> 2023年1月6日 14:02,Kees Cook <keescook@xxxxxxxxxxxx> 写道: > > struct bkey has internal padding in a union, but it isn't always named > the same (e.g. key ## _pad, key_p, etc). This makes it extremely hard > for the compiler to reason about the available size of copies done > against such keys. Use unsafe_memcpy() for now, to silence the many > run-time false positive warnings: > The keys is embedded in multiple data structures as a generalized model with some helpers, bkey_bytes() is one of them. It is not surprised for such feeling when people read the code at first glance. And thank you for improving it :-) > memcpy: detected field-spanning write (size 264) of single field "&i->j" at drivers/md/bcache/journal.c:152 (size 240) > memcpy: detected field-spanning write (size 24) of single field "&b->key" at drivers/md/bcache/btree.c:939 (size 16) > emcpy: detected field-spanning write (size 24) of single field "&temp.key" at drivers/md/bcache/extents.c:428 (size 16) > How does the above information can be founded? Should I use llvm and enable FORTIFY_SOURCE? I don’t say the bkey and bkey_bytes() stuffs are elegant, but why the compiler cannot find such situation? IMHO it is quite similar to something like “struct foo *bar[0]” at the end of a data structure. > Reported-by: Thorsten Leemhuis <linux@xxxxxxxxxxxxx> > Link: https://lore.kernel.org/all/19200730-a3ba-6f4f-bb81-71339bdbbf73@xxxxxxxxxxxxx/ > Cc: Coly Li <colyli@xxxxxxx> > Cc: Kent Overstreet <kent.overstreet@xxxxxxxxx> > Cc: linux-bcache@xxxxxxxxxxxxxxx > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> The code comments as justification is informative. Thanks for this. Acked-by: Coly Li <colyli@xxxxxxx> Coly Li > --- > drivers/md/bcache/bcache_ondisk.h | 3 ++- > drivers/md/bcache/journal.c | 3 ++- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/md/bcache/bcache_ondisk.h b/drivers/md/bcache/bcache_ondisk.h > index d086a0ce4bc2..6620a7f8fffc 100644 > --- a/drivers/md/bcache/bcache_ondisk.h > +++ b/drivers/md/bcache/bcache_ondisk.h > @@ -106,7 +106,8 @@ static inline unsigned long bkey_bytes(const struct bkey *k) > return bkey_u64s(k) * sizeof(__u64); > } > > -#define bkey_copy(_dest, _src) memcpy(_dest, _src, bkey_bytes(_src)) > +#define bkey_copy(_dest, _src) unsafe_memcpy(_dest, _src, bkey_bytes(_src), \ > + /* bkey is always padded */) > > static inline void bkey_copy_key(struct bkey *dest, const struct bkey *src) > { > diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c > index e5da469a4235..c182c21de2e8 100644 > --- a/drivers/md/bcache/journal.c > +++ b/drivers/md/bcache/journal.c > @@ -149,7 +149,8 @@ reread: left = ca->sb.bucket_size - offset; > bytes, GFP_KERNEL); > if (!i) > return -ENOMEM; > - memcpy(&i->j, j, bytes); > + unsafe_memcpy(&i->j, j, bytes, > + /* "bytes" was calculated by set_bytes() above */); > /* Add to the location after 'where' points to */ > list_add(&i->list, where); > ret = 1; > -- > 2.34.1 >
