Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp3833721pxy; Tue, 4 May 2021 10:56:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw+9RjV1aqocmW9D9EQWQBrlsFpZLIxxBabu9rrZW9YuOkqEfkO9Ip68U+Jj+/dYoNkzV9Z X-Received: by 2002:a62:3892:0:b029:250:4fac:7e30 with SMTP id f140-20020a6238920000b02902504fac7e30mr25279133pfa.81.1620150987689; Tue, 04 May 2021 10:56:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620150987; cv=none; d=google.com; s=arc-20160816; b=AQvlsxykv/lrhmSn0VNeZyC8cs34nHtVAY46SfQRfoywJSnqLmofQV0Qdy+JFrdSoF GMSHH6NT2jXtHVElwETRkr2vN6S+oICWgBIin8prZV+iyNr8ee7VPvIxYl9xEzcaEhkE rXnzBP4bRUw/zOtD2ieRISWvZyrh43Tq6BZco/Vxw0qkfkQFxnX7pcrUGtbfJn7+Q+9+ krcDAKS8djTV4Bk12RoXzuXOU5hYah95XjgBJGIooI+d5knEwHqbE2dYLNi8lzNc74nI mcol83eIdt7SI5PDlQ21yPZyhI5vOXuFiTGHY4urR39ZHbytC0nMzm1rL2PhE5dV02lH nV0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=qtuEpSCg/7s4b5vl3KazTzn9xnICLhC5I6tlL0eGJGI=; b=YbBlXQ+iF75vkQYlhFmM4RV5HWba6cG0J4BLrM1nnansFj6Mlwn3Rh2teu2kWJYs3J HC8xMa7RRv8vqz4R0MQRCJ9jhWDluAeVjwJeKJBQeLRGI8GtML/BiDtXp/BqoqGN4/xk D4M1YOjGMi+JEmszyp0g7FIxE7ynbaFfnnENFZL5dtL6E24BijiY5YqM4gTUmBA5Ws82 svmEy4s4c3lw/iQyz+T6PB+TI3JQgobtk+VIbVqnCqCN7AIqBiocZUBdE3x2Gxhxt9Dn br8PAtU3dmsl+JN/L6rxSNQ1Xq3cPPgLk4ryltj0eNFXYuylHuZ577bYxSAS5k/PlkgP RGpA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Kfq66d1W; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m21si4115012pjv.116.2021.05.04.10.56.05; Tue, 04 May 2021 10:56:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Kfq66d1W; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231635AbhEDR4x (ORCPT + 99 others); Tue, 4 May 2021 13:56:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48300 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230285AbhEDR4w (ORCPT ); Tue, 4 May 2021 13:56:52 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF6C8C061574 for ; Tue, 4 May 2021 10:55:56 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id bf4so11462875edb.11 for ; Tue, 04 May 2021 10:55:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qtuEpSCg/7s4b5vl3KazTzn9xnICLhC5I6tlL0eGJGI=; b=Kfq66d1WcChUHakszW35qenu9Sc+JOxKgfrF6Bq7FhyTDKQnPhldOygya/2r7BtUKM AShVj6X7hBNm5fRr5KJfONTHa6G+a0ULuD+qh9AHiUgjTqTqALTH976xF2g1EM3LDOyQ /BIftHLMwAnEH0ZgMmy+F8sI2Ug5yYBv5XR3XEh95G1gw1QleiABd9SByJl1DevXTWMr GwZzB2x5l1AYGOIIEGUFD7yL0tXa3dvz3Y1+1PWMUhOvJrVh1U/jlSFPr8ws/fC/ZRKw PufSVvC8wx0EqqwNMJ8qjIgwUtAJRGPRAkl9R+YxuteAfIfO30fgTAMQ8o/er9HvoyMo z3zQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qtuEpSCg/7s4b5vl3KazTzn9xnICLhC5I6tlL0eGJGI=; b=aKUE/4lE01r1jAJBUZXlhT8PuIJR/up0hJYLmIN3CY/QjoqyEfRWEg0pg90rbNi8WD yCUs8L+n3iVXvfKynuU9BVOE7Ir2xEI4MFCjQD6DeVqHesqKpgpo6EltW9nV5ApSh751 fPBuzyPCMngGuk1q1jAV+CSXJPFwHHd64+lPn6X7b87Jq5odsmKlyNYe/8aIwrF+hleS KFwon3KLre+ThF+D3uXIuxYa3MhBGJ+evKiTiKqpF0ujcpntBi6XehJ95PICz3oItEfk EIsriLXZWilGXsN8JpjF0qI/mMWKZQQfGsEC373vtUrhDUXv3bbTpiCan50oLYak80Vw R0YA== X-Gm-Message-State: AOAM533fu8AI+jXUuDRwGq80JU+wKj4l9DrP6bfoxwytvIMctFbZO0Y3 DuOfECzXnjx87DFARW0YjBT3Vg1eZeQv+YNU26o= X-Received: by 2002:a50:bb27:: with SMTP id y36mr27492912ede.365.1620150955456; Tue, 04 May 2021 10:55:55 -0700 (PDT) MIME-Version: 1.0 References: <20210504031024.3888676-1-tytso@mit.edu> <8E9C71E8-FE5F-4CB8-BA62-8D8895DCA92A@dilger.ca> In-Reply-To: From: harshad shirwadkar Date: Tue, 4 May 2021 10:55:44 -0700 Message-ID: Subject: Re: [PATCH] e2fsck: fix portability problems caused by unaligned accesses To: Eric Biggers Cc: "Theodore Ts'o" , Andreas Dilger , Ext4 Developers List , Harshad Shirwadkar Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Tue, May 4, 2021 at 9:46 AM Eric Biggers wrote: > > On Tue, May 04, 2021 at 09:49:15AM -0400, Theodore Ts'o wrote: > > On Tue, May 04, 2021 at 02:40:08AM -0700, harshad shirwadkar wrote: > > > Hi Ted, > > > > > > Thanks for the patch. While I now see that these accesses are safe, > > > ubsan still complains about it the dereferences not being aligned. > > > With your changes, the way we read journal_block_tag_t is now safe. > > > But IIUC, ubsan still complains mainly because we still pass the > > > pointer as "&tag->t_flags" and at which point ubsan thinks that we are > > > accessing member t_flags in an aligned way. Is there a way to silence > > > these errors? > > > > Yeah, I had noticed that. I was thinking perhaps of doing something > > like casting the pointer to void * or char *, and then adding offsetof > > to work around the UBSAN warning. Or maybe asking the compiler folks > > if they can make the UBSAN warning smarter, since what we're doing > > should be perfectly safe. > > This does seem to be an UBSAN bug, although both gcc and clang report this same > error, which is odd... Dereferencing a misaligned field would be undefined > behavior, but just taking its address isn't (AFAIK). > > > > > > > > > I was wondering if it makes sense to do something like this for known > > > unaligned structures: > > > > > > journal_block_tag_t local, *unaligned; > > > ... > > > memcpy(&local, unaligned, sizeof(&local)); > > > > I guess that would work too. The extra memory copy is unfortunate, > > although I suspect the performance hit isn't measurable, and journal > > replay isn't really a hot path in either the kernel or e2fsprogs. > > (Note that want to keep recovery.c in sync between the kernel and > > e2fsprogs, so whatever we do needs to be something we're happy with in > > both places.) > > > > Modern compilers will optimize out the memcpy(). > > However, wouldn't it be easier to just add __attribute__((packed)) to the > definition of struct journal_block_tag_t? While we know that journal_block_tag_t can be unaligned, our code should still ensure that we are reading this struct in an alignment-safe way (like Ted's patch does). IIUC, using __attribute__((packed)) might result in us keeping the door open for unaligned accesses in future. If someone tries to read 4 bytes starting at &journal_block_tag_t->t_flags, with attribute packed, UBSAN won't complain but this may still cause issues on some architectures. Another option would be to define wrappers that access known unaligned structures in an alignment safe way and declare those wrappers with __attribute__((no_sanitize("undefined")). This would both make sure that we always access unaligned structs in an alignment safe way and also would get rid of UBSAN warnings. - Harshad > > - Eric