On 28 13:50:12, Kees Cook wrote: > On Thu, Sep 26, 2024 at 06:30:15PM -0700, Bill Wendling wrote: > > On Thu, Sep 26, 2024 at 3:18 PM Bill Wendling <[email protected]> wrote: > > > > > > On Thu, Sep 26, 2024 at 12:58 PM Ard Biesheuvel <[email protected]> wrote: > > > > > > > > (cc Kees and Bill) > > > > > > > > On Thu, 26 Sept 2024 at 19:46, Jan Hendrik Farr <[email protected]> wrote: > > > > > > > > > > On 26 19:01:20, Jan Hendrik Farr wrote: > > > > > > On 26 18:09:57, Thorsten Blum wrote: > > > > > > > On 26. Sep 2024, at 17:28, Thorsten Blum > > > > > > > <[email protected]> wrote: > > > > > > > > On 26. Sep 2024, at 17:14, Jan Hendrik Farr <[email protected]> > > > > > > > > wrote: > > [...] > > > > > > > >> [ 6.252375] memchr: detected buffer overflow: 12 byte read > > > > > > > >> of buffer size 0 > > [...] > > > > > > bkey_fsck_err_on(memchr(xattr.v->x_name, '\0', > > > > > > xattr.v->x_name_len), > > > > > > c, xattr_name_invalid_chars, > > > > > > "xattr name has invalid characters"); > > [...] > > The thing going wrong is that __bdos(xattr.v->x_name, 0) is returning 0. > This looks exactly like the bug I minimized here: > https://lore.kernel.org/all/202409170436.C3C6E7F7A@keescook/ > > Since there wasn't an LLVM open bug yet, I've created: > https://github.com/llvm/llvm-project/issues/110385 > > -Kees >
I found a fix for the issue. Fixes both the issue in this thread as well as your reproducer. First thought they might not actually be the same issue, but they indeed are. Haven't tested against the issue Thorsten linked. Havn't run the clang tests on it yet, but it does successfully compile my kernel and fix the issue. I'll open a PR and give more explanation tomorrow, it's getting pretty late over here in CEST. Here's the patch to be applied on top of https://github.com/llvm/llvm-project -- diff --git a/clang/lib/CodeGen/CGExpr.cpp b/clang/lib/CodeGen/CGExpr.cpp index 9166db4c7412..143dd3fcfcf8 100644 --- a/clang/lib/CodeGen/CGExpr.cpp +++ b/clang/lib/CodeGen/CGExpr.cpp @@ -1164,15 +1164,15 @@ llvm::Value *CodeGenFunction::EmitLoadOfCountedByField( Res = EmitDeclRefLValue(DRE).getPointer(*this); Res = Builder.CreateAlignedLoad(ConvertType(DRE->getType()), Res, getPointerAlign(), "dre.load"); - } else if (const MemberExpr *ME = dyn_cast<MemberExpr>(StructBase)) { - LValue LV = EmitMemberExpr(ME); - Address Addr = LV.getAddress(); - Res = Addr.emitRawPointer(*this); } else if (StructBase->getType()->isPointerType()) { LValueBaseInfo BaseInfo; TBAAAccessInfo TBAAInfo; Address Addr = EmitPointerWithAlignment(StructBase, &BaseInfo, &TBAAInfo); Res = Addr.emitRawPointer(*this); + } else if (const MemberExpr *ME = dyn_cast<MemberExpr>(StructBase)) { + LValue LV = EmitMemberExpr(ME); + Address Addr = LV.getAddress(); + Res = Addr.emitRawPointer(*this); } else { return nullptr; }
