lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKwvOdk9XFOL2RAh5+FKWMR9jWFwrS=J+ogwUPj5OOLXcr-iSQ@mail.gmail.com>
Date:   Mon, 10 Jan 2022 11:44:12 -0800
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Andy Shevchenko <andy.shevchenko@...il.com>
Cc:     kernel test robot <lkp@...el.com>,
        Nick Desaulniers <nick.desaulniers@...il.com>,
        Sakari Ailus <sakari.ailus@...ux.intel.com>,
        llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Thomas Zimmermann <tzimmermann@...e.de>,
        Petr Mladek <pmladek@...e.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Roman Lebedev <lebedev.ri@...il.com>,
        Richard Smith <richard@...afoo.co.uk>
Subject: Re: drivers/media/v4l2-core/v4l2-ioctl.c:303:28: warning: taking
 address of packed member 'pixelformat' of class or structure
 'v4l2_pix_format_mplane' may result in an unaligned pointer value

On Sun, Jan 9, 2022 at 6:26 AM Andy Shevchenko
<andy.shevchenko@...il.com> wrote:
>
> +Nick Desaulniers
>
> Any ideas on how to fix this?

Not obviously.  This code probably will trigger a splat when run with
UBSan though.

I'm curious if the structure needs to be packed for interfacing with
hardware or some ABI, or whether we could add an explicit alignment to
the member if that would be ok (which may add back some padding)?
Otherwise, I suspect to actually access this properly we may have
macros for performing underaligned loads and stores?  I suspect you'd
read potentially unaligned data into an aligned copy, then do
operations on that, at which point printing the address of the copy is
legal, but perhaps useless.

Perhaps:

diff --git a/include/uapi/linux/videodev2.h b/include/uapi/linux/videodev2.h
index df8b9c486ba1..3bb8d7aaba8a 100644
--- a/include/uapi/linux/videodev2.h
+++ b/include/uapi/linux/videodev2.h
@@ -2293,7 +2293,7 @@ struct v4l2_plane_pix_format {
 struct v4l2_pix_format_mplane {
        __u32                           width;
        __u32                           height;
-       __u32                           pixelformat;
+       __u32                           pixelformat __aligned(4);
        __u32                           field;
        __u32                           colorspace;

Perhaps we could tighten up this warning in clang; we don't have any
holes before this member, so I _wouldn't_ have assumed
__attribute__((packed)) would have caused the address of pixelformat
member of an instance of struct v4l2_pix_format_mplane to ever be
underaligned.

>
>
> On Sun, Jan 9, 2022 at 3:53 PM kernel test robot <lkp@...el.com> wrote:
> >
> > Hi Sakari,
> >
> > FYI, the error/warning still remains.
> >
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> > head:   d1587f7bfe9a0f97a75d42ac1489aeda551106bc
> > commit: e927e1e0f0dd3e353d5556503a71484008692c82 v4l: ioctl: Use %p4cc printk modifier to print FourCC codes
> > date:   11 months ago
> > config: mips-buildonly-randconfig-r002-20220107 (https://download.01.org/0day-ci/archive/20220108/202201081852.uTfBqS4b-lkp@intel.com/config)
> > compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 32167bfe64a4c5dd4eb3f7a58e24f4cba76f5ac2)
> > reproduce (this is a W=1 build):
> >         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> >         chmod +x ~/bin/make.cross
> >         # install mips cross compiling tool for clang build
> >         # apt-get install binutils-mips-linux-gnu
> >         # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e927e1e0f0dd3e353d5556503a71484008692c82
> >         git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> >         git fetch --no-tags linus master
> >         git checkout e927e1e0f0dd3e353d5556503a71484008692c82
> >         # save the config file to linux build tree
> >         mkdir build_dir
> >         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=mips SHELL=/bin/bash drivers/hid/ drivers/media/v4l2-core/ fs/
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@...el.com>
> >
> > All warnings (new ones prefixed by >>):
> >
> > >> drivers/media/v4l2-core/v4l2-ioctl.c:303:28: warning: taking address of packed member 'pixelformat' of class or structure 'v4l2_pix_format_mplane' may result in an unaligned pointer value [-Waddress-of-packed-member]
> >                            mp->width, mp->height, &mp->pixelformat,
> >                                                    ^~~~~~~~~~~~~~~
> >    include/linux/printk.h:385:26: note: expanded from macro 'pr_cont'
> >            printk(KERN_CONT fmt, ##__VA_ARGS__)
> >                                    ^~~~~~~~~~~
> > >> drivers/media/v4l2-core/v4l2-ioctl.c:347:37: warning: taking address of packed member 'pixelformat' of class or structure 'v4l2_sdr_format' may result in an unaligned pointer value [-Waddress-of-packed-member]
> >                    pr_cont(", pixelformat=%p4cc\n", &sdr->pixelformat);
> >                                                      ^~~~~~~~~~~~~~~~
> >    include/linux/printk.h:385:26: note: expanded from macro 'pr_cont'
> >            printk(KERN_CONT fmt, ##__VA_ARGS__)
> >                                    ^~~~~~~~~~~
> > >> drivers/media/v4l2-core/v4l2-ioctl.c:353:5: warning: taking address of packed member 'dataformat' of class or structure 'v4l2_meta_format' may result in an unaligned pointer value [-Waddress-of-packed-member]
> >                            &meta->dataformat, meta->buffersize);
> >                             ^~~~~~~~~~~~~~~~
> >    include/linux/printk.h:385:26: note: expanded from macro 'pr_cont'
> >            printk(KERN_CONT fmt, ##__VA_ARGS__)
> >                                    ^~~~~~~~~~~
> >    3 warnings generated.
> >
> >
> > vim +303 drivers/media/v4l2-core/v4l2-ioctl.c
> >
> >    273
> >    274  static void v4l_print_format(const void *arg, bool write_only)
> >    275  {
> >    276          const struct v4l2_format *p = arg;
> >    277          const struct v4l2_pix_format *pix;
> >    278          const struct v4l2_pix_format_mplane *mp;
> >    279          const struct v4l2_vbi_format *vbi;
> >    280          const struct v4l2_sliced_vbi_format *sliced;
> >    281          const struct v4l2_window *win;
> >    282          const struct v4l2_sdr_format *sdr;
> >    283          const struct v4l2_meta_format *meta;
> >    284          u32 planes;
> >    285          unsigned i;
> >    286
> >    287          pr_cont("type=%s", prt_names(p->type, v4l2_type_names));
> >    288          switch (p->type) {
> >    289          case V4L2_BUF_TYPE_VIDEO_CAPTURE:
> >    290          case V4L2_BUF_TYPE_VIDEO_OUTPUT:
> >    291                  pix = &p->fmt.pix;
> >    292                  pr_cont(", width=%u, height=%u, pixelformat=%p4cc, field=%s, bytesperline=%u, sizeimage=%u, colorspace=%d, flags=0x%x, ycbcr_enc=%u, quantization=%u, xfer_func=%u\n",
> >    293                          pix->width, pix->height, &pix->pixelformat,
> >    294                          prt_names(pix->field, v4l2_field_names),
> >    295                          pix->bytesperline, pix->sizeimage,
> >    296                          pix->colorspace, pix->flags, pix->ycbcr_enc,
> >    297                          pix->quantization, pix->xfer_func);
> >    298                  break;
> >    299          case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE:
> >    300          case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE:
> >    301                  mp = &p->fmt.pix_mp;
> >    302                  pr_cont(", width=%u, height=%u, format=%p4cc, field=%s, colorspace=%d, num_planes=%u, flags=0x%x, ycbcr_enc=%u, quantization=%u, xfer_func=%u\n",
> >  > 303                          mp->width, mp->height, &mp->pixelformat,
> >    304                          prt_names(mp->field, v4l2_field_names),
> >    305                          mp->colorspace, mp->num_planes, mp->flags,
> >    306                          mp->ycbcr_enc, mp->quantization, mp->xfer_func);
> >    307                  planes = min_t(u32, mp->num_planes, VIDEO_MAX_PLANES);
> >    308                  for (i = 0; i < planes; i++)
> >    309                          printk(KERN_DEBUG "plane %u: bytesperline=%u sizeimage=%u\n", i,
> >    310                                          mp->plane_fmt[i].bytesperline,
> >    311                                          mp->plane_fmt[i].sizeimage);
> >    312                  break;
> >    313          case V4L2_BUF_TYPE_VIDEO_OVERLAY:
> >    314          case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
> >    315                  win = &p->fmt.win;
> >    316                  /* Note: we can't print the clip list here since the clips
> >    317                   * pointer is a userspace pointer, not a kernelspace
> >    318                   * pointer. */
> >    319                  pr_cont(", wxh=%dx%d, x,y=%d,%d, field=%s, chromakey=0x%08x, clipcount=%u, clips=%p, bitmap=%p, global_alpha=0x%02x\n",
> >    320                          win->w.width, win->w.height, win->w.left, win->w.top,
> >    321                          prt_names(win->field, v4l2_field_names),
> >    322                          win->chromakey, win->clipcount, win->clips,
> >    323                          win->bitmap, win->global_alpha);
> >    324                  break;
> >    325          case V4L2_BUF_TYPE_VBI_CAPTURE:
> >    326          case V4L2_BUF_TYPE_VBI_OUTPUT:
> >    327                  vbi = &p->fmt.vbi;
> >    328                  pr_cont(", sampling_rate=%u, offset=%u, samples_per_line=%u, sample_format=%p4cc, start=%u,%u, count=%u,%u\n",
> >    329                          vbi->sampling_rate, vbi->offset,
> >    330                          vbi->samples_per_line, &vbi->sample_format,
> >    331                          vbi->start[0], vbi->start[1],
> >    332                          vbi->count[0], vbi->count[1]);
> >    333                  break;
> >    334          case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
> >    335          case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
> >    336                  sliced = &p->fmt.sliced;
> >    337                  pr_cont(", service_set=0x%08x, io_size=%d\n",
> >    338                                  sliced->service_set, sliced->io_size);
> >    339                  for (i = 0; i < 24; i++)
> >    340                          printk(KERN_DEBUG "line[%02u]=0x%04x, 0x%04x\n", i,
> >    341                                  sliced->service_lines[0][i],
> >    342                                  sliced->service_lines[1][i]);
> >    343                  break;
> >    344          case V4L2_BUF_TYPE_SDR_CAPTURE:
> >    345          case V4L2_BUF_TYPE_SDR_OUTPUT:
> >    346                  sdr = &p->fmt.sdr;
> >  > 347                  pr_cont(", pixelformat=%p4cc\n", &sdr->pixelformat);
> >    348                  break;
> >    349          case V4L2_BUF_TYPE_META_CAPTURE:
> >    350          case V4L2_BUF_TYPE_META_OUTPUT:
> >    351                  meta = &p->fmt.meta;
> >    352                  pr_cont(", dataformat=%p4cc, buffersize=%u\n",
> >  > 353                          &meta->dataformat, meta->buffersize);
> >    354                  break;
> >    355          }
> >    356  }
> >    357
> >
> > ---
> > 0-DAY CI Kernel Test Service, Intel Corporation
> > https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>
>
>
> --
> With Best Regards,
> Andy Shevchenko
>


-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ