| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Nov 2023 16:52:52 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: Nathan Chancellor <nathan@...nel.org>
Cc: davem@...emloft.net, dsahern@...nel.org, kuba@...nel.org,
pabeni@...hat.com, ndesaulniers@...gle.com, trix@...hat.com,
0x7f454c46@...il.com, noureddine@...sta.com, hch@...radead.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev,
patches@...ts.linux.dev
Subject: Re: [PATCH net v2] tcp: Fix -Wc23-extensions in tcp_options_write()
On Mon, Nov 6, 2023 at 4:36 PM Nathan Chancellor <nathan@...nel.org> wrote:
>
> Clang warns (or errors with CONFIG_WERROR=y) when CONFIG_TCP_AO is set:
>
> net/ipv4/tcp_output.c:663:2: error: label at end of compound statement is a C23 extension [-Werror,-Wc23-extensions]
> 663 | }
> | ^
> 1 error generated.
>
> On earlier releases (such as clang-11, the current minimum supported
> version for building the kernel) that do not support C23, this was a
> hard error unconditionally:
>
> net/ipv4/tcp_output.c:663:2: error: expected statement
> }
> ^
> 1 error generated.
>
> While adding a semicolon after the label would resolve this, it is more
> in line with the kernel as a whole to refactor this block into a
> standalone function, which means the goto a label construct can just be
> replaced with a simple return. Do so to resolve the warning.
>
> Closes: https://github.com/ClangBuiltLinux/linux/issues/1953
> Fixes: 1e03d32bea8e ("net/tcp: Add TCP-AO sign to outgoing packets")
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>
> ---
> Please let me know if this function should have a different name. I
> think I got all the changes of the function shuffle correct but some
> testing would be appreciated.
>
> Changes in v2:
> - Break out problematic block into its own function so that goto can be
> replaced with a simple return, instead of the simple semicolon
> approach of v1 (Christoph)
> - Link to v1: https://lore.kernel.org/r/20231031-tcp-ao-fix-label-in-compound-statement-warning-v1-1-c9731d115f17@kernel.org
> ---
> net/ipv4/tcp_output.c | 69 ++++++++++++++++++++++++++++-----------------------
> 1 file changed, 38 insertions(+), 31 deletions(-)
>
> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
> index 0d8dd5b7e2e5..3f8dc74fbf40 100644
> --- a/net/ipv4/tcp_output.c
> +++ b/net/ipv4/tcp_output.c
> @@ -601,6 +601,43 @@ static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb,
> }
> #endif
>
> +static void process_tcp_ao_options(struct tcp_sock *tp,
> + const struct tcp_request_sock *tcprsk,
> + struct tcp_out_options *opts,
> + struct tcp_out_options *opts,
ptr has a different type than in the caller, this is a bit confusing
I would use
static __be32 * process_tcp_ao_options(struct tcp_sock *tp, const
struct tcp_request_sock *tcprsk,
struct tcp_out_options *opts,struct tcp_key *key, __be32 *ptr)
> +{
> +#ifdef CONFIG_TCP_AO
> + u8 maclen = tcp_ao_maclen(key->ao_key);
> +
> + if (tcprsk) {
> + u8 aolen = maclen + sizeof(struct tcp_ao_hdr);
> +
> + *(*ptr)++ = htonl((TCPOPT_AO << 24) | (aolen << 16) |
> + (tcprsk->ao_keyid << 8) |
> + (tcprsk->ao_rcv_next));
*ptr++ = ...
(and in all other *ptr uses in this helper)
> + } else {
> + struct tcp_ao_key *rnext_key;
> + struct tcp_ao_info *ao_info;
> +
> + ao_info = rcu_dereference_check(tp->ao_info,
> + lockdep_sock_is_held(&tp->inet_conn.icsk_inet.sk));
> + rnext_key = READ_ONCE(ao_info->rnext_key);
> + if (WARN_ON_ONCE(!rnext_key))
> + return;
> + *(*ptr)++ = htonl((TCPOPT_AO << 24) |
> + (tcp_ao_len(key->ao_key) << 16) |
> + (key->ao_key->sndid << 8) |
> + (rnext_key->rcvid));
> + }
> + opts->hash_location = (__u8 *)(*ptr);
> + *ptr += maclen / sizeof(**ptr);
> + if (unlikely(maclen % sizeof(**ptr))) {
> + memset(*ptr, TCPOPT_NOP, sizeof(**ptr));
> + (*ptr)++;
> + }
> +#endif
return ptr;
+}
> +
> /* Write previously computed TCP options to the packet.
> *
> * Beware: Something in the Internet is very sensitive to the ordering of
> @@ -629,37 +666,7 @@ static void tcp_options_write(struct tcphdr *th, struct tcp_sock *tp,
> opts->hash_location = (__u8 *)ptr;
> ptr += 4;
> } else if (tcp_key_is_ao(key)) {
> -#ifdef CONFIG_TCP_AO
> - u8 maclen = tcp_ao_maclen(key->ao_key);
> -
> - if (tcprsk) {
> - u8 aolen = maclen + sizeof(struct tcp_ao_hdr);
> -
> - *ptr++ = htonl((TCPOPT_AO << 24) | (aolen << 16) |
> - (tcprsk->ao_keyid << 8) |
> - (tcprsk->ao_rcv_next));
> - } else {
> - struct tcp_ao_key *rnext_key;
> - struct tcp_ao_info *ao_info;
> -
> - ao_info = rcu_dereference_check(tp->ao_info,
> - lockdep_sock_is_held(&tp->inet_conn.icsk_inet.sk));
> - rnext_key = READ_ONCE(ao_info->rnext_key);
> - if (WARN_ON_ONCE(!rnext_key))
> - goto out_ao;
> - *ptr++ = htonl((TCPOPT_AO << 24) |
> - (tcp_ao_len(key->ao_key) << 16) |
> - (key->ao_key->sndid << 8) |
> - (rnext_key->rcvid));
> - }
> - opts->hash_location = (__u8 *)ptr;
> - ptr += maclen / sizeof(*ptr);
> - if (unlikely(maclen % sizeof(*ptr))) {
> - memset(ptr, TCPOPT_NOP, sizeof(*ptr));
> - ptr++;
> - }
> -out_ao:
> -#endif
> + process_tcp_ao_options(tp, tcprsk, opts, key, &ptr);
ptr = process_tcp_ao_options(tp, tcprsk, opts, key, ptr);
> }
> if (unlikely(opts->mss)) {
> *ptr++ = htonl((TCPOPT_MSS << 24) |
>
> ---
> base-commit: c1ed833e0b3b7b9edc82b97b73b2a8a10ceab241
> change-id: 20231031-tcp-ao-fix-label-in-compound-statement-warning-ebd6c9978498
>
> Best regards,
> --
> Nathan Chancellor <nathan@...nel.org>
>
Powered by blists - more mailing lists