OpenAFS Master Repository branch, openafs-stable-1_8_x, updated. openafs-stable-1_8_10-46-gfd52754
Gerrit Code Review
gerrit@openafs.org
Sat, 6 Jan 2024 14:53:59 -0500
The following commit has been merged in the openafs-stable-1_8_x branch:
commit fd527549c2d2b29a955f8c0427ac67c5d49ef38c
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Fri Sep 15 15:01:56 2023 -0400
dir: Introduce struct DirEntryFlex
The directory package as implemented in AFS-2 allocates space for each
directory entry as a DirEntry struct followed by 0-8 contiguous
DirXEntry structs, as needed. This is implemented by:
- afs_dir_NameBlobs calculates the number of blocks needed
- FindBlobs allocates and returns index of entry
- afs_dir_GetBlob returns pointer to 1st DirEntry struct
After this, we populate DirEntry (and any contiguous DirXEntry blocks)
with open code. Most existing code writes the entry's name via a string
copy operation to DirEntry->name, which is only 16 bytes long.
Therefore, for dir entry names that are 16 bytes or longer, OpenAFS
routinely does string copies that look like buffer overruns. This has
not previously caused problems because the OpenAFS code has arranged for
a sufficiently large amount of contiguous memory to be available.
However, this remains undefined behavior in the C abstract virtual
machine; thus compilers are not required to produce safe operation.
Recent changes in the OpenAFS build chain have made this approach no
longer viable:
1) Linux 6.5 commit df8fc4e934c12b 'kbuild: Enable
-fstrict-flex-arrays=3' modified the hardening of several kernel
string operations when running with CONFIG_FORTIFY_SOURCE=y.
2) gcc 13 commit 79a89108dd352cd9288f5de35481b1280c7588a5
'__builtin_dynamic_object_size: Recognize builtin' provides some
enhancements to _builtin_object_size. The Linux commit above will now
use these when the kernel is built with gcc 13.
When OpenAFS is built under Linux 6.5 or higher and gcc 13 or higher,
the hardened strlcpy will BUG for directory entry names longer than 16
characters.
Since there are multiple places where OpenAFS writes directory names,
there are several symptoms that may manifest. However, the first one is
usually a kernel BUG at cache manager initialization if running with
afsd -dynroot _and_ there are any cell names 15 characters or longer in
the client CellServDB. (A 15-character cellname reaches the 16
character limit when -dyrnoot adds the RW mountpoint ".<cellname>".)
Address this by using flexible arrays (standardized with C99). A
flexible array is a variable-length array that is declared with no size
at all, e.g., name[].
Create an autoconf test to determine whether the compiler supports
flexible arrays.
Create a new struct DirEntryFlex. If the compiler supports
flexible arrays, define name[]; otherwise retain the name[16]
definition.
Whenever we write a directory name, use DirEntryFlex so that any
hardening will be satisfied that there is sufficient space for the name.
However, the actual guarantee that this is true is still provided by the
OpenAFS directory routines mentioned above - all of these remain
unchanged.
The DirEntry struct remains unchanged for continued use in OpenAFS, as
well as for any out-of-tree users of the directory package.
Reviewed-on: https://gerrit.openafs.org/15573
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
(cherry picked from commit e2ec16cf941b0aadfbd54fc2f52edd58b62e232d)
Change-Id: Ibf6d3549ba1e941c957e98ef4875152d865c9358
Reviewed-on: https://gerrit.openafs.org/15599
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
acinclude.m4 | 1 +
src/afs/LINUX/osi_vnodeops.c | 4 ++--
src/afs/afs_dynroot.c | 4 ++--
src/cf/c-flexible-array.m4 | 16 ++++++++++++++++
src/dir/dir.c | 4 ++--
src/dir/dir.h | 26 ++++++++++++++++++++++++++
6 files changed, 49 insertions(+), 6 deletions(-)
--
OpenAFS Master Repository