lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210702010653.GA84106@embeddedor>
Date:   Thu, 1 Jul 2021 20:06:53 -0500
From:   "Gustavo A. R. Silva" <gustavoars@...nel.org>
To:     Chris Mason <clm@...com>, Josef Bacik <josef@...icpanda.com>,
        David Sterba <dsterba@...e.com>
Cc:     linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        linux-hardening@...r.kernel.org
Subject: [PATCH][next] btrfs: Fix multiple out-of-bounds warnings

Fix the following out-of-bounds warnings by using a flexible-array
member *pages[] at the bottom of struct extent_buffer:

fs/btrfs/disk-io.c:225:34: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:80:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:101:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:133:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:156:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:80:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:101:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:133:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:156:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:80:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:101:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:133:46: warning: array subscript 1 is above array bounds of ‘struct page *[1]’ [-Warray-bounds]
fs/btrfs/struct-funcs.c:156:32: warning: array subscript 1 is above array bounds of ‘struct page * const[1]’ [-Warray-bounds]

Also, make use of the struct_size() helper to properly calculate the
total size of struct extent_buffer for the kmem cache allocation.

This is part of the ongoing efforts to globally enable -Warray-bounds.

The code was built with ppc64_defconfig and -Warray-bounds enabled by
default in the main Makefile.

Link: https://github.com/KSPP/linux/issues/109
Cc: Qu Wenruo <quwenruo.btrfs@....com>
Cc: David Sterba <dsterba@...e.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
---
 fs/btrfs/extent_io.c | 5 +++--
 fs/btrfs/extent_io.h | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 9e81d25dea70..4cf0b72fdd9f 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -232,8 +232,9 @@ int __init extent_state_cache_init(void)
 int __init extent_io_init(void)
 {
 	extent_buffer_cache = kmem_cache_create("btrfs_extent_buffer",
-			sizeof(struct extent_buffer), 0,
-			SLAB_MEM_SPREAD, NULL);
+			struct_size((struct extent_buffer *)0, pages,
+				    INLINE_EXTENT_BUFFER_PAGES),
+			0, SLAB_MEM_SPREAD, NULL);
 	if (!extent_buffer_cache)
 		return -ENOMEM;
 
diff --git a/fs/btrfs/extent_io.h b/fs/btrfs/extent_io.h
index 62027f551b44..b82e8b694a3b 100644
--- a/fs/btrfs/extent_io.h
+++ b/fs/btrfs/extent_io.h
@@ -94,11 +94,11 @@ struct extent_buffer {
 
 	struct rw_semaphore lock;
 
-	struct page *pages[INLINE_EXTENT_BUFFER_PAGES];
 	struct list_head release_list;
 #ifdef CONFIG_BTRFS_DEBUG
 	struct list_head leak_list;
 #endif
+	struct page *pages[];
 };
 
 /*
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ