lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wgG3xqJn1=SVw-npsdwCRtyY=sYbLa7HFkmj_Q0U=vdHQ@mail.gmail.com>
Date: Sat, 6 Dec 2025 15:40:08 -0800
From: Linus Torvalds <torvalds@...uxfoundation.org>
To: Andrew Morton <akpm@...ux-foundation.org>, Dmitry Antipov <dmantipov@...dex.ru>, 
	Joseph Qi <joseph.qi@...ux.alibaba.com>, Heming Zhao <heming.zhao@...e.com>, 
	Mark Fasheh <mark@...heh.com>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org, 
	mm-commits@...r.kernel.org, Pasha Tatashin <pasha.tatashin@...een.com>
Subject: Re: [GIT PULL] non-MM updates for 6.19-rc1

On Sat, 6 Dec 2025 at 11:15, Andrew Morton <akpm@...ux-foundation.org> wrote:
>
> Dmitry Antipov (8):
>       ocfs2: annotate flexible array members with __counted_by_le()

This causes the build to fail for me with gcc 15.2.1:

  In function ‘fortify_memset_chk’,
      inlined from ‘ocfs2_reflink_xattr_header’ at fs/ocfs2/xattr.c:6365:5:
  include/linux/fortify-string.h:480:25: error: call to
‘__write_overflow_field’ declared with attribute warning: detected
write beyond size of field (1st parameter); maybe use struct_group()?
[-Werror=attribute-warning]

And the reason appears to likely be a bug this exposes, rather than a
bug in the annotation. But I really don't know the ocfs2 code at all,
so I'm going by "the error message is horrendous, but I can follow the
logic in the code, and I think the code was actually wrong".

I have "fixed" things.

And I put that "fixed' in quotes, because my fix looks sane to me, and
makes the array counting logic happy, and my fix may well be the
RightThing(tm), but somebody who actually knows the ocfs2 code needs
to check it out.

See commit c06c303832ec ("ocfs2: fix xattr array entry __counted_by
error") which simply makes the 'last' pointer point to the actual last
entry, rather than point to one _past_ the last entry.  So now the
memmove() and memset() in the "possibly remove entry" loop below might
actually work right, in addition to building cleanly.

But again: I did this without knowing anything about the code, just by
looking at the logic.

I _think_ the code used to copy one entry too much, and cleared an
entry past the end. It probably worked fine, because the code also
decrements xh_count, so even if it cleared the wrong entry, it was
past the counted end.

I'm a bit unhappy that this didn't show up in linux-next and that I
had to chase this down. I don't think my gcc version is that odd.

Anyway, it's building for me, but I really really want some ocfs2
person to take a look. Please?

               Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ