linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/2] Fix some compile warnings in v5.18+
@ 2022-05-28 21:14 Larry Finger
  2022-05-28 21:14 ` [PATCH 1/2] staging: r8188eu: Fix warning of array overflow in ioctl_linux.c Larry Finger
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Larry Finger @ 2022-05-28 21:14 UTC (permalink / raw)
  To: Linus Torvalds; +Cc: linux-kernel, Larry Finger

Building driver r8188eu in staging with -warray-bounds exposes two places
where arrays are too small.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>


Larry Finger (2):
  staging: r8188eu: Fix warning of array overflow in ioctl_linux.c
  staging: r8188eu: Fix undersized array in rtw_xmit.c

 drivers/staging/r8188eu/include/rtw_xmit.h   | 2 +-
 drivers/staging/r8188eu/os_dep/ioctl_linux.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

-- 
2.36.1


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH 1/2] staging: r8188eu: Fix warning of array overflow in ioctl_linux.c
  2022-05-28 21:14 [PATCH 0/2] Fix some compile warnings in v5.18+ Larry Finger
@ 2022-05-28 21:14 ` Larry Finger
  2022-05-28 21:14 ` [PATCH 2/2] staging: r8188eu: Fix undersized array in rtw_xmit.c Larry Finger
  2022-05-28 21:31 ` [PATCH 0/2] Fix some compile warnings in v5.18+ Linus Torvalds
  2 siblings, 0 replies; 5+ messages in thread
From: Larry Finger @ 2022-05-28 21:14 UTC (permalink / raw)
  To: Linus Torvalds; +Cc: linux-kernel, Larry Finger, Greg Kroah-Hartman

Building with -Warray-bounds results in the following warning plus others
related to the same problem:

CC [M]  drivers/staging/r8188eu/os_dep/ioctl_linux.o
In function ‘wpa_set_encryption’,
    inlined from ‘rtw_wx_set_enc_ext’ at drivers/staging/r8188eu/os_dep/ioctl_linux.c:1868:9:
drivers/staging/r8188eu/os_dep/ioctl_linux.c:412:41: warning: array subscript ‘struct ndis_802_11_wep[0]’ is partly outside array bounds of ‘void[25]’ [-Warray-bounds]
  412 |                         pwep->KeyLength = wep_key_len;
      |                         ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
In file included from drivers/staging/r8188eu/os_dep/../include/osdep_service.h:19,
                 from drivers/staging/r8188eu/os_dep/ioctl_linux.c:4:
In function ‘kmalloc’,
    inlined from ‘kzalloc’ at ./include/linux/slab.h:733:9,
    inlined from ‘wpa_set_encryption’ at drivers/staging/r8188eu/os_dep/ioctl_linux.c:408:11,
    inlined from ‘rtw_wx_set_enc_ext’ at drivers/staging/r8188eu/os_dep/ioctl_linux.c:1868:9:
./include/linux/slab.h:605:16: note: object of size [17, 25] allocated by ‘__kmalloc’
  605 |         return __kmalloc(size, flags);
      |                ^~~~~~~~~~~~~~~~~~~~~~
./include/linux/slab.h:600:24: note: object of size [17, 25] allocated by ‘kmem_cache_alloc_trace’
  600 |                 return kmem_cache_alloc_trace(
      |                        ^~~~~~~~~~~~~~~~~~~~~~~
  601 |                                 kmalloc_caches[kmalloc_type(flags)][index],
      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  602 |                                 flags, size);
      |                                 ~~~~~~~~~~~~

Although it is unlikely that anyone is still using WEP encryption, the
size of the allocation needs to be increased just in case.

Fixes commit 2b42bd58b321 ("staging: r8188eu: introduce new os_dep dir for RTL8188eu driver")

Fixes: 2b42bd58b321 ("staging: r8188eu: introduce new os_dep dir for RTL8188eu driver")
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/r8188eu/os_dep/ioctl_linux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
index eb9375b0c660..ce3dcfc812e9 100644
--- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
@@ -404,7 +404,7 @@ static int wpa_set_encryption(struct net_device *dev, struct ieee_param *param,
 
 		if (wep_key_len > 0) {
 			wep_key_len = wep_key_len <= 5 ? 5 : 13;
-			wep_total_len = wep_key_len + FIELD_OFFSET(struct ndis_802_11_wep, KeyMaterial);
+			wep_total_len = wep_key_len + sizeof(*pwep);
 			pwep = kzalloc(wep_total_len, GFP_KERNEL);
 			if (!pwep)
 				goto exit;
-- 
2.36.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH 2/2] staging: r8188eu: Fix undersized array in rtw_xmit.c
  2022-05-28 21:14 [PATCH 0/2] Fix some compile warnings in v5.18+ Larry Finger
  2022-05-28 21:14 ` [PATCH 1/2] staging: r8188eu: Fix warning of array overflow in ioctl_linux.c Larry Finger
@ 2022-05-28 21:14 ` Larry Finger
  2022-05-28 21:32   ` Linus Torvalds
  2022-05-28 21:31 ` [PATCH 0/2] Fix some compile warnings in v5.18+ Linus Torvalds
  2 siblings, 1 reply; 5+ messages in thread
From: Larry Finger @ 2022-05-28 21:14 UTC (permalink / raw)
  To: Linus Torvalds; +Cc: linux-kernel, Larry Finger

Compiling with -warray-bounds yields the following warning:

drivers/staging/r8188eu/core/rtw_xmit.c: In function ‘rtw_alloc_hwxmits’:
drivers/staging/r8188eu/core/rtw_xmit.c:1493:24: warning: array subscript 4 is outside array bounds of ‘void[64]’ [-Warray-bounds]
 1493 |                 hwxmits[4] .sta_queue = &pxmitpriv->be_pending;
      |                 ~~~~~~~^~~
In file included from drivers/staging/r8188eu/core/../include/osdep_service.h:19,
                 from drivers/staging/r8188eu/core/rtw_xmit.c:6:
In function ‘kmalloc’,
    inlined from ‘kzalloc’ at ./include/linux/slab.h:733:9,
    inlined from ‘rtw_alloc_hwxmits’ at drivers/staging/r8188eu/core/rtw_xmit.c:1484:23:
./include/linux/slab.h:600:24: note: at offset 64 into object of size 64 allocated by ‘kmem_cache_alloc_trace’
  600 |                 return kmem_cache_alloc_trace(
      |                        ^~~~~~~~~~~~~~~~~~~~~~~
  601 |                                 kmalloc_caches[kmalloc_type(flags)][index],
      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  602 |                                 flags, size);
      |

This warning arises because macro HWXMIT_ENTRY is too small.

Fixes commit 7884fc0a1473 ("staging: r8188eu: introduce new include dir
for RTL8188eu driver")

Fixes: 7884fc0a1473 ("staging: r8188eu: introduce new include dir for RTL8188eu driver")
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/r8188eu/include/rtw_xmit.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/r8188eu/include/rtw_xmit.h b/drivers/staging/r8188eu/include/rtw_xmit.h
index b2df1480d66b..27fa536f51ee 100644
--- a/drivers/staging/r8188eu/include/rtw_xmit.h
+++ b/drivers/staging/r8188eu/include/rtw_xmit.h
@@ -69,7 +69,7 @@ do {							\
 	dot11txpn.val = dot11txpn.val == 0xffffffffffffULL ? 0 : (dot11txpn.val+1);\
 } while (0)
 
-#define HWXMIT_ENTRY	4
+#define HWXMIT_ENTRY	5
 
 #define TXDESC_SIZE 32
 
-- 
2.36.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH 0/2] Fix some compile warnings in v5.18+
  2022-05-28 21:14 [PATCH 0/2] Fix some compile warnings in v5.18+ Larry Finger
  2022-05-28 21:14 ` [PATCH 1/2] staging: r8188eu: Fix warning of array overflow in ioctl_linux.c Larry Finger
  2022-05-28 21:14 ` [PATCH 2/2] staging: r8188eu: Fix undersized array in rtw_xmit.c Larry Finger
@ 2022-05-28 21:31 ` Linus Torvalds
  2 siblings, 0 replies; 5+ messages in thread
From: Linus Torvalds @ 2022-05-28 21:31 UTC (permalink / raw)
  To: Larry Finger; +Cc: Linux Kernel Mailing List

On Sat, May 28, 2022 at 2:15 PM Larry Finger <Larry.Finger@lwfinger.net> wrote:
>
> Building driver r8188eu in staging with -warray-bounds exposes two places
> where arrays are too small.

Odd participant list.

This should go to Greg, not me, and I think you should cc the other
people (ie Phillip Potter) listed for that driver too, no?

                    Linus

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] staging: r8188eu: Fix undersized array in rtw_xmit.c
  2022-05-28 21:14 ` [PATCH 2/2] staging: r8188eu: Fix undersized array in rtw_xmit.c Larry Finger
@ 2022-05-28 21:32   ` Linus Torvalds
  0 siblings, 0 replies; 5+ messages in thread
From: Linus Torvalds @ 2022-05-28 21:32 UTC (permalink / raw)
  To: Larry Finger; +Cc: Linux Kernel Mailing List

Hmm. Maybe the reason Greg wasn't cc'd is that the people listed at
the end is odd here:

On Sat, May 28, 2022 at 2:15 PM Larry Finger <Larry.Finger@lwfinger.net> wrote:
>
> Fixes: 7884fc0a1473 ("staging: r8188eu: introduce new include dir for RTL8188eu driver")
> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
> Greg Kroah-Hartman <gregkh@linuxfoundation.org>

ie it says "Greg" there, but there's no actual tag (presumably "Cc:"
missing, 1/2 seems to have had it).

                 Linus

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-05-28 21:33 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-28 21:14 [PATCH 0/2] Fix some compile warnings in v5.18+ Larry Finger
2022-05-28 21:14 ` [PATCH 1/2] staging: r8188eu: Fix warning of array overflow in ioctl_linux.c Larry Finger
2022-05-28 21:14 ` [PATCH 2/2] staging: r8188eu: Fix undersized array in rtw_xmit.c Larry Finger
2022-05-28 21:32   ` Linus Torvalds
2022-05-28 21:31 ` [PATCH 0/2] Fix some compile warnings in v5.18+ Linus Torvalds

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).