On Sat, Nov 16, 2024 at 09:52:44PM -0800, Kees Cook wrote:
> GCC 15's -Warray-bounds reports:
>
> In function 'page_fixed_fake_head',
> inlined from '_compound_head' at ../include/linux/page-flags.h:251:24,
> inlined from '__dump_page' at ../mm/debug.c:123:11:
> ../include/asm-generic/rwonce.h:44:26: warning: array subscript 9 is outside array bounds of 'struct page[1]' [-Warray-bounds=]
Thanks for bringing this back up. I have a somewhat orphaned patch in
my tree that has a terrible commit message which was no help.
That said, this patch is definitely wrong because it's unsafe to
call page_fixed_fake_head().
> (Not noted in this warning is that the code passes through page_folio()
> _Generic macro.)
>
> It may not be that "precise" is always 1 page, so accessing "page[1]"
> in either page_folio() or folio_test_large() may cause problems.
folio_test_large() does not touch page[1]. Look:
static inline bool folio_test_large(const struct folio *folio)
{
return folio_test_head(folio);
static __always_inline bool folio_test_head(const struct folio *folio)
{
return test_bit(PG_head, const_folio_flags(folio, FOLIO_PF_ANY));
#define FOLIO_PF_ANY 0
static const unsigned long *const_folio_flags(const struct folio *folio,
unsigned n)
{
const struct page *page = &folio->page;
VM_BUG_ON_PGFLAGS(PageTail(page), page);
VM_BUG_ON_PGFLAGS(n > 0 && !test_bit(PG_head, &page->flags), page);
return &page[n].flags;
so we only look at page[0].
> Instead, explicitly make precise 2 pages. Just open-coding page_folio()
> isn't sufficient to avoid the warning[1].
Why not? What goes wrong? I'm trying to get gcc-15 installed here now
...
