Re: packed structures used in socket options

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On 7. Jun 2020, at 19:14, David Laight <David.Laight@xxxxxxxxxx> wrote:
> 
> From: Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
>> Sent: 07 June 2020 16:15
>>> On 7. Jun 2020, at 15:53, David Laight <David.Laight@xxxxxxxxxx> wrote:
>>> 
>>> From: Michael Tuexen
>>>> 
>>>> since gcc uses -Werror=address-of-packed-member, I get warnings for my variant
>>>> of packetdrill, which supports SCTP.
>>>> 
>>>> Here is why:
>>>> 
>>>> 
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/sctp.h?h=v5
>>>> .7
>>>> contains:
>>>> 
>>>> struct sctp_paddrparams {
>>>> 	sctp_assoc_t		spp_assoc_id;
>>>> 	struct sockaddr_storage	spp_address;
>>>> 	__u32			spp_hbinterval;
>>>> 	__u16			spp_pathmaxrxt;
>>>> 	__u32			spp_pathmtu;
>>>> 	__u32			spp_sackdelay;
>>>> 	__u32			spp_flags;
>>>> 	__u32			spp_ipv6_flowlabel;
>>>> 	__u8			spp_dscp;
>>>> } __attribute__((packed, aligned(4)));
>>>> 
>>>> This structure is only used in the IPPROTO_SCTP level socket option SCTP_PEER_ADDR_PARAMS.
>>>> Why is it packed?
>>> 
>>> I'm guessing 'to remove holes to avoid leaking kernel data'.
>>> 
>>> The sctp socket api defines loads of structures that will have
>>> holes in them if not packed.
>> 
>> Hi David,
>> I agree that they have holes and we should have done better. The
>> kernel definitely should also not leak kernel data. However, the
>> way to handle this shouldn't be packing. I guess it is too late
>> to change this?
> 
> Probably too late.
> I've no idea how it got through the standards body either.
> In fact, the standard may actually require the holes.
No, it does not. Avoiding holes was not taken into account.
It should have been, but this was missed. Authors of all
kernel implementation (FreeBSD, Linux, and Solaris) were involved.
> 
>> This means the corresponding fields can only be accessed via
>> memcpy() or one needs to tolerate unaligned access. Dealing with
>> warnings is one thing, but do you know if Linux supports
>> unaligned access on all platforms it supports (I'm not familiar
>> with enough with Linux)?
> 
> The compiler will generate loads shifts and ors to access misaligned
> data on architectures like sparc where the hardware (quite reasonably)
> doesn't allow them.
> The code is horrid and you don't want to do it if it is avoidable.
> But it is better that taking a fault and then emulating it.
OK, so there is no functional problem on Linux. The code will run
slower, but it will work. At some time using FreeBSD on arm, you would
read interesting values and on Sparc with Solaris you would get a core.

This means developers have to use  -Wno-address-of-packed-member when
compiling a program on Linux.

Best regards
Michael
> That really shouldn't have even been allowed to happen.
> 
> I do remember a classic statement in a header from AT&T.
> 'All the fields are declared 'long' to ensure the same alignment
> on all machines.'
> AT&T had a protocol that passed the structure between machines
> (without allowing for endianness).
> I think it was SGI that did a 64bit interface using 'long'.
> The TOG standard allowed the implementation to pick a type.
> 
> 	David
> 
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
> 




[Index of Archives]     [Linux Networking Development]     [Linux OMAP]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux