Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp3945869pxy; Tue, 4 May 2021 13:45:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxEiInqX6T6DUYuOmO+mbnTMZ6FjTl7romBYNhFoSQ7pswRt6VH7VhUuYExTGAZ1cGZ4FlF X-Received: by 2002:a17:906:6d57:: with SMTP id a23mr22642779ejt.197.1620161132825; Tue, 04 May 2021 13:45:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620161132; cv=none; d=google.com; s=arc-20160816; b=vOXF9YXOPWp5k0uadVaL0Pj75/ZVwKDiJgB4esmnL3Fyk7a71/wMtRRk9Ivv+AOqxr VD5fEoJHA8WmxTxX93n9oRFlctq4ORjHBwhlMI9EE42BUsLcIFKqGJl4cpZMUsIpZyv9 ZzjfmtJUZ0JKF1Ce3kyBa4CgYCXcxLxjGJILGEOXnwt5c5j0Q6Y95cmDA2DTT/kv3+hU Wq6wqDgu+M+H2BxCd0DbEPB6saJ9rTsS8PxcuiKusw0y24kMiqutN5QTacRVKDAsVwFR Pips8rW+htnrBmIjsuWgD7MUjvyNsRVXaLNgV91vAw9ZOTQPFfGIj/nfuQ58ZGrvRONB 4OlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=fj8c2tZPulPGE98eQ0Y/m0uHUD1j3eaaVU5lPa7CGQ8=; b=c0sZ1JgidxwIseZGqFTUh/WfDcqM1VSWkGBJT9OUu4IJ99J2KCHzYL1ZZcvhLPUzVV XGdzGlyQ5fbLoEAP1Zl+dIsiopijp5SMf7r1ipknfkvNSW6EV6al1LYBuFwoozX5Ka5F 9RWRs6db2mat5S7OJOlotMMCunLz25HGQHcn0EMRb1cGLANYk3z22KuunqJG3iNfuyzz adB/tduV23seMV3YN/XS/imv130znsCl/tweodCOnBfD+oiz6Nzs3z2ufwUasFnGHmqn jPGj/rH6k1pN7ZFxpmoRQSP1vpYXtbgGc8flu4kylLLbWVNoGrTvD3DVwjfnAUC9CeA+ 50Ew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=py7+QL4a; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d13si13603952ede.118.2021.05.04.13.45.09; Tue, 04 May 2021 13:45:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=py7+QL4a; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230150AbhEDUqA (ORCPT + 99 others); Tue, 4 May 2021 16:46:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:51564 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229542AbhEDUp7 (ORCPT ); Tue, 4 May 2021 16:45:59 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id E5B88613DB; Tue, 4 May 2021 20:45:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620161104; bh=pbSrdO/B5X894C3OVXBWS0zY4oyVTzGKAWPd+Ov+c6M=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=py7+QL4axfAZdsmrqOHpJsKYLIhj5xcmGHz/yQxYZvx/WEO3AJXG4z2LBpI5LO97i +W5XszKbnxSJ0IlVmBmExOYwexyAVNf9dJeBtfRhJefrFV1ThGDppVkCcmdHJG2PnR sblSIKKOyw00KjCq1JekW4l4FVJFwbvyLwgz+Tf0KGS5/obzG96Pk23RS32SNwqGj8 Yww002mP8xRXccGWqf4dtEriZJHnONzhSAqWsnOMNZxqK6Q3toZG+HMk36OCuw7Ep+ cqaGtM8LRWcNKb7SyFL4KgBBAUWFXJtVK/BiWcV+qKSNXsWE3u+/fOEe/Zbc8v4rno Li7sNAALvW8zg== Date: Tue, 4 May 2021 13:45:02 -0700 From: Eric Biggers To: harshad shirwadkar Cc: Theodore Ts'o , Andreas Dilger , Ext4 Developers List , Harshad Shirwadkar Subject: Re: [PATCH] e2fsck: fix portability problems caused by unaligned accesses Message-ID: References: <20210504031024.3888676-1-tytso@mit.edu> <8E9C71E8-FE5F-4CB8-BA62-8D8895DCA92A@dilger.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Tue, May 04, 2021 at 01:14:22PM -0700, harshad shirwadkar wrote: > I see thanks for the explanation. I quickly tried it too and saw that > UBSAN warnings went away but I got compiler warnings > "recovery.c:413:27: warning: taking address of packed member > 't_blocknr_high' of class or structure 'journal_block_tag_s' may > result in an unaligned pointer value [-Waddress-of-packed-member]". > These compiler warnings seem to be added in [1]. > > These warnings make me think that de-referencing a member of a packed > struct is still not safe. My concern is this - If we define > journal_block_tag_t as a packed struct AND if we have following unsafe > code, then we won't see UBSAN warnings and the following unaligned > accesses would go unnoticed. That may not go well on certain > architectures. > > j_block_tag_t *unaligned_ptr; > > flags = unaligned_ptr->t_flags; > > It looks like if the compiler doesn't support > -Waddress-of-packed-member [1], we may not even see these warnings, we > won't see UBSAN warnings and the unaligned accesses may cause problems > on the architectures that you mentioned. > > In other words, what I'm trying to say is that while > __atribute__((packed)) would silence UBSAN warnings (and we should do > it), it's still not sufficient to ensure that our code doesn't do > unaligned accesses to the struct in question. Does that make sense? > > - Harshad No, 'flags = unaligned_ptr->t_flags' is fine, provided that unaligned_ptr is a pointer to a struct with the packed attribute. What -Waddress-of-packed-member will warn about is if you do something like &unaligned_ptr->t_flags to get a pointer directly to the t_flags field, as such pointers can then be incorrectly used for misaligned accesses. If we really don't want to use __attribute__((packed)) that is fine, but then we'll need to remember to use an unaligned accessor *every* field access (except for bytes), which seems harder to me -- and the compiler won't warn when one of these is missing. (They can only be detected at runtime using UBSAN.) - Eric