| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Jul 2021 20:06:53 -0500
From: "Gustavo A. R. Silva" <gustavoars@...nel.org>
To: Chris Mason <clm@...com>, Josef Bacik <josef@...icpanda.com>,
David Sterba <dsterba@...e.com>
Cc: linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
linux-hardening@...r.kernel.org
Subject: [PATCH][next] btrfs: Fix multiple out-of-bounds warnings
Fix the following out-of-bounds warnings by using a flexible-array
member *pages[] at the bottom of struct extent_buffer:
fs/btrfs/disk-io.c:225:34: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:80:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:101:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:133:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:156:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:80:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:101:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:133:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:156:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:80:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:101:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:133:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:156:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
Also, make use of the struct_size() helper to properly calculate the
total size of struct extent_buffer for the kmem cache allocation.
This is part of the ongoing efforts to globally enable -Warray-bounds.
The code was built with ppc64_defconfig and -Warray-bounds enabled by
default in the main Makefile.
Link: https://github.com/KSPP/linux/issues/109
Cc: Qu Wenruo <quwenruo.btrfs@....com>
Cc: David Sterba <dsterba@...e.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
---
fs/btrfs/extent_io.c | 5 +++--
fs/btrfs/extent_io.h | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 9e81d25dea70..4cf0b72fdd9f 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -232,8 +232,9 @@ int __init extent_state_cache_init(void)
int __init extent_io_init(void)
{
extent_buffer_cache = kmem_cache_create("btrfs_extent_buffer",
- sizeof(struct extent_buffer), 0,
- SLAB_MEM_SPREAD, NULL);
+ struct_size((struct extent_buffer *)0, pages,
+ INLINE_EXTENT_BUFFER_PAGES),
+ 0, SLAB_MEM_SPREAD, NULL);
if (!extent_buffer_cache)
return -ENOMEM;
diff --git a/fs/btrfs/extent_io.h b/fs/btrfs/extent_io.h
index 62027f551b44..b82e8b694a3b 100644
--- a/fs/btrfs/extent_io.h
+++ b/fs/btrfs/extent_io.h
@@ -94,11 +94,11 @@ struct extent_buffer {
struct rw_semaphore lock;
- struct page *pages[INLINE_EXTENT_BUFFER_PAGES];
struct list_head release_list;
#ifdef CONFIG_BTRFS_DEBUG
struct list_head leak_list;
#endif
+ struct page *pages[];
};
/*
--
2.27.0
Powered by blists - more mailing lists