lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cb962e32-7d04-44a1-b99c-4d1889ffdbf5@kernel.dk>
Date: Fri, 23 Jan 2026 11:00:55 -0700
From: Jens Axboe <axboe@...nel.dk>
To: Mark Brown <broonie@...nel.org>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
 Linux Next Mailing List <linux-next@...r.kernel.org>
Subject: Re: linux-next: build failure after merge of the block tree

On 1/23/26 10:42 AM, Mark Brown wrote:
> Hi all,
> 
> After merging the block tree, today's linux-next build (x86 allmodconfig)
> failed like this:
> 
> In file included from /tmp/next/build/include/linux/string.h:386,
>                  from /tmp/next/build/include/linux/bitmap.h:13,
>                  from /tmp/next/build/include/linux/cpumask.h:11,
>                  from /tmp/next/build/arch/x86/include/asm/paravirt.h:21,
>                  from /tmp/next/build/arch/x86/include/asm/cpuid/api.h:57,
>                  from /tmp/next/build/arch/x86/include/asm/processor.h:19,
>                  from /tmp/next/build/include/linux/sched.h:13,
>                  from /tmp/next/build/include/linux/io_uring.h:5,
>                  from /tmp/next/build/io_uring/bpf_filter.c:7:
> In function 'fortify_memset_chk',
>     inlined from 'io_uring_populate_bpf_ctx' at /tmp/next/build/io_uring/bpf_filter.c:33:2:
> /tmp/next/build/include/linux/fortify-string.h:480:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
>   480 |                         __write_overflow_field(p_size_field, size);
>       |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
> 
> Caused by commit
> 
>   f1e3672e49e2c (io_uring: add support for BPF filtering for opcode restrictions)

Huh, that am I missing here? The struct looks as follows:

struct io_uring_bpf_ctx {
	__u64	user_data;
	__u8	opcode;
	__u8	sqe_flags;
	__u8	pad[6];
	union {
		__u64	resv[6];
		struct {
			__u32	family;
			__u32	type;
			__u32	protocol;
		} socket;
		struct {
			__u64	flags;
			__u64	mode;
			__u64	resolve;
		} open;
	};
};

and the offending line is:

memset(bctx->pad, 0, sizeof(bctx->pad) + sizeof(bctx->resv));

which should clear from offset 10 (start of pad) for a total of 6 + 48
bytes, which is 54 bytes. The size of the struct is 64b.

I guess the part it doesn't like is that it thinks we're clearing the
pad field, which would of course be way overwriting it. Guess we can do
something ala:

memset((void *) bctx + offsetof(struct io_uring_bpf_ctx, pad), 0,
	sizeof(bctx->pad) + sizeof(bctx->resv));

to make it happier.

-- 
Jens Axboe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ