* [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
@ 2021-04-21 18:56 Gustavo A. R. Silva
2021-04-22 3:03 ` Martin K. Petersen
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Gustavo A. R. Silva @ 2021-04-21 18:56 UTC (permalink / raw)
To: Adaptec OEM Raid Solutions, James E.J. Bottomley, Martin K. Petersen
Cc: linux-scsi, linux-kernel, Gustavo A. R. Silva, linux-hardening,
Kees Cook
There is a regular need in the kernel to provide a way to declare having
a dynamically sized set of trailing elements in a structure. Kernel code
should always use “flexible array members”[1] for these cases. The older
style of one-element or zero-length arrays should no longer be used[2].
Refactor the code according to the use of a flexible-array member in
struct aac_raw_io2 instead of one-element array, and use the
struct_size() helper.
Also, this helps with the ongoing efforts to enable -Warray-bounds by
fixing the following warnings:
drivers/scsi/aacraid/aachba.c: In function ‘aac_build_sgraw2’:
drivers/scsi/aacraid/aachba.c:3970:18: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
3970 | if (rio2->sge[j].length % (i*PAGE_SIZE)) {
| ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:3974:27: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
3974 | nseg_new += (rio2->sge[j].length / (i*PAGE_SIZE));
| ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:4011:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
4011 | for (j = 0; j < rio2->sge[i].length / (pages * PAGE_SIZE); ++j) {
| ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:4012:24: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
4012 | addr_low = rio2->sge[i].addrLow + j * pages * PAGE_SIZE;
| ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:4014:33: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
4014 | sge[pos].addrHigh = rio2->sge[i].addrHigh;
| ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:4015:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
4015 | if (addr_low < rio2->sge[i].addrLow)
| ~~~~~~~~~^~~
[1] https://en.wikipedia.org/wiki/Flexible_array_member
[2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays
Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Build-tested-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/60414244.ur4%2FkI+fBF1ohKZs%25lkp@intel.com/
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
Changes in v3:
- Use (nseg_new-1)*sizeof(struct sge_ieee1212) to calculate
size in call to memcpy() in order to avoid any confusion.
Changes in v2:
- Add code comment for clarification.
drivers/scsi/aacraid/aachba.c | 10 +++++-----
drivers/scsi/aacraid/aacraid.h | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
index f1f62b5da8b7..46b8dffce2dd 100644
--- a/drivers/scsi/aacraid/aachba.c
+++ b/drivers/scsi/aacraid/aachba.c
@@ -1235,8 +1235,8 @@ static int aac_read_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u3
if (ret < 0)
return ret;
command = ContainerRawIo2;
- fibsize = sizeof(struct aac_raw_io2) +
- ((le32_to_cpu(readcmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
+ fibsize = struct_size(readcmd2, sge,
+ le32_to_cpu(readcmd2->sgeCnt));
} else {
struct aac_raw_io *readcmd;
readcmd = (struct aac_raw_io *) fib_data(fib);
@@ -1366,8 +1366,8 @@ static int aac_write_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u
if (ret < 0)
return ret;
command = ContainerRawIo2;
- fibsize = sizeof(struct aac_raw_io2) +
- ((le32_to_cpu(writecmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
+ fibsize = struct_size(writecmd2, sge,
+ le32_to_cpu(writecmd2->sgeCnt));
} else {
struct aac_raw_io *writecmd;
writecmd = (struct aac_raw_io *) fib_data(fib);
@@ -3998,7 +3998,7 @@ static int aac_convert_sgraw2(struct aac_raw_io2 *rio2, int pages, int nseg, int
if (aac_convert_sgl == 0)
return 0;
- sge = kmalloc_array(nseg_new, sizeof(struct sge_ieee1212), GFP_ATOMIC);
+ sge = kmalloc_array(nseg_new, sizeof(*sge), GFP_ATOMIC);
if (sge == NULL)
return -ENOMEM;
diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h
index e3e4ecbea726..3733df77bc65 100644
--- a/drivers/scsi/aacraid/aacraid.h
+++ b/drivers/scsi/aacraid/aacraid.h
@@ -1929,7 +1929,7 @@ struct aac_raw_io2 {
u8 bpComplete; /* reserved for F/W use */
u8 sgeFirstIndex; /* reserved for F/W use */
u8 unused[4];
- struct sge_ieee1212 sge[1];
+ struct sge_ieee1212 sge[];
};
#define CT_FLUSH_CACHE 129
--
2.27.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
2021-04-21 18:56 [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member Gustavo A. R. Silva
@ 2021-04-22 3:03 ` Martin K. Petersen
2021-04-22 3:20 ` Kees Cook
2021-05-04 0:19 ` Gustavo A. R. Silva
2021-05-11 3:25 ` Martin K. Petersen
2 siblings, 1 reply; 9+ messages in thread
From: Martin K. Petersen @ 2021-04-22 3:03 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Adaptec OEM Raid Solutions, James E.J. Bottomley,
Martin K. Petersen, linux-scsi, linux-kernel, linux-hardening,
Kees Cook
Hi Gustavo!
> Changes in v3:
> - Use (nseg_new-1)*sizeof(struct sge_ieee1212) to calculate
> size in call to memcpy() in order to avoid any confusion.
The amended memcpy() hunk appears to be missing from the v3 patch.
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
2021-04-22 3:03 ` Martin K. Petersen
@ 2021-04-22 3:20 ` Kees Cook
2021-04-22 3:34 ` Martin K. Petersen
0 siblings, 1 reply; 9+ messages in thread
From: Kees Cook @ 2021-04-22 3:20 UTC (permalink / raw)
To: Martin K. Petersen
Cc: Gustavo A. R. Silva, Adaptec OEM Raid Solutions,
James E.J. Bottomley, linux-scsi, linux-kernel, linux-hardening
On Wed, Apr 21, 2021 at 11:03:19PM -0400, Martin K. Petersen wrote:
>
> Hi Gustavo!
>
> > Changes in v3:
> > - Use (nseg_new-1)*sizeof(struct sge_ieee1212) to calculate
> > size in call to memcpy() in order to avoid any confusion.
>
> The amended memcpy() hunk appears to be missing from the v3 patch.
It's unchanged from the perspective of the original code. (i.e. there's
no need to change it since that memcpy isn't involved in anything
changed by the swapping to the flexible array.)
--
Kees Cook
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
2021-04-22 3:20 ` Kees Cook
@ 2021-04-22 3:34 ` Martin K. Petersen
0 siblings, 0 replies; 9+ messages in thread
From: Martin K. Petersen @ 2021-04-22 3:34 UTC (permalink / raw)
To: Kees Cook
Cc: Martin K. Petersen, Gustavo A. R. Silva,
Adaptec OEM Raid Solutions, James E.J. Bottomley, linux-scsi,
linux-kernel, linux-hardening
Kees,
>> The amended memcpy() hunk appears to be missing from the v3 patch.
>
> It's unchanged from the perspective of the original code. (i.e. there's
> no need to change it since that memcpy isn't involved in anything
> changed by the swapping to the flexible array.)
Ah, I was under the impression that you intended to do sizeof(*sge) to
match the kmalloc_array() above.
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
2021-04-21 18:56 [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member Gustavo A. R. Silva
2021-04-22 3:03 ` Martin K. Petersen
@ 2021-05-04 0:19 ` Gustavo A. R. Silva
2021-05-04 2:56 ` Martin K. Petersen
2021-05-11 3:25 ` Martin K. Petersen
2 siblings, 1 reply; 9+ messages in thread
From: Gustavo A. R. Silva @ 2021-05-04 0:19 UTC (permalink / raw)
To: Gustavo A. R. Silva, Adaptec OEM Raid Solutions,
James E.J. Bottomley, Martin K. Petersen
Cc: linux-scsi, linux-kernel, linux-hardening, Kees Cook
Hi Martin,
Friendly ping: could you take this patch, please? :)
Thanks!
--
Gustavo
On 4/21/21 13:56, Gustavo A. R. Silva wrote:
> There is a regular need in the kernel to provide a way to declare having
> a dynamically sized set of trailing elements in a structure. Kernel code
> should always use “flexible array members”[1] for these cases. The older
> style of one-element or zero-length arrays should no longer be used[2].
>
> Refactor the code according to the use of a flexible-array member in
> struct aac_raw_io2 instead of one-element array, and use the
> struct_size() helper.
>
> Also, this helps with the ongoing efforts to enable -Warray-bounds by
> fixing the following warnings:
>
> drivers/scsi/aacraid/aachba.c: In function ‘aac_build_sgraw2’:
> drivers/scsi/aacraid/aachba.c:3970:18: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 3970 | if (rio2->sge[j].length % (i*PAGE_SIZE)) {
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:3974:27: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 3974 | nseg_new += (rio2->sge[j].length / (i*PAGE_SIZE));
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4011:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 4011 | for (j = 0; j < rio2->sge[i].length / (pages * PAGE_SIZE); ++j) {
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4012:24: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 4012 | addr_low = rio2->sge[i].addrLow + j * pages * PAGE_SIZE;
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4014:33: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 4014 | sge[pos].addrHigh = rio2->sge[i].addrHigh;
> | ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4015:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
> 4015 | if (addr_low < rio2->sge[i].addrLow)
> | ~~~~~~~~~^~~
>
> [1] https://en.wikipedia.org/wiki/Flexible_array_member
> [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays
>
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/109
> Build-tested-by: kernel test robot <lkp@intel.com>
> Link: https://lore.kernel.org/lkml/60414244.ur4%2FkI+fBF1ohKZs%25lkp@intel.com/
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
> Changes in v3:
> - Use (nseg_new-1)*sizeof(struct sge_ieee1212) to calculate
> size in call to memcpy() in order to avoid any confusion.
>
> Changes in v2:
> - Add code comment for clarification.
>
> drivers/scsi/aacraid/aachba.c | 10 +++++-----
> drivers/scsi/aacraid/aacraid.h | 2 +-
> 2 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
> index f1f62b5da8b7..46b8dffce2dd 100644
> --- a/drivers/scsi/aacraid/aachba.c
> +++ b/drivers/scsi/aacraid/aachba.c
> @@ -1235,8 +1235,8 @@ static int aac_read_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u3
> if (ret < 0)
> return ret;
> command = ContainerRawIo2;
> - fibsize = sizeof(struct aac_raw_io2) +
> - ((le32_to_cpu(readcmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
> + fibsize = struct_size(readcmd2, sge,
> + le32_to_cpu(readcmd2->sgeCnt));
> } else {
> struct aac_raw_io *readcmd;
> readcmd = (struct aac_raw_io *) fib_data(fib);
> @@ -1366,8 +1366,8 @@ static int aac_write_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u
> if (ret < 0)
> return ret;
> command = ContainerRawIo2;
> - fibsize = sizeof(struct aac_raw_io2) +
> - ((le32_to_cpu(writecmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
> + fibsize = struct_size(writecmd2, sge,
> + le32_to_cpu(writecmd2->sgeCnt));
> } else {
> struct aac_raw_io *writecmd;
> writecmd = (struct aac_raw_io *) fib_data(fib);
> @@ -3998,7 +3998,7 @@ static int aac_convert_sgraw2(struct aac_raw_io2 *rio2, int pages, int nseg, int
> if (aac_convert_sgl == 0)
> return 0;
>
> - sge = kmalloc_array(nseg_new, sizeof(struct sge_ieee1212), GFP_ATOMIC);
> + sge = kmalloc_array(nseg_new, sizeof(*sge), GFP_ATOMIC);
> if (sge == NULL)
> return -ENOMEM;
>
> diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h
> index e3e4ecbea726..3733df77bc65 100644
> --- a/drivers/scsi/aacraid/aacraid.h
> +++ b/drivers/scsi/aacraid/aacraid.h
> @@ -1929,7 +1929,7 @@ struct aac_raw_io2 {
> u8 bpComplete; /* reserved for F/W use */
> u8 sgeFirstIndex; /* reserved for F/W use */
> u8 unused[4];
> - struct sge_ieee1212 sge[1];
> + struct sge_ieee1212 sge[];
> };
>
> #define CT_FLUSH_CACHE 129
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
2021-05-04 0:19 ` Gustavo A. R. Silva
@ 2021-05-04 2:56 ` Martin K. Petersen
2021-05-04 3:06 ` Gustavo A. R. Silva
0 siblings, 1 reply; 9+ messages in thread
From: Martin K. Petersen @ 2021-05-04 2:56 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Gustavo A. R. Silva, Adaptec OEM Raid Solutions,
James E.J. Bottomley, Martin K. Petersen, linux-scsi,
linux-kernel, linux-hardening, Kees Cook
Gustavo,
> Friendly ping: could you take this patch, please? :)
Applied to 5.14/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
2021-05-04 2:56 ` Martin K. Petersen
@ 2021-05-04 3:06 ` Gustavo A. R. Silva
0 siblings, 0 replies; 9+ messages in thread
From: Gustavo A. R. Silva @ 2021-05-04 3:06 UTC (permalink / raw)
To: Martin K. Petersen
Cc: Gustavo A. R. Silva, Adaptec OEM Raid Solutions,
James E.J. Bottomley, linux-scsi, linux-kernel, linux-hardening,
Kees Cook
On 5/3/21 21:56, Martin K. Petersen wrote:
> Applied to 5.14/scsi-staging, thanks!
Awesome! :)
Thank you.
--
Gustavo
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
2021-04-21 18:56 [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member Gustavo A. R. Silva
2021-04-22 3:03 ` Martin K. Petersen
2021-05-04 0:19 ` Gustavo A. R. Silva
@ 2021-05-11 3:25 ` Martin K. Petersen
2021-05-11 3:30 ` Gustavo A. R. Silva
2 siblings, 1 reply; 9+ messages in thread
From: Martin K. Petersen @ 2021-05-11 3:25 UTC (permalink / raw)
To: Adaptec OEM Raid Solutions, James E.J. Bottomley, Gustavo A. R. Silva
Cc: Martin K . Petersen, Kees Cook, linux-kernel, linux-scsi,
linux-hardening
On Wed, 21 Apr 2021 13:56:11 -0500, Gustavo A. R. Silva wrote:
> There is a regular need in the kernel to provide a way to declare having
> a dynamically sized set of trailing elements in a structure. Kernel code
> should always use “flexible array members”[1] for these cases. The older
> style of one-element or zero-length arrays should no longer be used[2].
>
> Refactor the code according to the use of a flexible-array member in
> struct aac_raw_io2 instead of one-element array, and use the
> struct_size() helper.
>
> [...]
Applied to 5.14/scsi-queue, thanks!
[1/1] scsi: aacraid: Replace one-element array with flexible-array member
https://git.kernel.org/mkp/scsi/c/39107e8577ad
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
2021-05-11 3:25 ` Martin K. Petersen
@ 2021-05-11 3:30 ` Gustavo A. R. Silva
0 siblings, 0 replies; 9+ messages in thread
From: Gustavo A. R. Silva @ 2021-05-11 3:30 UTC (permalink / raw)
To: Martin K. Petersen, Adaptec OEM Raid Solutions,
James E.J. Bottomley, Gustavo A. R. Silva
Cc: Kees Cook, linux-kernel, linux-scsi, linux-hardening
On 5/10/21 22:25, Martin K. Petersen wrote:
> On Wed, 21 Apr 2021 13:56:11 -0500, Gustavo A. R. Silva wrote:
>
>> There is a regular need in the kernel to provide a way to declare having
>> a dynamically sized set of trailing elements in a structure. Kernel code
>> should always use “flexible array members”[1] for these cases. The older
>> style of one-element or zero-length arrays should no longer be used[2].
>>
>> Refactor the code according to the use of a flexible-array member in
>> struct aac_raw_io2 instead of one-element array, and use the
>> struct_size() helper.
>>
>> [...]
>
> Applied to 5.14/scsi-queue, thanks!
>
> [1/1] scsi: aacraid: Replace one-element array with flexible-array member
> https://git.kernel.org/mkp/scsi/c/39107e8577ad
Awesome. :)
Thanks, Martin.
--
Gustavo
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-05-11 3:30 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-21 18:56 [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member Gustavo A. R. Silva
2021-04-22 3:03 ` Martin K. Petersen
2021-04-22 3:20 ` Kees Cook
2021-04-22 3:34 ` Martin K. Petersen
2021-05-04 0:19 ` Gustavo A. R. Silva
2021-05-04 2:56 ` Martin K. Petersen
2021-05-04 3:06 ` Gustavo A. R. Silva
2021-05-11 3:25 ` Martin K. Petersen
2021-05-11 3:30 ` Gustavo A. R. Silva
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.