fs/btrfs/ioctl.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-)
Hi all,
After merging the kspp tree, today's linux-next build (x86_64
allmodconfig) failed like this:
In file included from include/linux/string.h:253,
from include/linux/bitmap.h:11,
from include/linux/cpumask.h:12,
from arch/x86/include/asm/cpumask.h:5,
from arch/x86/include/asm/msr.h:11,
from arch/x86/include/asm/processor.h:22,
from arch/x86/include/asm/cpufeature.h:5,
from arch/x86/include/asm/thread_info.h:53,
from include/linux/thread_info.h:60,
from arch/x86/include/asm/preempt.h:7,
from include/linux/preempt.h:78,
from include/linux/spinlock.h:55,
from include/linux/wait.h:9,
from include/linux/mempool.h:8,
from include/linux/bio.h:8,
from fs/btrfs/ioctl.c:7:
In function 'fortify_memcpy_chk',
inlined from 'btrfs_ioctl_encoded_write' at fs/btrfs/ioctl.c:5082:3:
include/linux/fortify-string.h:316:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
316 | __write_overflow_field(p_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:324:25: error: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
324 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Caused by commit
602670289b69 ("fortify: Detect struct member overflows in memcpy() at compile-time")
interacting with commit
504e1ebb6316 ("btrfs: add BTRFS_IOC_ENCODED_WRITE")
from the btrfs tree.
I applied the following hack:
From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Tue, 25 Jan 2022 11:47:17 +1100
Subject: [PATCH] fix up for "btrfs: add BTRFS_IOC_ENCODED_WRITE"
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
---
fs/btrfs/ioctl.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 73ad918a05a9..d34620034f8e 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -5079,9 +5079,14 @@ static int btrfs_ioctl_encoded_write(struct file *file, void __user *argp,
}
args.iov = compat_ptr(args32.iov);
args.iovcnt = args32.iovcnt;
- memcpy(&args.offset, &args32.offset,
- sizeof(args) -
- offsetof(struct btrfs_ioctl_encoded_io_args, offset));
+ args.offset = args32.offset;
+ args.flags = args32.flags;
+ args.len = args32.len;
+ args.unencoded_len = args32.unencoded_len;
+ args.unencoded_offset = args32.unencoded_offset;
+ args.compression = args32.compression;
+ args.encryption = args32.encryption;
+ memcpy(args.reserved, args32.reserved, sizeof(args.reserved));
#else
return -ENOTTY;
#endif
--
2.34.1
--
Cheers,
Stephen Rothwell
On Tue, Jan 25, 2022 at 11:57:57AM +1100, Stephen Rothwell wrote:
> Hi all,
>
> After merging the kspp tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
>
> In file included from include/linux/string.h:253,
> from include/linux/bitmap.h:11,
> from include/linux/cpumask.h:12,
> from arch/x86/include/asm/cpumask.h:5,
> from arch/x86/include/asm/msr.h:11,
> from arch/x86/include/asm/processor.h:22,
> from arch/x86/include/asm/cpufeature.h:5,
> from arch/x86/include/asm/thread_info.h:53,
> from include/linux/thread_info.h:60,
> from arch/x86/include/asm/preempt.h:7,
> from include/linux/preempt.h:78,
> from include/linux/spinlock.h:55,
> from include/linux/wait.h:9,
> from include/linux/mempool.h:8,
> from include/linux/bio.h:8,
> from fs/btrfs/ioctl.c:7:
> In function 'fortify_memcpy_chk',
> inlined from 'btrfs_ioctl_encoded_write' at fs/btrfs/ioctl.c:5082:3:
> include/linux/fortify-string.h:316:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
> 316 | __write_overflow_field(p_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> include/linux/fortify-string.h:324:25: error: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
> 324 | __read_overflow2_field(q_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
>
> Caused by commit
>
> 602670289b69 ("fortify: Detect struct member overflows in memcpy() at compile-time")
>
> interacting with commit
>
> 504e1ebb6316 ("btrfs: add BTRFS_IOC_ENCODED_WRITE")
>
> from the btrfs tree.
>
> I applied the following hack:
>
> From: Stephen Rothwell <sfr@canb.auug.org.au>
> Date: Tue, 25 Jan 2022 11:47:17 +1100
> Subject: [PATCH] fix up for "btrfs: add BTRFS_IOC_ENCODED_WRITE"
>
> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
> ---
> fs/btrfs/ioctl.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
> index 73ad918a05a9..d34620034f8e 100644
> --- a/fs/btrfs/ioctl.c
> +++ b/fs/btrfs/ioctl.c
> @@ -5079,9 +5079,14 @@ static int btrfs_ioctl_encoded_write(struct file *file, void __user *argp,
> }
> args.iov = compat_ptr(args32.iov);
> args.iovcnt = args32.iovcnt;
> - memcpy(&args.offset, &args32.offset,
> - sizeof(args) -
> - offsetof(struct btrfs_ioctl_encoded_io_args, offset));
> + args.offset = args32.offset;
> + args.flags = args32.flags;
> + args.len = args32.len;
> + args.unencoded_len = args32.unencoded_len;
> + args.unencoded_offset = args32.unencoded_offset;
> + args.compression = args32.compression;
> + args.encryption = args32.encryption;
> + memcpy(args.reserved, args32.reserved, sizeof(args.reserved));
> #else
> return -ENOTTY;
> #endif
Thanks, the patchset is still in progress so I'll apply this a fixup
until the patch gets updated.
Hi all,
On Tue, 25 Jan 2022 15:07:30 +0100 David Sterba <dsterba@suse.cz> wrote:
>
> On Tue, Jan 25, 2022 at 11:57:57AM +1100, Stephen Rothwell wrote:
> >
> > After merging the kspp tree, today's linux-next build (x86_64
> > allmodconfig) failed like this:
> >
> > In file included from include/linux/string.h:253,
> > from include/linux/bitmap.h:11,
> > from include/linux/cpumask.h:12,
> > from arch/x86/include/asm/cpumask.h:5,
> > from arch/x86/include/asm/msr.h:11,
> > from arch/x86/include/asm/processor.h:22,
> > from arch/x86/include/asm/cpufeature.h:5,
> > from arch/x86/include/asm/thread_info.h:53,
> > from include/linux/thread_info.h:60,
> > from arch/x86/include/asm/preempt.h:7,
> > from include/linux/preempt.h:78,
> > from include/linux/spinlock.h:55,
> > from include/linux/wait.h:9,
> > from include/linux/mempool.h:8,
> > from include/linux/bio.h:8,
> > from fs/btrfs/ioctl.c:7:
> > In function 'fortify_memcpy_chk',
> > inlined from 'btrfs_ioctl_encoded_write' at fs/btrfs/ioctl.c:5082:3:
> > include/linux/fortify-string.h:316:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
> > 316 | __write_overflow_field(p_size_field, size);
> > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > include/linux/fortify-string.h:324:25: error: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
> > 324 | __read_overflow2_field(q_size_field, size);
> > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > cc1: all warnings being treated as errors
> >
> > Caused by commit
> >
> > 602670289b69 ("fortify: Detect struct member overflows in memcpy() at compile-time")
> >
> > interacting with commit
> >
> > 504e1ebb6316 ("btrfs: add BTRFS_IOC_ENCODED_WRITE")
> >
> > from the btrfs tree.
> >
> > I applied the following hack:
> >
> > From: Stephen Rothwell <sfr@canb.auug.org.au>
> > Date: Tue, 25 Jan 2022 11:47:17 +1100
> > Subject: [PATCH] fix up for "btrfs: add BTRFS_IOC_ENCODED_WRITE"
> >
> > Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
> > ---
> > fs/btrfs/ioctl.c | 11 ++++++++---
> > 1 file changed, 8 insertions(+), 3 deletions(-)
> >
> > diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
> > index 73ad918a05a9..d34620034f8e 100644
> > --- a/fs/btrfs/ioctl.c
> > +++ b/fs/btrfs/ioctl.c
> > @@ -5079,9 +5079,14 @@ static int btrfs_ioctl_encoded_write(struct file *file, void __user *argp,
> > }
> > args.iov = compat_ptr(args32.iov);
> > args.iovcnt = args32.iovcnt;
> > - memcpy(&args.offset, &args32.offset,
> > - sizeof(args) -
> > - offsetof(struct btrfs_ioctl_encoded_io_args, offset));
> > + args.offset = args32.offset;
> > + args.flags = args32.flags;
> > + args.len = args32.len;
> > + args.unencoded_len = args32.unencoded_len;
> > + args.unencoded_offset = args32.unencoded_offset;
> > + args.compression = args32.compression;
> > + args.encryption = args32.encryption;
> > + memcpy(args.reserved, args32.reserved, sizeof(args.reserved));
> > #else
> > return -ENOTTY;
> > #endif
>
> Thanks, the patchset is still in progress so I'll apply this a fixup
> until the patch gets updated.
This has come back today ... presumably the hack was removed but the
original patch was not fixed.
I have used the btrfs tree from next-20220210 for today.
--
Cheers,
Stephen Rothwell
On Fri, Feb 11, 2022 at 10:42:38AM +1100, Stephen Rothwell wrote: > > > --- a/fs/btrfs/ioctl.c > > > +++ b/fs/btrfs/ioctl.c > > > @@ -5079,9 +5079,14 @@ static int btrfs_ioctl_encoded_write(struct file *file, void __user *argp, > > > } > > > args.iov = compat_ptr(args32.iov); > > > args.iovcnt = args32.iovcnt; > > > - memcpy(&args.offset, &args32.offset, > > > - sizeof(args) - > > > - offsetof(struct btrfs_ioctl_encoded_io_args, offset)); > > > + args.offset = args32.offset; > > > + args.flags = args32.flags; > > > + args.len = args32.len; > > > + args.unencoded_len = args32.unencoded_len; > > > + args.unencoded_offset = args32.unencoded_offset; > > > + args.compression = args32.compression; > > > + args.encryption = args32.encryption; > > > + memcpy(args.reserved, args32.reserved, sizeof(args.reserved)); > > > #else > > > return -ENOTTY; > > > #endif > > > > Thanks, the patchset is still in progress so I'll apply this a fixup > > until the patch gets updated. > > This has come back today ... presumably the hack was removed but the > original patch was not fixed. I've updated the patchset and thought the fixup has been applied but no. I'll fold it to the patch so it doesn't get lost again.
On Tue, Jan 25, 2022 at 11:57:57AM +1100, Stephen Rothwell wrote:
> Hi all,
>
> After merging the kspp tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
>
> In file included from include/linux/string.h:253,
> from include/linux/bitmap.h:11,
> from include/linux/cpumask.h:12,
> from arch/x86/include/asm/cpumask.h:5,
> from arch/x86/include/asm/msr.h:11,
> from arch/x86/include/asm/processor.h:22,
> from arch/x86/include/asm/cpufeature.h:5,
> from arch/x86/include/asm/thread_info.h:53,
> from include/linux/thread_info.h:60,
> from arch/x86/include/asm/preempt.h:7,
> from include/linux/preempt.h:78,
> from include/linux/spinlock.h:55,
> from include/linux/wait.h:9,
> from include/linux/mempool.h:8,
> from include/linux/bio.h:8,
> from fs/btrfs/ioctl.c:7:
> In function 'fortify_memcpy_chk',
> inlined from 'btrfs_ioctl_encoded_write' at fs/btrfs/ioctl.c:5082:3:
> include/linux/fortify-string.h:316:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
> 316 | __write_overflow_field(p_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> include/linux/fortify-string.h:324:25: error: call to '__read_overflow2_field' declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
> 324 | __read_overflow2_field(q_size_field, size);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
>
> Caused by commit
>
> 602670289b69 ("fortify: Detect struct member overflows in memcpy() at compile-time")
>
> interacting with commit
>
> 504e1ebb6316 ("btrfs: add BTRFS_IOC_ENCODED_WRITE")
>
> from the btrfs tree.
Thanks!
I found the btrfs patch here:
https://lore.kernel.org/all/ec08e6f559ab47b3300ca5a67e8fc984fd3f040f.1637179348.git.osandov@fb.com/
>
> I applied the following hack:
>
> From: Stephen Rothwell <sfr@canb.auug.org.au>
> Date: Tue, 25 Jan 2022 11:47:17 +1100
> Subject: [PATCH] fix up for "btrfs: add BTRFS_IOC_ENCODED_WRITE"
>
> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
> ---
> fs/btrfs/ioctl.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
> index 73ad918a05a9..d34620034f8e 100644
> --- a/fs/btrfs/ioctl.c
> +++ b/fs/btrfs/ioctl.c
> @@ -5079,9 +5079,14 @@ static int btrfs_ioctl_encoded_write(struct file *file, void __user *argp,
> }
> args.iov = compat_ptr(args32.iov);
> args.iovcnt = args32.iovcnt;
> - memcpy(&args.offset, &args32.offset,
> - sizeof(args) -
> - offsetof(struct btrfs_ioctl_encoded_io_args, offset));
> + args.offset = args32.offset;
> + args.flags = args32.flags;
> + args.len = args32.len;
> + args.unencoded_len = args32.unencoded_len;
> + args.unencoded_offset = args32.unencoded_offset;
> + args.compression = args32.compression;
> + args.encryption = args32.encryption;
> + memcpy(args.reserved, args32.reserved, sizeof(args.reserved));
> #else
> return -ENOTTY;
> #endif
I'll see if I can construct something shorter using struct_group().
-Kees
--
Kees Cook
© 2016 - 2026 Red Hat, Inc.