From patchwork Wed Nov 6 13:17:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3924 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:3a0b:b0:5b9:581e:f939 with SMTP id v11csp3383000man; Wed, 6 Nov 2024 05:17:33 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVqfXghe5dny/XIJG50izUYu1grboxa/j/PH75YrojXhWVjsN3Bbur30E3mfU1tJWneFoIbHkSTsgs=@openvpn.net X-Google-Smtp-Source: AGHT+IF0dNu0ZOfR53gNSYGasi2RCsrmCceLdKAVPpdU7MMT5X5xU4s63/HKH1iiwPT7a4r06fGU X-Received: by 2002:a05:6830:2b0a:b0:718:162e:7712 with SMTP id 46e09a7af769-7189b4df02bmr19742947a34.14.1730899053129; Wed, 06 Nov 2024 05:17:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1730899053; cv=none; d=google.com; s=arc-20240605; b=NPc/2Fke11evmQy9f5GePLvwzj3JgqC/irsCAAltOHrdSlcBUKoTWI0gZhGzZTZvOs cnLh+UX9oKrBiE3ETuJZKZazKrh70uMNBr8zMFcGjkO7WEArWlm6g9gN6p9GsrMSts06 XhGgRnw1dIEQXhCtETXhkA3YmEWKMOYfsn5W7+DeHiyxl0SsptioBXh8UpQpyYdI+xvq xwsvkNHJDBrdPwGUb367VXsJ4YVlW9NMTeiKZJ4phUR90sSUKL8/dEneIdICbfmOFHax e/4mlVs/hp7JeO8rei0YObIpJxg/kwUvWiq1N/pHRB4Yygwv1kxLCFliWuzZsF5lx0GU A/4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=oeHFBfSoZ0Vu4EkXbD30/ZRJPca6A3kB+CktCztGbzg=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=fTbSp+JWdaWrl2lmeBHCuhnloP8WoZ229yreor6oWAYZnONongewrGWbEpaln2csqE VR17H7eSKnQL6FDa8jyBEEIwzmXMzdUXCn63oK8dauK3oXmEaDVzPQoSP7sRMzXSzLrH 9FpRDrmdfoZr2sgY5KObcoWdgv+yc7+8TgYmhgmaZLbgiG58B3HXdaR8Xl1Dko9n0azv 6K5RpCt6BtfR0a87iloooz+LyrKNAq52X6unfPZ5jhTV1UgX42PtcANFt8G36rEbNR4U szFnVTko9EMvKMHa+Szn0dHk4JGa8+QiIZk3+DymiqVbU+DKg5woWDYC0KIF16vS7FOj ssdQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hkJlcIja; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="DOfF5Q/0"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7189ccd5f81si7927227a34.306.2024.11.06.05.17.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Nov 2024 05:17:32 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hkJlcIja; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="DOfF5Q/0"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1t8fuW-0000oC-1L; Wed, 06 Nov 2024 13:17:24 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1t8fuR-0000o2-6N for openvpn-devel@lists.sourceforge.net; Wed, 06 Nov 2024 13:17:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version :References:In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3yj1Re6CXQgxFTieagnlW/PN/dZ/CmCbUr1MgZS5UFI=; b=hkJlcIjafHXl8E3tFcZO0x9aHm vHA5YtzOE6OacGVb9u9Ds4eL2yTEaif6Sow5T2thh27RFECDLRwV5Epn2eviB8eY7NZRMZRcAUFPc Lw6ilgAfOpW4xHoyj2QwaabH1KUYgk3h5YDeMbw3nzzlusce171S9SrZpXI+gQ1kZ45c=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3yj1Re6CXQgxFTieagnlW/PN/dZ/CmCbUr1MgZS5UFI=; b=DOfF5Q/0IFI7eQUdA0KXl6vJDI YQJTJa1hTPjYJq90nLlbkAS9oiPBBB9JKfuMH+dvNoWUxk1HZHIoNfkLcYAccw0KLjzS00qCcyNPa 1ly6kBsrrgVW/Rcihts/k7dmVxtpUptvmXoPg31v30vxhNouuH2ucgE4YDA4OZu8J91E=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1t8fuP-0007LF-Nv for openvpn-devel@lists.sourceforge.net; Wed, 06 Nov 2024 13:17:19 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 4A6DH5pP011079 for ; Wed, 6 Nov 2024 14:17:05 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 4A6DH5Aq011078 for openvpn-devel@lists.sourceforge.net; Wed, 6 Nov 2024 14:17:05 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 6 Nov 2024 14:17:03 +0100 Message-ID: <20241106131705.11069-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli The NLMSG_TAIL macro is confusing gcc when compiling with -O3, leading to warnings like: networking_sitnl.c:143:9: warning: writing 4 bytes into a region of size 0 [-Wstringop-overflow=] 143 | memcpy(RTA_DATA(rta), data, alen); | ^ networking_sitnl.c:101:21: note: at offset [72, 88] into [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1t8fuP-0007LF-Nv Subject: [Openvpn-devel] [PATCH v5] sitnl: replace NLMSG_TAIL macro with noinline function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1814979205602986204?= X-GMAIL-MSGID: =?utf-8?q?1814979205602986204?= From: Antonio Quartulli The NLMSG_TAIL macro is confusing gcc when compiling with -O3, leading to warnings like: networking_sitnl.c:143:9: warning: writing 4 bytes into a region of size 0 [-Wstringop-overflow=] 143 | memcpy(RTA_DATA(rta), data, alen); | ^ networking_sitnl.c:101:21: note: at offset [72, 88] into destination object ā€˜nā€™ of size 16 101 | struct nlmsghdr n; | ^ Replacing the macro with a function is also not effective because gcc will inline it and get confused again. The only way out is to write a function that never gets inline'd and replace the macro with it. Tested on linux with gcc and clang. Change-Id: I9306a590a10a7d5cba32abe06d269494fec41ba6 Signed-off-by: Antonio Quartulli Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/788 This mail reflects revision 5 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index f53f5ee..6b750e8 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -52,21 +52,34 @@ } \ } -#define NLMSG_TAIL(nmsg) \ - ((struct rtattr *)(((uint8_t *)(nmsg)) + NLMSG_ALIGN((nmsg)->nlmsg_len))) - #define SITNL_NEST(_msg, _max_size, _attr) \ ({ \ - struct rtattr *_nest = NLMSG_TAIL(_msg); \ + struct rtattr *_nest = sitnl_nlmsg_tail(_msg); \ SITNL_ADDATTR(_msg, _max_size, _attr, NULL, 0); \ _nest; \ }) -#define SITNL_NEST_END(_msg, _nest) \ - { \ - _nest->rta_len = (void *)NLMSG_TAIL(_msg) - (void *)_nest; \ +#define SITNL_NEST_END(_msg, _nest) \ + { \ + _nest->rta_len = (void *)sitnl_nlmsg_tail(_msg) - (void *)_nest; \ } +/* This function was originally implemented as a macro, but compiling with + * gcc and -O3 was getting confused about the math and thus raising + * security warnings on subsequent memcpy() calls. + * + * Converting the macro to a function was not enough, because gcc was still + * inlining it and falling in the same math trap. + * + * The only way out to avoid any warning/error is to force the function to + * not be inline'd. + */ +static __attribute__ ((noinline)) void * +sitnl_nlmsg_tail(const struct nlmsghdr *nlh) +{ + return (unsigned char *)nlh + NLMSG_ALIGN(nlh->nlmsg_len); +} + /** * Generic address data structure used to pass addresses and prefixes as * argument to AF family agnostic functions @@ -130,7 +143,7 @@ return -EMSGSIZE; } - rta = NLMSG_TAIL(n); + rta = sitnl_nlmsg_tail(n); rta->rta_type = type; rta->rta_len = len;