From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F664C433EF for ; Tue, 8 Feb 2022 06:13:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239738AbiBHGNj (ORCPT ); Tue, 8 Feb 2022 01:13:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57608 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241102AbiBHGNg (ORCPT ); Tue, 8 Feb 2022 01:13:36 -0500 Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9EE12C0401DC for ; Mon, 7 Feb 2022 22:13:35 -0800 (PST) Received: by mail-pf1-x429.google.com with SMTP id s14so2151193pfw.3 for ; Mon, 07 Feb 2022 22:13:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=G2FbiPdepqxzWRqr0yQvU8SoE8ldVU79lJNzyc5vgoU=; b=L+GvdAF4uG7E4Fo6z/s2QaRkU4dh7cf/pwRGUxPY51zLfAMnsUzpBo/FeRv7+7oC0b LCPh4Y4jo1AZ4xchuN396M3OBietQsqlGQqxI6y9tVAXqLCiJ98Kh8MFrcVocqmLdWhH MQVKE+8wkX4zEQtxiIlZ3ZrtEjooDJTEWm03o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=G2FbiPdepqxzWRqr0yQvU8SoE8ldVU79lJNzyc5vgoU=; b=I7YU+Z9GmlZK5xh70AQapVo4clG/3crJHHePuaZeWh8RzsSl5HlXUTJfNaPqN8WX0y kSiBekmxdM44RVUVbJH1aKftEy2Rq93+ICRgP14vjQCPwC+il/jTYG5jQ7wplKyQzfi4 2WRke/aup+nHxvNdr5ZIaxgROpvjHGK2dXuzpxtB2oamCjD0QSEG8FDlcKuOsitri7Zs hdFpPbKbrO1DjDXgwZ8hCm3pXOxeVO4y8NzN4eLgr6uOA1dDi2rRz9gyDhMhsPaWqBF3 BET2wUGRKtFuK1mGTzqQWnOeU0i3weRcfDdF4alLEPC4DyB29pcNA7pHDuV2vOOeRdqE SeJQ== X-Gm-Message-State: AOAM531vWcCeRWOHWnzKIerrgte5mJS8ver17KGU9YiQRB7recoHvvcz Q+zSMfRZamkhOEsMyXbjvuUjtA== X-Google-Smtp-Source: ABdhPJwY5gqPJmWiqrqWyUaAe0ACYh/O+jnyeexZksJPXgP7x/FU4GwTdRVPqyz2sZBNtArLrhRKPg== X-Received: by 2002:a05:6a00:843:: with SMTP id q3mr3045692pfk.0.1644300815136; Mon, 07 Feb 2022 22:13:35 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id s6sm9848925pgh.86.2022.02.07.22.13.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Feb 2022 22:13:34 -0800 (PST) Date: Mon, 7 Feb 2022 22:13:33 -0800 From: Kees Cook To: Stephen Rothwell Cc: "Gustavo A. R. Silva" , "Bryant G. Ly" , Michael Cyr , Nicholas Bellinger , Steven Royer , Tyrel Datwyler , Linux Kernel Mailing List , Linux Next Mailing List , James Bottomley , "Martin K. Petersen" Subject: Re: linux-next: build failure after merge of the kspp tree Message-ID: <202202072212.84D10BE535@keescook> References: <20220125142430.75c3160e@canb.auug.org.au> <202201241938.DA2AB1AB4@keescook> <20220208154218.14c7d414@canb.auug.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220208154218.14c7d414@canb.auug.org.au> Precedence: bulk List-ID: X-Mailing-List: linux-next@vger.kernel.org On Tue, Feb 08, 2022 at 03:42:18PM +1100, Stephen Rothwell wrote: > Hi all, > > [Cc'ing the scsi maintainers. Sorry I should have done that sooner] > > On Mon, 24 Jan 2022 19:43:44 -0800 Kees Cook wrote: > > > > On Tue, Jan 25, 2022 at 02:24:30PM +1100, Stephen Rothwell wrote: > > > > > > After merging the kspp tree, today's linux-next build (powerpc > > > allyesconfig) failed like this: > > > > > > > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_send_messages': > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1934:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds] > > > 1934 | crq->valid = VALID_CMD_RESP_EL; > > > | ^~ > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi' > > > 1875 | u64 msg_hi = 0; > > > | ^~~~~~ > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1935:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds] > > > 1935 | crq->format = cmd->rsp.format; > > > | ^~ > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi' > > > 1875 | u64 msg_hi = 0; > > > | ^~~~~~ > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1938:52: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds] > > > 1938 | crq->status = VIOSRP_ADAPTER_FAIL; > > > | ^~ > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi' > > > 1875 | u64 msg_hi = 0; > > > | ^~~~~~ > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1940:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds] > > > 1940 | crq->IU_length = cpu_to_be16(cmd->rsp.len); > > > | ^~ > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi' > > > 1875 | u64 msg_hi = 0; > > > | ^~~~~~ > > > > > > Exposed by commit > > > > > > 4ba545781e20 ("Makefile: Enable -Warray-bounds") > > > > > > Probably introduced by commit > > > > > > 88a678bbc34c ("ibmvscsis: Initial commit of IBM VSCSI Tgt Driver") > > > > > > I applied the following hack for now: > > > > > > From: Stephen Rothwell > > > Date: Tue, 25 Jan 2022 14:18:36 +1100 > > > Subject: [PATCH] scsi: hack for building with -Warray-bounds > > > > > > Signed-off-by: Stephen Rothwell > > > --- > > > drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 6 +++--- > > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > > > diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c > > > index 61f06f6885a5..89fcf98c61c3 100644 > > > --- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c > > > +++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c > > > @@ -1872,11 +1872,11 @@ static void srp_snd_msg_failed(struct scsi_info *vscsi, long rc) > > > */ > > > static void ibmvscsis_send_messages(struct scsi_info *vscsi) > > > { > > > - u64 msg_hi = 0; > > > + u64 msg_hi[2] = { }; > > > /* note do not attempt to access the IU_data_ptr with this pointer > > > * it is not valid > > > */ > > > - struct viosrp_crq *crq = (struct viosrp_crq *)&msg_hi; > > > + struct viosrp_crq *crq = (struct viosrp_crq *)msg_hi; > > > struct ibmvscsis_cmd *cmd, *nxt; > > > long rc = ADAPT_SUCCESS; > > > bool retry = false; > > > @@ -1940,7 +1940,7 @@ static void ibmvscsis_send_messages(struct scsi_info *vscsi) > > > crq->IU_length = cpu_to_be16(cmd->rsp.len); > > > > > > rc = h_send_crq(vscsi->dma_dev->unit_address, > > > - be64_to_cpu(msg_hi), > > > + be64_to_cpu(msg_hi[0]), > > > be64_to_cpu(cmd->rsp.tag)); > > > > > > dev_dbg(&vscsi->dev, "send_messages: cmd %p, tag 0x%llx, rc %ld\n", > > > > This looks correct to me. struct viosrp_crq is 16 bytes wide. The only > > suggestion I might make would be either avoid the bare '2': > > > > u64 msg_hi[sizeof(struct viosrp_crq) / sizeof(u64)] = { }; > > > > or adjust struct viosrp_crq so the casting isn't needed at all: > > > > > > truct viosrp_crq { > > union { > > u64 hi; > > struct { > > u8 valid; /* used by RPA */ > > u8 format; /* SCSI vs out-of-band */ > > u8 reserved; > > u8 status; /* non-scsi failure? (e.g. DMA failure) */ > > __be16 timeout; /* in seconds */ > > __be16 IU_length; /* in bytes */ > > }; > > }; > > __be64 IU_data_ptr; /* the TCE for transferring data */ > > }; > > > > struct viosrp_crq crq = { }; > > ... > > rc = h_send_crq(vscsi->dma_dev->unit_address, > > be64_to_cpu(crq.hi), > > be64_to_cpu(cmd->rsp.tag)); > > > > > > > > Has there been any progress on this? > > Commit 88a678bbc34c mentioned above was merged in v4.8-rc1. Thanks for the reminder! I've sent this now: https://lore.kernel.org/lkml/20220208061231.3429486-1-keescook@chromium.org -- Kees Cook