[LU-16510] Provide an interim 'good' fortified memcpy from 6.1 Created: 29/Jan/23 Updated: 14/Sep/23 Resolved: 14/Sep/23 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | Lustre 2.16.0, Lustre 2.15.3 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Shaun Tancheff | Assignee: | Patrick Farrell |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||
| Severity: | 3 | ||||
| Rank (Obsolete): | 9223372036854775807 | ||||
| Description |
|
The fortified memcpy() from kernel v5.11-11104-ga28a6e860c6c through v5.18-rc5-1405-g43213daed6d6 incorrectly reports a false positive. 13:54:25 In function 'memcpy', 13:54:25 inlined from 'lov_iocontrol' at /tmp/rpmbuild-lustre-jenkins-4fGYbbr1/BUILD/lustre-2.15.53_116_g5d22f15/lustre/lov/lov_obd.c:1057:4: 13:54:25 include/linux/fortify-string.h:187:25: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter 13:54:25 187 | __read_overflow2(); 13:54:25 | ^~~~~~~~~~~~~~~~~~ |
| Comments |
| Comment by Gerrit Updater [ 29/Jan/23 ] |
|
"Shaun Tancheff <shaun.tancheff@hpe.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/49811 |
| Comment by Gerrit Updater [ 30/Jan/23 ] |
|
"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/49815 |
| Comment by Gerrit Updater [ 08/Feb/23 ] |
|
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/49811/ |
| Comment by Peter Jones [ 08/Feb/23 ] |
|
Landed for 2.16 |
| Comment by Gerrit Updater [ 28/Mar/23 ] |
|
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/49815/ |
| Comment by Patrick Farrell [ 07/Apr/23 ] |
|
adegremont_nvda pointed out this patch is missing a key component. Quoting him: "
+/** + * unsafe_memcpy - memcpy implementation with no FORTIFY bounds checking + * + * @dst: Destination memory address to write to + * @src: Source memory address to read from + * @bytes: How many bytes to write to @dst from @src + * @justification: Free-form text or comment describing why the use is needed + * + * This should be used for corner cases where the compiler cannot do the + * right thing, or during transitions between APIs, etc. It should be used + * very rarely, and includes a place for justification detailing where bounds + * checking has happened, and why existing solutions cannot be employed. + */ +#define unsafe_memcpy(dst, src, bytes, justification) \ + __underlying_memcpy(dst, src, bytes) + " I'll push a patch. |
| Comment by Gerrit Updater [ 07/Apr/23 ] |
|
"Patrick Farrell <pfarrell@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/50573 |
| Comment by Gerrit Updater [ 18/Apr/23 ] |
|
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/50573/ |
| Comment by Gerrit Updater [ 18/Apr/23 ] |
|
"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/50667 |
| Comment by Peter Jones [ 18/Apr/23 ] |
|
Landed for 2.16 |
| Comment by Gerrit Updater [ 29/Apr/23 ] |
|
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/50667/ |
| Comment by Gerrit Updater [ 17/Aug/23 ] |
|
"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/51973 |
| Comment by Gerrit Updater [ 31/Aug/23 ] |
|
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/51973/ |
| Comment by James A Simmons [ 05/Sep/23 ] |
|
Another bug has shown up. This time its the __QCTL_COPY macro in lustre_idl.h that fails to build. |
| Comment by James A Simmons [ 14/Sep/23 ] |
|
I looked into this bug and found the issue is that memcpy that is fortify doesn't work with flexible arrays like QCTL_COPY works with. The infrastructure to support this has landed in the newest kernels; but to support that with every kernel Lustre supports requires way too much back porting. So the solution is not blanket include linux-fortify-string.h since it will break things. Just include it where it is needed. |