From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
To: "Gustavo A. R. Silva" <gustavoars@kernel.org>,
Adaptec OEM Raid Solutions <aacraid@microsemi.com>,
"James E.J. Bottomley" <jejb@linux.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org,
Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
Date: Mon, 3 May 2021 19:19:25 -0500 [thread overview]
Message-ID: <d26823dd-5248-4965-cc30-f9e6294536ee@embeddedor.com> (raw)
In-Reply-To: <20210421185611.GA105224@embeddedor>
Hi Martin,
Friendly ping: could you take this patch, please? :)
Thanks!
--
Gustavo
On 4/21/21 13:56, Gustavo A. R. Silva wrote:
> There is a regular need in the kernel to provide a way to declare having
> a dynamically sized set of trailing elements in a structure. Kernel code
> should always use “flexible array members”[1] for these cases. The older
> style of one-element or zero-length arrays should no longer be used[2].
>
> Refactor the code according to the use of a flexible-array member in
> struct aac_raw_io2 instead of one-element array, and use the
> struct_size() helper.
>
> Also, this helps with the ongoing efforts to enable -Warray-bounds by
> fixing the following warnings:
>
> drivers/scsi/aacraid/aachba.c: In function ‘aac_build_sgraw2’:
> drivers/scsi/aacraid/aachba.c:3970:18: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 3970 | if (rio2->sge[j].length % (i*PAGE_SIZE)) {
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:3974:27: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 3974 | nseg_new += (rio2->sge[j].length / (i*PAGE_SIZE));
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4011:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 4011 | for (j = 0; j < rio2->sge[i].length / (pages * PAGE_SIZE); ++j) {
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4012:24: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 4012 | addr_low = rio2->sge[i].addrLow + j * pages * PAGE_SIZE;
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4014:33: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 4014 | sge[pos].addrHigh = rio2->sge[i].addrHigh;
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4015:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 4015 | if (addr_low < rio2->sge[i].addrLow)
> | ~~~~~~~~~^~~
>
> [1] https://en.wikipedia.org/wiki/Flexible_array_member
> [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays
>
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/109
> Build-tested-by: kernel test robot <lkp@intel.com>
> Link: https://lore.kernel.org/lkml/60414244.ur4%2FkI+fBF1ohKZs%25lkp@intel.com/
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
> Changes in v3:
> - Use (nseg_new-1)*sizeof(struct sge_ieee1212) to calculate
> size in call to memcpy() in order to avoid any confusion.
>
> Changes in v2:
> - Add code comment for clarification.
>
> drivers/scsi/aacraid/aachba.c | 10 +++++-----
> drivers/scsi/aacraid/aacraid.h | 2 +-
> 2 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
> index f1f62b5da8b7..46b8dffce2dd 100644
> --- a/drivers/scsi/aacraid/aachba.c
> +++ b/drivers/scsi/aacraid/aachba.c
> @@ -1235,8 +1235,8 @@ static int aac_read_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u3
> if (ret < 0)
> return ret;
> command = ContainerRawIo2;
> - fibsize = sizeof(struct aac_raw_io2) +
> - ((le32_to_cpu(readcmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
> + fibsize = struct_size(readcmd2, sge,
> + le32_to_cpu(readcmd2->sgeCnt));
> } else {
> struct aac_raw_io *readcmd;
> readcmd = (struct aac_raw_io *) fib_data(fib);
> @@ -1366,8 +1366,8 @@ static int aac_write_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u
> if (ret < 0)
> return ret;
> command = ContainerRawIo2;
> - fibsize = sizeof(struct aac_raw_io2) +
> - ((le32_to_cpu(writecmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
> + fibsize = struct_size(writecmd2, sge,
> + le32_to_cpu(writecmd2->sgeCnt));
> } else {
> struct aac_raw_io *writecmd;
> writecmd = (struct aac_raw_io *) fib_data(fib);
> @@ -3998,7 +3998,7 @@ static int aac_convert_sgraw2(struct aac_raw_io2 *rio2, int pages, int nseg, int
> if (aac_convert_sgl == 0)
> return 0;
>
> - sge = kmalloc_array(nseg_new, sizeof(struct sge_ieee1212), GFP_ATOMIC);
> + sge = kmalloc_array(nseg_new, sizeof(*sge), GFP_ATOMIC);
> if (sge == NULL)
> return -ENOMEM;
>
> diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h
> index e3e4ecbea726..3733df77bc65 100644
> --- a/drivers/scsi/aacraid/aacraid.h
> +++ b/drivers/scsi/aacraid/aacraid.h
> @@ -1929,7 +1929,7 @@ struct aac_raw_io2 {
> u8 bpComplete; /* reserved for F/W use */
> u8 sgeFirstIndex; /* reserved for F/W use */
> u8 unused[4];
> - struct sge_ieee1212 sge[1];
> + struct sge_ieee1212 sge[];
> };
>
> #define CT_FLUSH_CACHE 129
>
next prev parent reply other threads:[~2021-05-04 0:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-21 18:56 [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member Gustavo A. R. Silva
2021-04-22 3:03 ` Martin K. Petersen
2021-04-22 3:20 ` Kees Cook
2021-04-22 3:34 ` Martin K. Petersen
2021-05-04 0:19 ` Gustavo A. R. Silva [this message]
2021-05-04 2:56 ` Martin K. Petersen
2021-05-04 3:06 ` Gustavo A. R. Silva
2021-05-11 3:25 ` Martin K. Petersen
2021-05-11 3:30 ` Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d26823dd-5248-4965-cc30-f9e6294536ee@embeddedor.com \
--to=gustavo@embeddedor.com \
--cc=aacraid@microsemi.com \
--cc=gustavoars@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.