linux-hardening.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] scsi: ibmvscsis: Silence -Warray-bounds warning
@ 2022-02-08  6:12 Kees Cook
  2022-02-09 23:53 ` Tyrel Datwyler
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Kees Cook @ 2022-02-08  6:12 UTC (permalink / raw)
  To: Michael Cyr
  Cc: Kees Cook, Stephen Rothwell, James E.J. Bottomley,
	Martin K. Petersen, Tyrel Datwyler, linux-scsi, target-devel,
	linux-kernel, linux-hardening

Instead of doing a cast to storage that is too small, add a union for
the high 64 bits. Silences the warnings under -Warray-bounds:

drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_send_messages':
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1934:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds]
 1934 |                                         crq->valid = VALID_CMD_RESP_EL;
      |                                            ^~
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi'
 1875 |         u64 msg_hi = 0;
      |             ^~~~~~

There is no change to the resulting binary instructions.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Link: https://lore.kernel.org/lkml/20220125142430.75c3160e@canb.auug.org.au
Cc: Michael Cyr <mikecyr@linux.ibm.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Tyrel Datwyler <tyreld@linux.ibm.com>
Cc: linux-scsi@vger.kernel.org
Cc: target-devel@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c |  9 +++------
 include/scsi/viosrp.h                    | 17 +++++++++++------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
index 61f06f6885a5..80238e6a3c98 100644
--- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
+++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
@@ -1872,11 +1872,8 @@ static void srp_snd_msg_failed(struct scsi_info *vscsi, long rc)
  */
 static void ibmvscsis_send_messages(struct scsi_info *vscsi)
 {
-	u64 msg_hi = 0;
-	/* note do not attempt to access the IU_data_ptr with this pointer
-	 * it is not valid
-	 */
-	struct viosrp_crq *crq = (struct viosrp_crq *)&msg_hi;
+	struct viosrp_crq empty_crq = { };
+	struct viosrp_crq *crq = &empty_crq;
 	struct ibmvscsis_cmd *cmd, *nxt;
 	long rc = ADAPT_SUCCESS;
 	bool retry = false;
@@ -1940,7 +1937,7 @@ static void ibmvscsis_send_messages(struct scsi_info *vscsi)
 					crq->IU_length = cpu_to_be16(cmd->rsp.len);
 
 					rc = h_send_crq(vscsi->dma_dev->unit_address,
-							be64_to_cpu(msg_hi),
+							be64_to_cpu(crq->high),
 							be64_to_cpu(cmd->rsp.tag));
 
 					dev_dbg(&vscsi->dev, "send_messages: cmd %p, tag 0x%llx, rc %ld\n",
diff --git a/include/scsi/viosrp.h b/include/scsi/viosrp.h
index c978133c83e3..6c5559d2b285 100644
--- a/include/scsi/viosrp.h
+++ b/include/scsi/viosrp.h
@@ -70,12 +70,17 @@ enum viosrp_crq_status {
 };
 
 struct viosrp_crq {
-	u8 valid;		/* used by RPA */
-	u8 format;		/* SCSI vs out-of-band */
-	u8 reserved;
-	u8 status;		/* non-scsi failure? (e.g. DMA failure) */
-	__be16 timeout;		/* in seconds */
-	__be16 IU_length;		/* in bytes */
+	union {
+		__be64 high;			/* High 64 bits */
+		struct {
+			u8 valid;		/* used by RPA */
+			u8 format;		/* SCSI vs out-of-band */
+			u8 reserved;
+			u8 status;		/* non-scsi failure? (e.g. DMA failure) */
+			__be16 timeout;		/* in seconds */
+			__be16 IU_length;	/* in bytes */
+		};
+	};
 	__be64 IU_data_ptr;	/* the TCE for transferring data */
 };
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] scsi: ibmvscsis: Silence -Warray-bounds warning
  2022-02-08  6:12 [PATCH] scsi: ibmvscsis: Silence -Warray-bounds warning Kees Cook
@ 2022-02-09 23:53 ` Tyrel Datwyler
  2022-02-11 21:42 ` Martin K. Petersen
  2022-02-15  3:19 ` Martin K. Petersen
  2 siblings, 0 replies; 4+ messages in thread
From: Tyrel Datwyler @ 2022-02-09 23:53 UTC (permalink / raw)
  To: Kees Cook, Michael Cyr
  Cc: Stephen Rothwell, James E.J. Bottomley, Martin K. Petersen,
	linux-scsi, target-devel, linux-kernel, linux-hardening

On 2/7/22 10:12 PM, Kees Cook wrote:
> Instead of doing a cast to storage that is too small, add a union for
> the high 64 bits. Silences the warnings under -Warray-bounds:
> 
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_send_messages':
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1934:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds]
>  1934 |                                         crq->valid = VALID_CMD_RESP_EL;
>       |                                            ^~
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi'
>  1875 |         u64 msg_hi = 0;
>       |             ^~~~~~
> 
> There is no change to the resulting binary instructions.
> 
> Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
> Link: https://lore.kernel.org/lkml/20220125142430.75c3160e@canb.auug.org.au
> Cc: Michael Cyr <mikecyr@linux.ibm.com>
> Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
> Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
> Cc: Tyrel Datwyler <tyreld@linux.ibm.com>
> Cc: linux-scsi@vger.kernel.org
> Cc: target-devel@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c |  9 +++------

Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] scsi: ibmvscsis: Silence -Warray-bounds warning
  2022-02-08  6:12 [PATCH] scsi: ibmvscsis: Silence -Warray-bounds warning Kees Cook
  2022-02-09 23:53 ` Tyrel Datwyler
@ 2022-02-11 21:42 ` Martin K. Petersen
  2022-02-15  3:19 ` Martin K. Petersen
  2 siblings, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2022-02-11 21:42 UTC (permalink / raw)
  To: Kees Cook
  Cc: Michael Cyr, Stephen Rothwell, James E.J. Bottomley,
	Martin K. Petersen, Tyrel Datwyler, linux-scsi, target-devel,
	linux-kernel, linux-hardening


Kees,

> Instead of doing a cast to storage that is too small, add a union for
> the high 64 bits. Silences the warnings under -Warray-bounds:

Applied to 5.18/scsi-staging, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] scsi: ibmvscsis: Silence -Warray-bounds warning
  2022-02-08  6:12 [PATCH] scsi: ibmvscsis: Silence -Warray-bounds warning Kees Cook
  2022-02-09 23:53 ` Tyrel Datwyler
  2022-02-11 21:42 ` Martin K. Petersen
@ 2022-02-15  3:19 ` Martin K. Petersen
  2 siblings, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2022-02-15  3:19 UTC (permalink / raw)
  To: Kees Cook, Michael Cyr
  Cc: Martin K . Petersen, linux-scsi, Stephen Rothwell,
	linux-hardening, target-devel, James E.J. Bottomley,
	Tyrel Datwyler, linux-kernel

On Mon, 7 Feb 2022 22:12:31 -0800, Kees Cook wrote:

> Instead of doing a cast to storage that is too small, add a union for
> the high 64 bits. Silences the warnings under -Warray-bounds:
> 
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_send_messages':
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1934:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds]
>  1934 |                                         crq->valid = VALID_CMD_RESP_EL;
>       |                                            ^~
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi'
>  1875 |         u64 msg_hi = 0;
>       |             ^~~~~~
> 
> [...]

Applied to 5.18/scsi-queue, thanks!

[1/1] scsi: ibmvscsis: Silence -Warray-bounds warning
      https://git.kernel.org/mkp/scsi/c/03e4383c7ce3

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-02-15  3:19 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-08  6:12 [PATCH] scsi: ibmvscsis: Silence -Warray-bounds warning Kees Cook
2022-02-09 23:53 ` Tyrel Datwyler
2022-02-11 21:42 ` Martin K. Petersen
2022-02-15  3:19 ` Martin K. Petersen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).