lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a8cc305d-0ab8-4ff7-b11a-94f51f33ec92@arista.com>
Date: Mon, 6 Nov 2023 21:26:48 +0000
From: Dmitry Safonov <dima@...sta.com>
To: Nathan Chancellor <nathan@...nel.org>
Cc: ndesaulniers@...gle.com, trix@...hat.com, noureddine@...sta.com,
 hch@...radead.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
 llvm@...ts.linux.dev, patches@...ts.linux.dev, edumazet@...gle.com,
 davem@...emloft.net, dsahern@...nel.org, kuba@...nel.org, pabeni@...hat.com
Subject: Re: [PATCH net v3] tcp: Fix -Wc23-extensions in tcp_options_write()

On 11/6/23 21:14, Nathan Chancellor wrote:
> Clang warns (or errors with CONFIG_WERROR=y) when CONFIG_TCP_AO is set:
> 
>   net/ipv4/tcp_output.c:663:2: error: label at end of compound statement is a C23 extension [-Werror,-Wc23-extensions]
>     663 |         }
>         |         ^
>   1 error generated.
> 
> On earlier releases (such as clang-11, the current minimum supported
> version for building the kernel) that do not support C23, this was a
> hard error unconditionally:
> 
>   net/ipv4/tcp_output.c:663:2: error: expected statement
>           }
>           ^
>   1 error generated.
> 
> While adding a semicolon after the label would resolve this, it is more
> in line with the kernel as a whole to refactor this block into a
> standalone function, which means the goto a label construct can just be
> replaced with a return statement. Do so to resolve the warning.
> 
> Closes: https://github.com/ClangBuiltLinux/linux/issues/1953
> Fixes: 1e03d32bea8e ("net/tcp: Add TCP-AO sign to outgoing packets")
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>

Seems like exactly the fix that my git testing tree had, with an
exception to naming the helper tcp_ao_options_write().
But then I found* your patch-v1 and decided not to send an alternative
patch.

Thanks for fixing this,
Reviewed-by: Dmitry Safonov <dima@...sta.com>

*had to fix my Gmail lkml filter to label not only emails with cc/to my
name, but also the raw email address (usually, I got them to/cc "Dmitry
Safonov", but this one didn't have the name and got lost in the lkml pile).

> ---
> Changes in v3:
> - Don't use a pointer to a pointer for ptr parameter to avoid the extra
>   indirection in process_tcp_ao_options(), just return the modified ptr
>   value back to the caller (Eric)
> - Link to v2: https://lore.kernel.org/r/20231106-tcp-ao-fix-label-in-compound-statement-warning-v2-1-91eff6e1648c@kernel.org
> 
> Changes in v2:
> - Break out problematic block into its own function so that goto can be
>   replaced with a simple return, instead of the simple semicolon
>   approach of v1 (Christoph)
> - Link to v1: https://lore.kernel.org/r/20231031-tcp-ao-fix-label-in-compound-statement-warning-v1-1-c9731d115f17@kernel.org
> ---
>  net/ipv4/tcp_output.c | 70 ++++++++++++++++++++++++++++-----------------------
>  1 file changed, 39 insertions(+), 31 deletions(-)
> 
> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
> index 0d8dd5b7e2e5..eb13a55d660c 100644
> --- a/net/ipv4/tcp_output.c
> +++ b/net/ipv4/tcp_output.c
> @@ -601,6 +601,44 @@ static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb,
>  }
>  #endif
>  
> +static __be32 *process_tcp_ao_options(struct tcp_sock *tp,
> +				      const struct tcp_request_sock *tcprsk,
> +				      struct tcp_out_options *opts,
> +				      struct tcp_key *key, __be32 *ptr)
> +{
> +#ifdef CONFIG_TCP_AO
> +	u8 maclen = tcp_ao_maclen(key->ao_key);
> +
> +	if (tcprsk) {
> +		u8 aolen = maclen + sizeof(struct tcp_ao_hdr);
> +
> +		*ptr++ = htonl((TCPOPT_AO << 24) | (aolen << 16) |
> +			       (tcprsk->ao_keyid << 8) |
> +			       (tcprsk->ao_rcv_next));
> +	} else {
> +		struct tcp_ao_key *rnext_key;
> +		struct tcp_ao_info *ao_info;
> +
> +		ao_info = rcu_dereference_check(tp->ao_info,
> +			lockdep_sock_is_held(&tp->inet_conn.icsk_inet.sk));
> +		rnext_key = READ_ONCE(ao_info->rnext_key);
> +		if (WARN_ON_ONCE(!rnext_key))
> +			return ptr;
> +		*ptr++ = htonl((TCPOPT_AO << 24) |
> +			       (tcp_ao_len(key->ao_key) << 16) |
> +			       (key->ao_key->sndid << 8) |
> +			       (rnext_key->rcvid));
> +	}
> +	opts->hash_location = (__u8 *)ptr;
> +	ptr += maclen / sizeof(*ptr);
> +	if (unlikely(maclen % sizeof(*ptr))) {
> +		memset(ptr, TCPOPT_NOP, sizeof(*ptr));
> +		ptr++;
> +	}
> +#endif
> +	return ptr;
> +}
> +
>  /* Write previously computed TCP options to the packet.
>   *
>   * Beware: Something in the Internet is very sensitive to the ordering of
> @@ -629,37 +667,7 @@ static void tcp_options_write(struct tcphdr *th, struct tcp_sock *tp,
>  		opts->hash_location = (__u8 *)ptr;
>  		ptr += 4;
>  	} else if (tcp_key_is_ao(key)) {
> -#ifdef CONFIG_TCP_AO
> -		u8 maclen = tcp_ao_maclen(key->ao_key);
> -
> -		if (tcprsk) {
> -			u8 aolen = maclen + sizeof(struct tcp_ao_hdr);
> -
> -			*ptr++ = htonl((TCPOPT_AO << 24) | (aolen << 16) |
> -				       (tcprsk->ao_keyid << 8) |
> -				       (tcprsk->ao_rcv_next));
> -		} else {
> -			struct tcp_ao_key *rnext_key;
> -			struct tcp_ao_info *ao_info;
> -
> -			ao_info = rcu_dereference_check(tp->ao_info,
> -				lockdep_sock_is_held(&tp->inet_conn.icsk_inet.sk));
> -			rnext_key = READ_ONCE(ao_info->rnext_key);
> -			if (WARN_ON_ONCE(!rnext_key))
> -				goto out_ao;
> -			*ptr++ = htonl((TCPOPT_AO << 24) |
> -				       (tcp_ao_len(key->ao_key) << 16) |
> -				       (key->ao_key->sndid << 8) |
> -				       (rnext_key->rcvid));
> -		}
> -		opts->hash_location = (__u8 *)ptr;
> -		ptr += maclen / sizeof(*ptr);
> -		if (unlikely(maclen % sizeof(*ptr))) {
> -			memset(ptr, TCPOPT_NOP, sizeof(*ptr));
> -			ptr++;
> -		}
> -out_ao:
> -#endif
> +		ptr = process_tcp_ao_options(tp, tcprsk, opts, key, ptr);
>  	}
>  	if (unlikely(opts->mss)) {
>  		*ptr++ = htonl((TCPOPT_MSS << 24) |
> 
> ---
> base-commit: c1ed833e0b3b7b9edc82b97b73b2a8a10ceab241
> change-id: 20231031-tcp-ao-fix-label-in-compound-statement-warning-ebd6c9978498

Thanks,
             Dmitry


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ