u8 __pad[3]; > }; > > struct xfrm_sec_ctx { > @@ -242,11 +243,13 @@ struct xfrm_user_sec_ctx { > struct xfrm_user_tmpl { > struct xfrm_id id; > __u16 family; > + __u16 __pad1; > xfrm_address_t saddr; > __u32 reqid; > __u8 mode; > __u8 share; > __u8 optional; > + __u8 __pad2; > __u32 aalgos; > __u32 ealgos; > __u32 calgos; > diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c > index a5232dcfea46..e81f977e183c 100644 > --- a/net/xfrm/xfrm_user.c > +++ b/net/xfrm/xfrm_user.c > @@ -2011,7 +2011,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, > > static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) > { > - struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; > + struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH] = {}; > int i; > > if (xp->xfrm_nr == 0) > @@ -2021,7 +2021,6 @@ static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) > struct xfrm_user_tmpl *up = &vec[i]; > struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; > > - memset(up, 0, sizeof(*up)); > memcpy(&up->id, &kp->id, sizeof(up->id)); > up->family = kp->encap_family; > memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); > -- > 2.39.2 >