Hi!
While working on testing an improved -Warray-bounds in GCC, I encountered
this, which seems to be reasonable:
In file included from ./arch/x86/include/generated/asm/rwonce.h:1,
from ../include/linux/compiler.h:299,
from ../include/linux/array_size.h:5,
from ../include/linux/kernel.h:16,
from ../mm/debug.c:9:
In function 'page_fixed_fake_head',
inlined from '_compound_head' at ../include/linux/page-flags.h:251:24,
inlined from '__dump_page' at ../mm/debug.c:123:11:
../include/asm-generic/rwonce.h:44:26: warning: array subscript 9 is outside array bounds of 'struct page[1]' [-Warray-bounds=]
44 | #define __READ_ONCE(x) (*(const volatile __unqual_scalar_typeof(x) *)&(x))
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../include/asm-generic/rwonce.h:50:9: note: in expansion of macro '__READ_ONCE'
50 | __READ_ONCE(x); \
| ^~~~~~~~~~~
../include/linux/page-flags.h:226:38: note: in expansion of macro 'READ_ONCE'
226 | unsigned long head = READ_ONCE(page[1].compound_head);
| ^~~~~~~~~
../mm/debug.c: In function '__dump_page':
../mm/debug.c:116:21: note: at offset 72 into object 'precise' of size 64
116 | struct page precise;
| ^~~~~~~
(Not noted in this warning is that the code passes through page_folio()
_Generic macro.)
It doesn't like that it can see that "precise" is exactly one page, so
looking at page[1] later is going to freak out. I suspect this may be
"impossible" at run-time, but I'm not 100% sure. Regardless, the compiler
can't tell.
I suspect just making precise be a 2 page array would make this happy,
but it wasn't clear to me how such a page should be initialized.
-Kees
--
Kees Cook
