Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp704117lqb; Fri, 24 May 2024 10:30:26 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWteMlII/4YYxua32ydlLGBOQ0+PBh5olJtByhDlhlI4veOd0ji0yg3MgXkAQ/qOsjYtAzMGyMMSwizUNBcLZTMxhZv47haYdQfD4FDTg== X-Google-Smtp-Source: AGHT+IEHif2qa9KyNN9vJA0JWrYjsLTJwx2DhoAJNMMtykY9laLNbko6hnJhuNpOkjOTKvMKPmh7 X-Received: by 2002:a9d:4b04:0:b0:6ed:d4bc:1b72 with SMTP id 46e09a7af769-6f8d0a57538mr3192662a34.5.1716571825931; Fri, 24 May 2024 10:30:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716571825; cv=pass; d=google.com; s=arc-20160816; b=Wr+6iZ/y27oj1dub73rDl0NloxPVlrj8oSnSyNAZCRKTB9+WxbW/nC+P2XDvjeVrf3 H0P9iGWJIgRWmJHbKjcPgLlrQSN2Vv3h0A1jIIq3XdfHYGd51YOIhuVBelio8nwZCFYV PWRGWKlxYCgKywt8XkJfxn24ZJXR5YoQP9MGHHKZztFQg9rNHTReMP8ow1LEkABftBwS II0ZDv+pJ4yf4pH20rcsvtRv1DdR4THJQAywm366djmto8qtySdpJToo5Ly8aUfxc6LK NfBA6I1aA+N3NC3/IIUkTjKmY4a3uXgPLWUdhoI+cD53PNBzmeeoj3xN7rCVFosPPayO 4vpg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=B4Nq0eB//d4i3EFi6pEowHgt0pasM4PkRAR32O+xErA=; fh=M7gvNZ4KURGL+8P9bAAvMgLVYIm0bJHmEmSszCeVvBw=; b=nuVcGrkxoCt7/49muiXCOKK75hCHjFJW+YwRWbP27v6uAWbIVe2VGduxmRL+tF63IL YQ9YcQcH8uqoqvPClAlDw1U/72vBj7+wqfmOUqPP9z9S1aVoafoC7opmjP3xkyylmDWR IJMoVrA96owuCRPJnm91VYAHSbgMpYCNx6/6qyYhy7ZuHN5S9eNahD1hIHFBcmVfVi+q gsW130HPZhIzsHx/MAcSpkxCig/wrUfJCQdYHEsGPxNx5VIdQdWy4n4NbFecS2mjXQyS inAcg1AI5dWLxn0BwSAT7nNO4+DIEiOc7tcFRjLSthAe0tVQy6Evi2+d+p+PmzuxRpMU sX9g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=KI0C2HNR; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-kernel+bounces-188975-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188975-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id d75a77b69052e-43fb17bd02fsi25470311cf.78.2024.05.24.10.30.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 10:30:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-188975-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=KI0C2HNR; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-kernel+bounces-188975-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188975-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 917DD1C20843 for ; Fri, 24 May 2024 17:30:25 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5877723776; Fri, 24 May 2024 17:30:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="KI0C2HNR" Received: from out-188.mta0.migadu.com (out-188.mta0.migadu.com [91.218.175.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 86B831173F for ; Fri, 24 May 2024 17:30:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.188 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716571817; cv=none; b=TFJdytdc7Xr3zqzQA3ObZRsNWuIgeAUTQwZIh7Szr5NWXvaKUDCGh06vTMYyb3HUXHUcELXIiSy9am5dGflVAEOAozWemcMUeUtaiI0t5FuLXepCIj95XwWYQpYGrEItcIpNaVe1l/vDNSz74SDzWbXMt/vAzwjpCAAKZTkjG2Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716571817; c=relaxed/simple; bh=8o+itX2K4X+tuNJsVLYSRal6B5j2GbNfwMKJzwHCszU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=gktP2MSomhdPmADEUhMxAYV0f4XunZYESwMFgsDUTmIi22F/7hWnuiF8M2cRRk3j9c4MOZb++/LXWUPvEBl71aVJLp157nKa0TCyC4/oDPdy21dBU7xwdnlJGiuda9Gk6eGRHdmrTkGWSsKOAKWV8ieQsC8FlE+e2g+KME43UeM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=KI0C2HNR; arc=none smtp.client-ip=91.218.175.188 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev X-Envelope-To: mathieu.desnoyers@efficios.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1716571813; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B4Nq0eB//d4i3EFi6pEowHgt0pasM4PkRAR32O+xErA=; b=KI0C2HNRPc/3Bd2vfC42vI7mc+saav3UaeVAVul/9/tbke+Nd45V7NHjG48qyNeSO3OQGO oAXo3KdJTpKtHqNdIIzuutkXLKlB0GwM7Czsc+0Z0RN+FPny8BEyXJ7ts4cegOLA+jNk4z 5so3BsHTLQsUhJ/hPTFPjaoBHqF47D8= X-Envelope-To: bfoster@redhat.com X-Envelope-To: keescook@chromium.org X-Envelope-To: linux-kernel@vger.kernel.org X-Envelope-To: linux-bcachefs@vger.kernel.org X-Envelope-To: glider@google.com X-Envelope-To: elver@google.com X-Envelope-To: dvyukov@google.com X-Envelope-To: kasan-dev@googlegroups.com X-Envelope-To: nathan@kernel.org X-Envelope-To: ndesaulniers@google.com X-Envelope-To: morbo@google.com X-Envelope-To: justinstitt@google.com X-Envelope-To: llvm@lists.linux.dev Date: Fri, 24 May 2024 13:30:09 -0400 X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Kent Overstreet To: Mathieu Desnoyers Cc: Brian Foster , Kees Cook , linux-kernel , linux-bcachefs@vger.kernel.org, Alexander Potapenko , Marco Elver , Dmitry Vyukov , kasan-dev@googlegroups.com, Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , llvm@lists.linux.dev Subject: Re: Use of zero-length arrays in bcachefs structures inner fields Message-ID: References: <986294ee-8bb1-4bf4-9f23-2bc25dbad561@efficios.com> <944d79b5-177d-43ea-a130-25bd62fc787f@efficios.com> <7236a148-c513-4053-9778-0bce6657e358@efficios.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <7236a148-c513-4053-9778-0bce6657e358@efficios.com> X-Migadu-Flow: FLOW_OUT On Fri, May 24, 2024 at 12:04:11PM -0400, Mathieu Desnoyers wrote: > On 2024-05-24 11:35, Mathieu Desnoyers wrote: > > [ Adding clang/llvm and KMSAN maintainers/reviewers in CC. ] > > > > On 2024-05-24 11:28, Kent Overstreet wrote: > > > On Thu, May 23, 2024 at 01:53:42PM -0400, Mathieu Desnoyers wrote: > > > > Hi Kent, > > > > > > > > Looking around in the bcachefs code for possible causes of this KMSAN > > > > bug report: > > > > > > > > https://lore.kernel.org/lkml/000000000000fd5e7006191f78dc@google.com/ > > > > > > > > I notice the following pattern in the bcachefs structures: zero-length > > > > arrays members are inserted in structures (not always at the end), > > > > seemingly to achieve a result similar to what could be done with a > > > > union: > > > > > > > > fs/bcachefs/bcachefs_format.h: > > > > > > > > struct bkey_packed { > > > >          __u64           _data[0]; > > > > > > > >          /* Size of combined key and value, in u64s */ > > > >          __u8            u64s; > > > > [...] > > > > }; > > > > > > > > likewise: > > > > > > > > struct bkey_i { > > > >          __u64                   _data[0]; > > > > > > > >          struct bkey     k; > > > >          struct bch_val  v; > > > > }; > > > > > > > > (and there are many more examples of this pattern in bcachefs) > > > > > > > > AFAIK, the C11 standard states that array declarator constant expression > > > > > > > > Effectively, we can verify that this code triggers an undefined behavior > > > > with: > > > > > > > > #include > > > > > > > > struct z { > > > >          int x[0]; > > > >          int y; > > > >          int z; > > > > } __attribute__((packed)); > > > > > > > > int main(void) > > > > { > > > >          struct z a; > > > > > > > >          a.y = 1; > > > >          printf("%d\n", a.x[0]); > > > > } > > > > delimited by [ ] shall have a value greater than zero. > > > > > > Yet another example of the C people going absolutely nutty with > > > everything being undefined. Look, this isn't ok, we need to get work > > > done, and I've already wasted entirely too much time on ZLA vs. flex > > > array member nonsense. > > > > > > There's a bunch of legit uses for zero length arrays, and your example, > > > where we're not even _assigning_ to x, is just batshit. Someone needs to > > > get his head examined. > > Notice how a.y is first set to 1, then a.x[0] is loaded, expecting to > alias with a.y. > > This is the same aliasing pattern found in bcachefs, for instance here: > > bcachefs_format.h: > > struct jset { > [...] > __u8 encrypted_start[0]; > > __le16 _read_clock; /* no longer used */ > __le16 _write_clock; > > /* Sequence number of oldest dirty journal entry */ > __le64 last_seq; > > > struct jset_entry start[0]; > __u64 _data[]; > } __packed __aligned(8); > > where struct jset last_seq field is set by jset_validate(): > > jset->last_seq = jset->seq; > > and where journal_read_bucket() uses the encrypted_start member as input: > > ret = bch2_encrypt(c, JSET_CSUM_TYPE(j), journal_nonce(j), > j->encrypted_start, > vstruct_end(j) - (void *) j->encrypted_start); Except we're just using it as a marker for an offset into the struct, the same "aliasing" issue would apply if we were just using offsetof() to calculate the offsets directly.