| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5e31c5fc-15e5-4ef1-944e-b4ba097829ed@kernel.dk>
Date: Sat, 24 Jan 2026 08:00:21 -0700
From: Jens Axboe <axboe@...nel.dk>
To: Stephen Rothwell <sfr@...b.auug.org.au>
Cc: Mark Brown <broonie@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Next Mailing List <linux-next@...r.kernel.org>
Subject: Re: linux-next: build failure after merge of the block tree
On 1/24/26 4:46 AM, Stephen Rothwell wrote:
> Hi Jens,
>
> On Fri, 23 Jan 2026 11:06:43 -0700 Jens Axboe <axboe@...nel.dk> wrote:
>>
>> On 1/23/26 11:00 AM, Jens Axboe wrote:
>>> On 1/23/26 10:42 AM, Mark Brown wrote:
>>>> Hi all,
>>>>
>>>> After merging the block tree, today's linux-next build (x86 allmodconfig)
>>>> failed like this:
>>>>
>>>> In file included from /tmp/next/build/include/linux/string.h:386,
>>>> from /tmp/next/build/include/linux/bitmap.h:13,
>>>> from /tmp/next/build/include/linux/cpumask.h:11,
>>>> from /tmp/next/build/arch/x86/include/asm/paravirt.h:21,
>>>> from /tmp/next/build/arch/x86/include/asm/cpuid/api.h:57,
>>>> from /tmp/next/build/arch/x86/include/asm/processor.h:19,
>>>> from /tmp/next/build/include/linux/sched.h:13,
>>>> from /tmp/next/build/include/linux/io_uring.h:5,
>>>> from /tmp/next/build/io_uring/bpf_filter.c:7:
>>>> In function 'fortify_memset_chk',
>>>> inlined from 'io_uring_populate_bpf_ctx' at /tmp/next/build/io_uring/bpf_filter.c:33:2:
>>>> /tmp/next/build/include/linux/fortify-string.h:480:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
>>>> 480 | __write_overflow_field(p_size_field, size);
>>>> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>> cc1: all warnings being treated as errors
>>>>
>>>> Caused by commit
>>>>
>>>> f1e3672e49e2c (io_uring: add support for BPF filtering for opcode restrictions)
>>>
>>> Huh, that am I missing here? The struct looks as follows:
>>>
>>> struct io_uring_bpf_ctx {
>>> __u64 user_data;
>>> __u8 opcode;
>>> __u8 sqe_flags;
>>> __u8 pad[6];
>>> union {
>>> __u64 resv[6];
>>> struct {
>>> __u32 family;
>>> __u32 type;
>>> __u32 protocol;
>>> } socket;
>>> struct {
>>> __u64 flags;
>>> __u64 mode;
>>> __u64 resolve;
>>> } open;
>>> };
>>> };
>>>
>>> and the offending line is:
>>>
>>> memset(bctx->pad, 0, sizeof(bctx->pad) + sizeof(bctx->resv));
>>>
>>> which should clear from offset 10 (start of pad) for a total of 6 + 48
>>> bytes, which is 54 bytes. The size of the struct is 64b.
>>>
>>> I guess the part it doesn't like is that it thinks we're clearing the
>>> pad field, which would of course be way overwriting it. Guess we can do
>>> something ala:
>>>
>>> memset((void *) bctx + offsetof(struct io_uring_bpf_ctx, pad), 0,
>>> sizeof(bctx->pad) + sizeof(bctx->resv));
>>>
>>> to make it happier.
>>
>> Folded that in and pushed it out, should be happy for you now. I wonder
>> if we have a helper for that...
>
> The origin warning did suggest using struct_group().
Right, and I do use that in io_uring in other spots already, but it's
pretty ugly for user facing structs. Both because they are harder to
read, and because it's bleeding internal detail into userspace. So don't
really like that for this use case.
--
Jens Axboe
Powered by blists - more mailing lists