Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

zfs-2.1.4-78_g090bda59e (branch zfs-2.1.5-staging) kernel 5.18 dkms build error on RHEL 8.6 (Rocky Linux) #13528

Closed
edefaria opened this issue May 31, 2022 · 6 comments
Labels
Type: Building Indicates an issue related to building binaries Type: Defect Incorrect behavior (e.g. crash, hang)

Comments

@edefaria
Copy link

System information

Type Version/Name
Distribution Name RHEL (Rocky Linux)
Distribution Version 8.6
Kernel Version 5.18.0-1.el8.elrepo.x86_64
Architecture x86_64
OpenZFS Version zfs-2.1.4-78_g090bda59e

Describe the problem you're observing

Building zfs with elrepo kernel-ml 5.18 failed on dkms build, no issue building kernel-ml 5.17.

Describe how to reproduce the problem

Install RHEL 8.6, download elrepo kernel-ml and clone/build zfs-2.1.5-staging with default behaviour:
$ ./autogen.sh
$ ./configure
$ make rpm
dkms failed to build on both kernel-ml 5.18.0-1.el8.elrepo.x86_64 and 5.18.1-1.el8.elrepo.x86_64.

Include any warning/errors/backtraces from the system logs

https://gist.github.com/edefaria/f4d4f960ea277b1bdb57bfdf2dcd3a87

@edefaria edefaria added the Type: Defect Incorrect behavior (e.g. crash, hang) label May 31, 2022
@behlendorf behlendorf added the Type: Building Indicates an issue related to building binaries label May 31, 2022
@tonyhutter
Copy link
Contributor

tonyhutter commented May 31, 2022

For quick reference, here's one of the errors:

    CC [M]  /var/lib/dkms/zfs/2.1.4/build/module/zfs/dsl_prop.o
In file included from ./include/linux/string.h:253,
                 from ./include/linux/bitmap.h:11,
                 from ./include/linux/cpumask.h:12,
                 from ./arch/x86/include/asm/cpumask.h:5,
                 from ./arch/x86/include/asm/msr.h:11,
                 from ./arch/x86/include/asm/processor.h:22,
                 from ./arch/x86/include/asm/timex.h:5,
                 from ./include/linux/timex.h:67,
                 from ./include/linux/time32.h:13,
                 from ./include/linux/time.h:60,
                 from ./include/linux/stat.h:19,
                 from ./include/linux/module.h:13,
                 from /var/lib/dkms/zfs/2.1.4/build/include/os/linux/spl/sys/atomic.h:27,
                 from /var/lib/dkms/zfs/2.1.4/build/include/sys/zfs_context.h:46,
                 from /var/lib/dkms/zfs/2.1.4/build/module/zfs/dsl_bookmark.c:22:
In function 'fortify_memset_chk',
    inlined from 'dsl_bookmark_set_phys' at /var/lib/dkms/zfs/2.1.4/build/module/zfs/dsl_bookmark.c:384:3:
./include/linux/fortify-string.h:242:4: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror]
    __write_overflow_field(p_size_field, size);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  CC [M]  /var/lib/dkms/zfs/2.1.4/build/module/zfs/dsl_scan.o
  CC [M]  /var/lib/dkms/zfs/2.1.4/build/module/zfs/dsl_synctask.o
  CC [M]  /var/lib/dkms/zfs/2.1.4/build/module/zfs/dsl_userhold.o

I'm guessing you're hitting this since you're building with fortify source? Here's the code in question:

       } else {
              bzero(&zbm->zbm_flags,
                  sizeof (zfs_bookmark_phys_t) -
                  offsetof(zfs_bookmark_phys_t, zbm_flags));
       }
...


/*
 * On disk zap object.
 */
typedef struct zfs_bookmark_phys {
       uint64_t zbm_guid;          /* guid of bookmarked dataset */
       uint64_t zbm_creation_txg;  /* birth transaction group */
       uint64_t zbm_creation_time; /* bookmark creation time */

       /* fields used for redacted send / recv */
       uint64_t zbm_redaction_obj; /* redaction list object */
       uint64_t zbm_flags;         /* ZBM_FLAG_* */

       /* fields used for bookmark written size */
       uint64_t zbm_referenced_bytes_refd;
       uint64_t zbm_compressed_bytes_refd;
       uint64_t zbm_uncompressed_bytes_refd;
       uint64_t zbm_referenced_freed_before_next_snap;
       uint64_t zbm_compressed_freed_before_next_snap;
       uint64_t zbm_uncompressed_freed_before_next_snap;

       /* fields used for raw sends */
       uint64_t zbm_ivset_guid;
} zfs_bookmark_phys_t;

The bzero is correct - it's zeroing out zbm_flags and everything after it. I get that the compiler would flag it though - it's worried we're unintentionally trying to overwrite past the end of a field.

@behlendorf
Copy link
Contributor

This appears to be the result of this change which was merged for the 5.18 kernel. Seems like the approved way to address these false positives is to use the new struct_group() macro.

@rhalualani
Copy link

I am currently running kernel 5.18.5-1.el8.elrepo.x86_64 for both Oracle8 and CentOS8
and also CentOS9 5.14.0-109.el9.x86_64
with zfs-2.1.99-1 which I got running "git clone /~https://github.com/zfsonlinux/zfs.git"
To get dkms to build for el8 (el9 was not an issue) I modified 4 files.
edonr.c dsl_bookmark.h dsl_bookmark.c and zfs_log.c
These were all warnings treated as errors.
In edonr.c at line 494 changed
memcpy(hashState224(state)->DoublePipe, i512p2,
to memcpy(hashState512(state)->DoublePipe, i512p2,

In dsl_bookmark.h added struct_group, ie. changed

typedef struct zfs_bookmark_phys {
uint64_t zbm_guid; /* guid of bookmarked dataset /
uint64_t zbm_creation_txg; /
birth transaction group /
uint64_t zbm_creation_time; /
bookmark creation time */

/* fields used for redacted send / recv */
uint64_t zbm_redaction_obj; /* redaction list object */
uint64_t zbm_flags;     /* ZBM_FLAG_* */

/* fields used for bookmark written size */
uint64_t zbm_referenced_bytes_refd;
uint64_t zbm_compressed_bytes_refd;
uint64_t zbm_uncompressed_bytes_refd;
uint64_t zbm_referenced_freed_before_next_snap;
uint64_t zbm_compressed_freed_before_next_snap;
uint64_t zbm_uncompressed_freed_before_next_snap;

/* fields used for raw sends */
uint64_t zbm_ivset_guid;

} zfs_bookmark_phys_t;

TO:
typedef struct zfs_bookmark_phys {
uint64_t zbm_guid; /* guid of bookmarked dataset /
uint64_t zbm_creation_txg; /
birth transaction group /
uint64_t zbm_creation_time; /
bookmark creation time */

/* fields used for redacted send / recv */
uint64_t zbm_redaction_obj; /* redaction list object */
struct_group(zbm_group,
uint64_t zbm_flags;     /* ZBM_FLAG_* */

/* fields used for bookmark written size */
uint64_t zbm_referenced_bytes_refd;
uint64_t zbm_compressed_bytes_refd;
uint64_t zbm_uncompressed_bytes_refd;
uint64_t zbm_referenced_freed_before_next_snap;
uint64_t zbm_compressed_freed_before_next_snap;
uint64_t zbm_uncompressed_freed_before_next_snap;

/* fields used for raw sends */
uint64_t zbm_ivset_guid;
); /* end zbm_group group */

} zfs_bookmark_phys_t;

Then in dsl_bookmark.c Changed:
memset(&zbm->zbm_flags, 0,
sizeof (zfs_bookmark_phys_t) -
offsetof(zfs_bookmark_phys_t, zbm_flags));
TO:
memset(&zbm->zbm_group, 0,
sizeof (zbm->zbm_group) );

Finally in zfs_log.c (A little dicey) Changed:
memset(crtime, 0, 2 * sizeof (uint64_t));
scanstamp = (caddr_t)(crtime + 2);
TO:
memset(&crtime[0], 0, 2 * sizeof (uint64_t));
scanstamp = (caddr_t)(&crtime[2]);

Seems to be working fine for both el8 and el9.

@akrherz
Copy link

akrherz commented Jun 23, 2022

Attempting dkms build of zfs 2.1.5 on 5.18.6-1.el8.elrepo.x86_64 and I get similar warnings / build failures

In file included from ./include/linux/string.h:253,
                 from ./include/linux/bitmap.h:11,
                 from ./include/linux/cpumask.h:12,
                 from ./arch/x86/include/asm/cpumask.h:5,
                 from ./arch/x86/include/asm/msr.h:11,
                 from ./arch/x86/include/asm/processor.h:22,
                 from ./arch/x86/include/asm/timex.h:5,
                 from ./include/linux/timex.h:67,
                 from ./include/linux/time32.h:13,
                 from ./include/linux/time.h:60,
                 from ./include/linux/stat.h:19,
                 from ./include/linux/module.h:13,
                 from /var/lib/dkms/zfs/2.1.5/build/include/os/linux/spl/sys/atomic.h:27,
                 from /var/lib/dkms/zfs/2.1.5/build/include/sys/zfs_context.h:46,
                 from /var/lib/dkms/zfs/2.1.5/build/module/zfs/dsl_bookmark.c:22:
In function ‘fortify_memset_chk’,
    inlined from ‘dsl_bookmark_set_phys’ at /var/lib/dkms/zfs/2.1.5/build/module/zfs/dsl_bookmark.c:384:3:
./include/linux/fortify-string.h:242:4: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror]
    __write_overflow_field(p_size_field, size);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
...
In file included from ./include/linux/string.h:253,
                 from /var/lib/dkms/zfs/2.1.5/build/include/os/linux/spl/sys/strings.h:24,
                 from /var/lib/dkms/zfs/2.1.5/build/module/icp/algs/edonr/edonr.c:32:
In function ‘fortify_memcpy_chk’,
    inlined from ‘EdonRInit’ at /var/lib/dkms/zfs/2.1.5/build/module/icp/algs/edonr/edonr.c:491:3:
./include/linux/fortify-string.h:328:4: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror]
    __write_overflow_field(p_size_field, size);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

@rhalualani
Copy link

Same Here for kernel 5.18.6-1.el8.elrepo.x86_64 building zfs-2.1.5-1
Had to make some changes to build.
in edonr.c line 491
change:
bcopy(i512p2, hashState224(state)->DoublePipe,
To:
bcopy(i512p2, hashState512(state)->DoublePipe,

in dsl_bookmark.c line 384
change:
bzero(&zbm->zbm_flags,
sizeof (zfs_bookmark_phys_t) -
offsetof(zfs_bookmark_phys_t, zbm_flags));
To:
zbm->zbm_flags = 0;
zbm->zbm_referenced_bytes_refd = 0;
zbm->zbm_compressed_bytes_refd = 0;
zbm->zbm_uncompressed_bytes_refd = 0;
zbm->zbm_referenced_freed_before_next_snap = 0;
zbm->zbm_compressed_freed_before_next_snap = 0;
zbm->zbm_uncompressed_freed_before_next_snap = 0;
zbm->zbm_ivset_guid = 0;
in zfs_log.c line 115
change:
void *scanstamp;
To:
uint64_t *scanstamp;
uint8_t *scans;
line 131 change:
bzero(crtime, 2 * sizeof (uint64_t));
scanstamp = (caddr_t)(crtime + 2);
bzero(scanstamp, AV_SCANSTAMP_SZ);
To:
crtime[0] = 0;
crtime[1] = 0;
scanstamp = crtime + 2;
for (i = 0; i != 4; i++, scanstamp++) {
*scanstamp = 0;
}
line 172 change:
bcopy(xoap->xoa_av_scanstamp, scanstamp, AV_SCANSTAMP_SZ);
To:
scans = (uint8_t *)scanstamp;
for (i = 0; i != AV_SCANSTAMP_SZ; i++, scans++) {
*scans = xoap->xoa_av_scanstamp[i];
}
line 178 change:
bcopy(&xoap->xoa_projid, scanstamp, sizeof (uint64_t));
To:
*scanstamp = xoap->xoa_projid;

This now built fine for kernel 5.18.6-1.el8.elrepo.x86_64
and also for kernel CentOS9 5.14.0-115.el9.x86_64
and they both appear to be working fine.

@behlendorf
Copy link
Contributor

A proposed set of changes for this issue can be found in PR #13575.

behlendorf added a commit that referenced this issue Jun 27, 2022
Restructure the code in zfs_log_xvattr() to use a lr_attr_end
structure when accessing lr_attr_t elements located after the
variable sized array.  This makes the code more understandable
and resolves the accessing beyond the end of the field warnings.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #13528
Closes #13575
behlendorf added a commit that referenced this issue Jun 27, 2022
The wrong union memory was being accessed in EdonRInit resulting in
a write beyond size of field compiler warning.  Reference the correct
member to resolve the warning.  The warning was correct and this in
case the mistake was harmless.

    In function ‘fortify_memcpy_chk’,
    inlined from ‘EdonRInit’ at zfs/module/icp/algs/edonr/edonr.c:494:3:
    ./include/linux/fortify-string.h:344:25: error: call to
    ‘__write_overflow_field’ declared with attribute warning:
    detected write beyond size of field (1st parameter);
    maybe use struct_group()? [-Werror=attribute-warning]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #13528
Closes #13575
behlendorf added a commit that referenced this issue Jun 27, 2022
The memcpy(), memmove(), and memset() functions have been annotated
to perform bounds checking when using FORTIFY_SOURCE.  A warning is
now generted when writing beyond the end of the specified field.

Alternately, the new struct_group() macro could be used to create
an anonymous union member for use by memcpy().  However, since this
is the only place the macro would be helpful it's preferable to
restructure the code slights to avoid the need for additional
compatibility code when the macro does not exist.

https://lore.kernel.org/lkml/20211118183807.1283332-1-keescook@chromium.org/T/

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #13528
Closes #13575
behlendorf added a commit that referenced this issue Jun 27, 2022
Move the use of the private pointer after it is freed.  It's only
used as a tag so a dereference would never occur, but there's no
harm in inverting the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_issue_final_prefetch_done':
    module/zfs/dbuf.c:3204:17: error:
    pointer 'private' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #13528
Closes #13575
behlendorf added a commit that referenced this issue Jun 27, 2022
Move the use of the db pointer after it is freed.  It's only used as
a tag so a dereference would never occur, but there's no reason we
can't invert the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_destroy':
    module/zfs/dbuf.c:2953:17: error:
    pointer 'db' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #13528
Closes #13575
behlendorf added a commit that referenced this issue Jun 27, 2022
Extend the buffer slightly resolve the warning.

    cmd/zfs/zfs_main.c: In function ‘upgrade_set_callback’:
    cmd/zfs/zfs_main.c:2446:22: error: ‘%llu’ directive output
    may be truncated writing between 1 and 20 bytes into a
    region of size 16 [-Werror=format-truncation=]
    cmd/zfs/zfs_main.c:2445:24: note: ‘snprintf’ output between
    2 and 21 bytes into a destination of size 16

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #13528
Closes #13575
behlendorf added a commit that referenced this issue Jun 27, 2022
Switch to using asprintf() to satisfy the compiler and resolve the
potential format-overflow warning.  Not the conditional before the
sprintf() would have prevented this regardless.

    cmd/zfs/zfs_project.c: In function ‘zfs_project_handle_dir’:
    cmd/zfs/zfs_project.c:241:38: error: ‘/’ directive writing
    1 byte into a region of size between 0 and 4352
    [-Werror=format-overflow=]
    cmd/zfs/zfs_project.c:241:17: note: ‘sprintf’ output between
    2 and 4609 bytes into a destination of size 4352

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #13528
Closes #13575
behlendorf added a commit that referenced this issue Jun 27, 2022
Resolve straight-line speculation warnings reported by objtool
for x86_64 assembly on Linux when CONFIG_SLS is set.  See the
following LWN article for the complete details.

https://lwn.net/Articles/877845/

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #13528
Closes #13575
PetarKirov added a commit to PetarKirov/dotfiles that referenced this issue Jul 3, 2022
… to latest LTS kernel

`zfs.package.latestCompatibleLinuxPackages` was recently bumped to 5.18
[0] in nixpkgs nixos-22.05, however that kernel release includes a
change [1] that causes ZFS to fail to compile [2] [3]. To workaround
this, downgrade the kernel to 5.15, until an OpenZFS release that
includes the bug fix [4] is released.

[0]: NixOS/nixpkgs#178830
[1]: https://patchwork.kernel.org/project/linux-kbuild/patch/20210727205855.411487-35-keescook@chromium.org/
[2]: /~https://github.com/PetarKirov/dotfiles/runs/7166609186?check_suite_focus=true
[3]: openzfs/zfs#13528
[4]: openzfs/zfs@ff7e405
PetarKirov added a commit to PetarKirov/dotfiles that referenced this issue Jul 3, 2022
… to latest LTS kernel

`zfs.package.latestCompatibleLinuxPackages` was recently bumped to 5.18
[0] in nixpkgs nixos-22.05, however that kernel release includes a
change [1] that causes ZFS to fail to compile [2] [3]. To workaround
this, downgrade the kernel to 5.15, until an OpenZFS release that
includes the bug fix [4] is released.

[0]: NixOS/nixpkgs#178830
[1]: https://patchwork.kernel.org/project/linux-kbuild/patch/20210727205855.411487-35-keescook@chromium.org/
[2]: /~https://github.com/PetarKirov/dotfiles/runs/7166609186?check_suite_focus=true
[3]: openzfs/zfs#13528
[4]: openzfs/zfs@ff7e405
PetarKirov added a commit to PetarKirov/dotfiles that referenced this issue Jul 3, 2022
… to latest LTS kernel

`zfs.package.latestCompatibleLinuxPackages` was recently bumped to 5.18
[0] in nixpkgs nixos-22.05, however that kernel release includes a
change [1] that causes ZFS to fail to compile [2] [3]. To workaround
this, downgrade the kernel to 5.15, until an OpenZFS release that
includes the bug fix [4] is released.

[0]: NixOS/nixpkgs#178830
[1]: https://patchwork.kernel.org/project/linux-kbuild/patch/20210727205855.411487-35-keescook@chromium.org/
[2]: /~https://github.com/PetarKirov/dotfiles/runs/7166609186?check_suite_focus=true
[3]: openzfs/zfs#13528
[4]: openzfs/zfs@ff7e405
behlendorf added a commit to behlendorf/zfs that referenced this issue Jul 22, 2022
This code should be kept inline with the upstream lua version as much
as possible.  Therefore, we simply want to silence the warning.  This
check was enabled by default as part of -Wall in gcc 12.1.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
behlendorf added a commit to behlendorf/zfs that referenced this issue Jul 22, 2022
Restructure the code in zfs_log_xvattr() to use a lr_attr_end
structure when accessing lr_attr_t elements located after the
variable sized array.  This makes the code more understandable
and resolves the accessing beyond the end of the field warnings.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
behlendorf added a commit to behlendorf/zfs that referenced this issue Jul 22, 2022
The wrong union memory was being accessed in EdonRInit resulting in
a write beyond size of field compiler warning.  Reference the correct
member to resolve the warning.  The warning was correct and this in
case the mistake was harmless.

    In function ‘fortify_memcpy_chk’,
    inlined from ‘EdonRInit’ at zfs/module/icp/algs/edonr/edonr.c:494:3:
    ./include/linux/fortify-string.h:344:25: error: call to
    ‘__write_overflow_field’ declared with attribute warning:
    detected write beyond size of field (1st parameter);
    maybe use struct_group()? [-Werror=attribute-warning]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
behlendorf added a commit to behlendorf/zfs that referenced this issue Jul 22, 2022
The memcpy(), memmove(), and memset() functions have been annotated
to perform bounds checking when using FORTIFY_SOURCE.  A warning is
now generted when writing beyond the end of the specified field.

Alternately, the new struct_group() macro could be used to create
an anonymous union member for use by memcpy().  However, since this
is the only place the macro would be helpful it's preferable to
restructure the code slights to avoid the need for additional
compatibility code when the macro does not exist.

https://lore.kernel.org/lkml/20211118183807.1283332-1-keescook@chromium.org/T/

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
behlendorf added a commit to behlendorf/zfs that referenced this issue Jul 22, 2022
Move the use of the private pointer after it is freed.  It's only
used as a tag so a dereference would never occur, but there's no
harm in inverting the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_issue_final_prefetch_done':
    module/zfs/dbuf.c:3204:17: error:
    pointer 'private' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
behlendorf added a commit to behlendorf/zfs that referenced this issue Jul 22, 2022
Move the use of the db pointer after it is freed.  It's only used as
a tag so a dereference would never occur, but there's no reason we
can't invert the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_destroy':
    module/zfs/dbuf.c:2953:17: error:
    pointer 'db' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
behlendorf added a commit to behlendorf/zfs that referenced this issue Jul 22, 2022
Extend the buffer slightly resolve the warning.

    cmd/zfs/zfs_main.c: In function ‘upgrade_set_callback’:
    cmd/zfs/zfs_main.c:2446:22: error: ‘%llu’ directive output
    may be truncated writing between 1 and 20 bytes into a
    region of size 16 [-Werror=format-truncation=]
    cmd/zfs/zfs_main.c:2445:24: note: ‘snprintf’ output between
    2 and 21 bytes into a destination of size 16

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
The wrong union memory was being accessed in EdonRInit resulting in
a write beyond size of field compiler warning.  Reference the correct
member to resolve the warning.  The warning was correct and this in
case the mistake was harmless.

    In function ‘fortify_memcpy_chk’,
    inlined from ‘EdonRInit’ at zfs/module/icp/algs/edonr/edonr.c:494:3:
    ./include/linux/fortify-string.h:344:25: error: call to
    ‘__write_overflow_field’ declared with attribute warning:
    detected write beyond size of field (1st parameter);
    maybe use struct_group()? [-Werror=attribute-warning]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
The memcpy(), memmove(), and memset() functions have been annotated
to perform bounds checking when using FORTIFY_SOURCE.  A warning is
now generted when writing beyond the end of the specified field.

Alternately, the new struct_group() macro could be used to create
an anonymous union member for use by memcpy().  However, since this
is the only place the macro would be helpful it's preferable to
restructure the code slights to avoid the need for additional
compatibility code when the macro does not exist.

https://lore.kernel.org/lkml/20211118183807.1283332-1-keescook@chromium.org/T/

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Move the use of the private pointer after it is freed.  It's only
used as a tag so a dereference would never occur, but there's no
harm in inverting the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_issue_final_prefetch_done':
    module/zfs/dbuf.c:3204:17: error:
    pointer 'private' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Move the use of the db pointer after it is freed.  It's only used as
a tag so a dereference would never occur, but there's no reason we
can't invert the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_destroy':
    module/zfs/dbuf.c:2953:17: error:
    pointer 'db' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Extend the buffer slightly resolve the warning.

    cmd/zfs/zfs_main.c: In function ‘upgrade_set_callback’:
    cmd/zfs/zfs_main.c:2446:22: error: ‘%llu’ directive output
    may be truncated writing between 1 and 20 bytes into a
    region of size 16 [-Werror=format-truncation=]
    cmd/zfs/zfs_main.c:2445:24: note: ‘snprintf’ output between
    2 and 21 bytes into a destination of size 16

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Switch to using asprintf() to satisfy the compiler and resolve the
potential format-overflow warning.  Not the conditional before the
sprintf() would have prevented this regardless.

    cmd/zfs/zfs_project.c: In function ‘zfs_project_handle_dir’:
    cmd/zfs/zfs_project.c:241:38: error: ‘/’ directive writing
    1 byte into a region of size between 0 and 4352
    [-Werror=format-overflow=]
    cmd/zfs/zfs_project.c:241:17: note: ‘sprintf’ output between
    2 and 4609 bytes into a destination of size 4352

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Resolve straight-line speculation warnings reported by objtool
for x86_64 assembly on Linux when CONFIG_SLS is set.  See the
following LWN article for the complete details.

https://lwn.net/Articles/877845/

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
This code should be kept inline with the upstream lua version as much
as possible.  Therefore, we simply want to silence the warning.  This
check was enabled by default as part of -Wall in gcc 12.1.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Restructure the code in zfs_log_xvattr() to use a lr_attr_end
structure when accessing lr_attr_t elements located after the
variable sized array.  This makes the code more understandable
and resolves the accessing beyond the end of the field warnings.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
The wrong union memory was being accessed in EdonRInit resulting in
a write beyond size of field compiler warning.  Reference the correct
member to resolve the warning.  The warning was correct and this in
case the mistake was harmless.

    In function ‘fortify_memcpy_chk’,
    inlined from ‘EdonRInit’ at zfs/module/icp/algs/edonr/edonr.c:494:3:
    ./include/linux/fortify-string.h:344:25: error: call to
    ‘__write_overflow_field’ declared with attribute warning:
    detected write beyond size of field (1st parameter);
    maybe use struct_group()? [-Werror=attribute-warning]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
The memcpy(), memmove(), and memset() functions have been annotated
to perform bounds checking when using FORTIFY_SOURCE.  A warning is
now generted when writing beyond the end of the specified field.

Alternately, the new struct_group() macro could be used to create
an anonymous union member for use by memcpy().  However, since this
is the only place the macro would be helpful it's preferable to
restructure the code slights to avoid the need for additional
compatibility code when the macro does not exist.

https://lore.kernel.org/lkml/20211118183807.1283332-1-keescook@chromium.org/T/

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Move the use of the private pointer after it is freed.  It's only
used as a tag so a dereference would never occur, but there's no
harm in inverting the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_issue_final_prefetch_done':
    module/zfs/dbuf.c:3204:17: error:
    pointer 'private' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Move the use of the db pointer after it is freed.  It's only used as
a tag so a dereference would never occur, but there's no reason we
can't invert the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_destroy':
    module/zfs/dbuf.c:2953:17: error:
    pointer 'db' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Extend the buffer slightly resolve the warning.

    cmd/zfs/zfs_main.c: In function ‘upgrade_set_callback’:
    cmd/zfs/zfs_main.c:2446:22: error: ‘%llu’ directive output
    may be truncated writing between 1 and 20 bytes into a
    region of size 16 [-Werror=format-truncation=]
    cmd/zfs/zfs_main.c:2445:24: note: ‘snprintf’ output between
    2 and 21 bytes into a destination of size 16

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Switch to using asprintf() to satisfy the compiler and resolve the
potential format-overflow warning.  Not the conditional before the
sprintf() would have prevented this regardless.

    cmd/zfs/zfs_project.c: In function ‘zfs_project_handle_dir’:
    cmd/zfs/zfs_project.c:241:38: error: ‘/’ directive writing
    1 byte into a region of size between 0 and 4352
    [-Werror=format-overflow=]
    cmd/zfs/zfs_project.c:241:17: note: ‘sprintf’ output between
    2 and 4609 bytes into a destination of size 4352

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Resolve straight-line speculation warnings reported by objtool
for x86_64 assembly on Linux when CONFIG_SLS is set.  See the
following LWN article for the complete details.

https://lwn.net/Articles/877845/

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
This code should be kept inline with the upstream lua version as much
as possible.  Therefore, we simply want to silence the warning.  This
check was enabled by default as part of -Wall in gcc 12.1.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Restructure the code in zfs_log_xvattr() to use a lr_attr_end
structure when accessing lr_attr_t elements located after the
variable sized array.  This makes the code more understandable
and resolves the accessing beyond the end of the field warnings.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
The wrong union memory was being accessed in EdonRInit resulting in
a write beyond size of field compiler warning.  Reference the correct
member to resolve the warning.  The warning was correct and this in
case the mistake was harmless.

    In function ‘fortify_memcpy_chk’,
    inlined from ‘EdonRInit’ at zfs/module/icp/algs/edonr/edonr.c:494:3:
    ./include/linux/fortify-string.h:344:25: error: call to
    ‘__write_overflow_field’ declared with attribute warning:
    detected write beyond size of field (1st parameter);
    maybe use struct_group()? [-Werror=attribute-warning]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
The memcpy(), memmove(), and memset() functions have been annotated
to perform bounds checking when using FORTIFY_SOURCE.  A warning is
now generted when writing beyond the end of the specified field.

Alternately, the new struct_group() macro could be used to create
an anonymous union member for use by memcpy().  However, since this
is the only place the macro would be helpful it's preferable to
restructure the code slights to avoid the need for additional
compatibility code when the macro does not exist.

https://lore.kernel.org/lkml/20211118183807.1283332-1-keescook@chromium.org/T/

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Move the use of the private pointer after it is freed.  It's only
used as a tag so a dereference would never occur, but there's no
harm in inverting the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_issue_final_prefetch_done':
    module/zfs/dbuf.c:3204:17: error:
    pointer 'private' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Move the use of the db pointer after it is freed.  It's only used as
a tag so a dereference would never occur, but there's no reason we
can't invert the order to resolve the warning.

    module/zfs/dbuf.c: In function 'dbuf_destroy':
    module/zfs/dbuf.c:2953:17: error:
    pointer 'db' may be used after 'free' [-Werror=use-after-free]

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Extend the buffer slightly resolve the warning.

    cmd/zfs/zfs_main.c: In function ‘upgrade_set_callback’:
    cmd/zfs/zfs_main.c:2446:22: error: ‘%llu’ directive output
    may be truncated writing between 1 and 20 bytes into a
    region of size 16 [-Werror=format-truncation=]
    cmd/zfs/zfs_main.c:2445:24: note: ‘snprintf’ output between
    2 and 21 bytes into a destination of size 16

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Switch to using asprintf() to satisfy the compiler and resolve the
potential format-overflow warning.  Not the conditional before the
sprintf() would have prevented this regardless.

    cmd/zfs/zfs_project.c: In function ‘zfs_project_handle_dir’:
    cmd/zfs/zfs_project.c:241:38: error: ‘/’ directive writing
    1 byte into a region of size between 0 and 4352
    [-Werror=format-overflow=]
    cmd/zfs/zfs_project.c:241:17: note: ‘sprintf’ output between
    2 and 4609 bytes into a destination of size 4352

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
andrewc12 pushed a commit to andrewc12/openzfs that referenced this issue Sep 23, 2022
Resolve straight-line speculation warnings reported by objtool
for x86_64 assembly on Linux when CONFIG_SLS is set.  See the
following LWN article for the complete details.

https://lwn.net/Articles/877845/

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
geoffamey pushed a commit to BlueArchive/storage-zfs-wasabi that referenced this issue Jul 31, 2023
Switch to using asprintf() to satisfy the compiler and resolve the
potential format-overflow warning.  Not the conditional before the
sprintf() would have prevented this regardless.

    cmd/zfs/zfs_project.c: In function ‘zfs_project_handle_dir’:
    cmd/zfs/zfs_project.c:241:38: error: ‘/’ directive writing
    1 byte into a region of size between 0 and 4352
    [-Werror=format-overflow=]
    cmd/zfs/zfs_project.c:241:17: note: ‘sprintf’ output between
    2 and 4609 bytes into a destination of size 4352

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
(cherry picked from commit 8e15c80f90f3c80a4026c1f9ed248b4ea8ae41d0)
geoffamey pushed a commit to BlueArchive/storage-zfs-wasabi that referenced this issue Jul 31, 2023
Extend the buffer slightly resolve the warning.

    cmd/zfs/zfs_main.c: In function ‘upgrade_set_callback’:
    cmd/zfs/zfs_main.c:2446:22: error: ‘%llu’ directive output
    may be truncated writing between 1 and 20 bytes into a
    region of size 16 [-Werror=format-truncation=]
    cmd/zfs/zfs_main.c:2445:24: note: ‘snprintf’ output between
    2 and 21 bytes into a destination of size 16

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
(cherry picked from commit 4a8ce916f9a1836db34b8c0c7d878adaae5bcf5a)
geoffamey pushed a commit to BlueArchive/storage-zfs-wasabi that referenced this issue Jul 31, 2023
This code should be kept inline with the upstream lua version as much
as possible.  Therefore, we simply want to silence the warning.  This
check was enabled by default as part of -Wall in gcc 12.1.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
(cherry picked from commit 4d0c1f14e77cf83d06de7c730de7f93f8a85c2eb)
lluchs pushed a commit to lluchs/zfs that referenced this issue Sep 14, 2023
This code should be kept inline with the upstream lua version as much
as possible.  Therefore, we simply want to silence the warning.  This
check was enabled by default as part of -Wall in gcc 12.1.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#13528
Closes openzfs#13575
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: Building Indicates an issue related to building binaries Type: Defect Incorrect behavior (e.g. crash, hang)
Projects
None yet
Development

No branches or pull requests

5 participants