linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
@ 2021-04-21 18:56 Gustavo A. R. Silva
  2021-04-22  3:03 ` Martin K. Petersen
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Gustavo A. R. Silva @ 2021-04-21 18:56 UTC (permalink / raw)
  To: Adaptec OEM Raid Solutions, James E.J. Bottomley, Martin K. Petersen
  Cc: linux-scsi, linux-kernel, Gustavo A. R. Silva, linux-hardening,
	Kees Cook

There is a regular need in the kernel to provide a way to declare having
a dynamically sized set of trailing elements in a structure. Kernel code
should always use “flexible array members”[1] for these cases. The older
style of one-element or zero-length arrays should no longer be used[2].

Refactor the code according to the use of a flexible-array member in
struct aac_raw_io2 instead of one-element array, and use the
struct_size() helper.

Also, this helps with the ongoing efforts to enable -Warray-bounds by
fixing the following warnings:

drivers/scsi/aacraid/aachba.c: In function ‘aac_build_sgraw2’:
drivers/scsi/aacraid/aachba.c:3970:18: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
 3970 |     if (rio2->sge[j].length % (i*PAGE_SIZE)) {
      |         ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:3974:27: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
 3974 |     nseg_new += (rio2->sge[j].length / (i*PAGE_SIZE));
      |                  ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:4011:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
 4011 |   for (j = 0; j < rio2->sge[i].length / (pages * PAGE_SIZE); ++j) {
      |                   ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:4012:24: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
 4012 |    addr_low = rio2->sge[i].addrLow + j * pages * PAGE_SIZE;
      |               ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:4014:33: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
 4014 |    sge[pos].addrHigh = rio2->sge[i].addrHigh;
      |                        ~~~~~~~~~^~~
drivers/scsi/aacraid/aachba.c:4015:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
 4015 |    if (addr_low < rio2->sge[i].addrLow)
      |                   ~~~~~~~~~^~~

[1] https://en.wikipedia.org/wiki/Flexible_array_member
[2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays

Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Build-tested-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/60414244.ur4%2FkI+fBF1ohKZs%25lkp@intel.com/
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
Changes in v3:
 - Use (nseg_new-1)*sizeof(struct sge_ieee1212) to calculate
   size in call to memcpy() in order to avoid any confusion.

Changes in v2:
 - Add code comment for clarification.

 drivers/scsi/aacraid/aachba.c  | 10 +++++-----
 drivers/scsi/aacraid/aacraid.h |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
index f1f62b5da8b7..46b8dffce2dd 100644
--- a/drivers/scsi/aacraid/aachba.c
+++ b/drivers/scsi/aacraid/aachba.c
@@ -1235,8 +1235,8 @@ static int aac_read_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u3
 		if (ret < 0)
 			return ret;
 		command = ContainerRawIo2;
-		fibsize = sizeof(struct aac_raw_io2) +
-			((le32_to_cpu(readcmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
+		fibsize = struct_size(readcmd2, sge,
+				     le32_to_cpu(readcmd2->sgeCnt));
 	} else {
 		struct aac_raw_io *readcmd;
 		readcmd = (struct aac_raw_io *) fib_data(fib);
@@ -1366,8 +1366,8 @@ static int aac_write_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u
 		if (ret < 0)
 			return ret;
 		command = ContainerRawIo2;
-		fibsize = sizeof(struct aac_raw_io2) +
-			((le32_to_cpu(writecmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
+		fibsize = struct_size(writecmd2, sge,
+				      le32_to_cpu(writecmd2->sgeCnt));
 	} else {
 		struct aac_raw_io *writecmd;
 		writecmd = (struct aac_raw_io *) fib_data(fib);
@@ -3998,7 +3998,7 @@ static int aac_convert_sgraw2(struct aac_raw_io2 *rio2, int pages, int nseg, int
 	if (aac_convert_sgl == 0)
 		return 0;
 
-	sge = kmalloc_array(nseg_new, sizeof(struct sge_ieee1212), GFP_ATOMIC);
+	sge = kmalloc_array(nseg_new, sizeof(*sge), GFP_ATOMIC);
 	if (sge == NULL)
 		return -ENOMEM;
 
diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h
index e3e4ecbea726..3733df77bc65 100644
--- a/drivers/scsi/aacraid/aacraid.h
+++ b/drivers/scsi/aacraid/aacraid.h
@@ -1929,7 +1929,7 @@ struct aac_raw_io2 {
 	u8		bpComplete;	/* reserved for F/W use */
 	u8		sgeFirstIndex;	/* reserved for F/W use */
 	u8		unused[4];
-	struct sge_ieee1212	sge[1];
+	struct sge_ieee1212	sge[];
 };
 
 #define CT_FLUSH_CACHE 129
-- 
2.27.0


^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
  2021-04-21 18:56 [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member Gustavo A. R. Silva
@ 2021-04-22  3:03 ` Martin K. Petersen
  2021-04-22  3:20   ` Kees Cook
  2021-05-04  0:19 ` Gustavo A. R. Silva
  2021-05-11  3:25 ` Martin K. Petersen
  2 siblings, 1 reply; 9+ messages in thread
From: Martin K. Petersen @ 2021-04-22  3:03 UTC (permalink / raw)
  To: Gustavo A. R. Silva
  Cc: Adaptec OEM Raid Solutions, James E.J. Bottomley,
	Martin K. Petersen, linux-scsi, linux-kernel, linux-hardening,
	Kees Cook


Hi Gustavo!

> Changes in v3:
>  - Use (nseg_new-1)*sizeof(struct sge_ieee1212) to calculate
>    size in call to memcpy() in order to avoid any confusion.

The amended memcpy() hunk appears to be missing from the v3 patch.

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
  2021-04-22  3:03 ` Martin K. Petersen
@ 2021-04-22  3:20   ` Kees Cook
  2021-04-22  3:34     ` Martin K. Petersen
  0 siblings, 1 reply; 9+ messages in thread
From: Kees Cook @ 2021-04-22  3:20 UTC (permalink / raw)
  To: Martin K. Petersen
  Cc: Gustavo A. R. Silva, Adaptec OEM Raid Solutions,
	James E.J. Bottomley, linux-scsi, linux-kernel, linux-hardening

On Wed, Apr 21, 2021 at 11:03:19PM -0400, Martin K. Petersen wrote:
> 
> Hi Gustavo!
> 
> > Changes in v3:
> >  - Use (nseg_new-1)*sizeof(struct sge_ieee1212) to calculate
> >    size in call to memcpy() in order to avoid any confusion.
> 
> The amended memcpy() hunk appears to be missing from the v3 patch.

It's unchanged from the perspective of the original code. (i.e. there's
no need to change it since that memcpy isn't involved in anything
changed by the swapping to the flexible array.)

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
  2021-04-22  3:20   ` Kees Cook
@ 2021-04-22  3:34     ` Martin K. Petersen
  0 siblings, 0 replies; 9+ messages in thread
From: Martin K. Petersen @ 2021-04-22  3:34 UTC (permalink / raw)
  To: Kees Cook
  Cc: Martin K. Petersen, Gustavo A. R. Silva,
	Adaptec OEM Raid Solutions, James E.J. Bottomley, linux-scsi,
	linux-kernel, linux-hardening


Kees,

>> The amended memcpy() hunk appears to be missing from the v3 patch.
>
> It's unchanged from the perspective of the original code. (i.e. there's
> no need to change it since that memcpy isn't involved in anything
> changed by the swapping to the flexible array.)

Ah, I was under the impression that you intended to do sizeof(*sge) to
match the kmalloc_array() above.

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
  2021-04-21 18:56 [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member Gustavo A. R. Silva
  2021-04-22  3:03 ` Martin K. Petersen
@ 2021-05-04  0:19 ` Gustavo A. R. Silva
  2021-05-04  2:56   ` Martin K. Petersen
  2021-05-11  3:25 ` Martin K. Petersen
  2 siblings, 1 reply; 9+ messages in thread
From: Gustavo A. R. Silva @ 2021-05-04  0:19 UTC (permalink / raw)
  To: Gustavo A. R. Silva, Adaptec OEM Raid Solutions,
	James E.J. Bottomley, Martin K. Petersen
  Cc: linux-scsi, linux-kernel, linux-hardening, Kees Cook

Hi Martin,

Friendly ping: could you take this patch, please? :)

Thanks!
--
Gustavo

On 4/21/21 13:56, Gustavo A. R. Silva wrote:
> There is a regular need in the kernel to provide a way to declare having
> a dynamically sized set of trailing elements in a structure. Kernel code
> should always use “flexible array members”[1] for these cases. The older
> style of one-element or zero-length arrays should no longer be used[2].
> 
> Refactor the code according to the use of a flexible-array member in
> struct aac_raw_io2 instead of one-element array, and use the
> struct_size() helper.
> 
> Also, this helps with the ongoing efforts to enable -Warray-bounds by
> fixing the following warnings:
> 
> drivers/scsi/aacraid/aachba.c: In function ‘aac_build_sgraw2’:
> drivers/scsi/aacraid/aachba.c:3970:18: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
>  3970 |     if (rio2->sge[j].length % (i*PAGE_SIZE)) {
>       |         ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:3974:27: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
>  3974 |     nseg_new += (rio2->sge[j].length / (i*PAGE_SIZE));
>       |                  ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4011:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
>  4011 |   for (j = 0; j < rio2->sge[i].length / (pages * PAGE_SIZE); ++j) {
>       |                   ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4012:24: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
>  4012 |    addr_low = rio2->sge[i].addrLow + j * pages * PAGE_SIZE;
>       |               ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4014:33: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
>  4014 |    sge[pos].addrHigh = rio2->sge[i].addrHigh;
>       |                        ~~~~~~~~~^~~
> drivers/scsi/aacraid/aachba.c:4015:28: warning: array subscript 1 is above array bounds of ‘struct sge_ieee1212[1]’ [-Warray-bounds]
>  4015 |    if (addr_low < rio2->sge[i].addrLow)
>       |                   ~~~~~~~~~^~~
> 
> [1] https://en.wikipedia.org/wiki/Flexible_array_member
> [2] https://www.kernel.org/doc/html/v5.9/process/deprecated.html#zero-length-and-one-element-arrays
> 
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/109
> Build-tested-by: kernel test robot <lkp@intel.com>
> Link: https://lore.kernel.org/lkml/60414244.ur4%2FkI+fBF1ohKZs%25lkp@intel.com/
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
> Changes in v3:
>  - Use (nseg_new-1)*sizeof(struct sge_ieee1212) to calculate
>    size in call to memcpy() in order to avoid any confusion.
> 
> Changes in v2:
>  - Add code comment for clarification.
> 
>  drivers/scsi/aacraid/aachba.c  | 10 +++++-----
>  drivers/scsi/aacraid/aacraid.h |  2 +-
>  2 files changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
> index f1f62b5da8b7..46b8dffce2dd 100644
> --- a/drivers/scsi/aacraid/aachba.c
> +++ b/drivers/scsi/aacraid/aachba.c
> @@ -1235,8 +1235,8 @@ static int aac_read_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u3
>  		if (ret < 0)
>  			return ret;
>  		command = ContainerRawIo2;
> -		fibsize = sizeof(struct aac_raw_io2) +
> -			((le32_to_cpu(readcmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
> +		fibsize = struct_size(readcmd2, sge,
> +				     le32_to_cpu(readcmd2->sgeCnt));
>  	} else {
>  		struct aac_raw_io *readcmd;
>  		readcmd = (struct aac_raw_io *) fib_data(fib);
> @@ -1366,8 +1366,8 @@ static int aac_write_raw_io(struct fib * fib, struct scsi_cmnd * cmd, u64 lba, u
>  		if (ret < 0)
>  			return ret;
>  		command = ContainerRawIo2;
> -		fibsize = sizeof(struct aac_raw_io2) +
> -			((le32_to_cpu(writecmd2->sgeCnt)-1) * sizeof(struct sge_ieee1212));
> +		fibsize = struct_size(writecmd2, sge,
> +				      le32_to_cpu(writecmd2->sgeCnt));
>  	} else {
>  		struct aac_raw_io *writecmd;
>  		writecmd = (struct aac_raw_io *) fib_data(fib);
> @@ -3998,7 +3998,7 @@ static int aac_convert_sgraw2(struct aac_raw_io2 *rio2, int pages, int nseg, int
>  	if (aac_convert_sgl == 0)
>  		return 0;
>  
> -	sge = kmalloc_array(nseg_new, sizeof(struct sge_ieee1212), GFP_ATOMIC);
> +	sge = kmalloc_array(nseg_new, sizeof(*sge), GFP_ATOMIC);
>  	if (sge == NULL)
>  		return -ENOMEM;
>  
> diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h
> index e3e4ecbea726..3733df77bc65 100644
> --- a/drivers/scsi/aacraid/aacraid.h
> +++ b/drivers/scsi/aacraid/aacraid.h
> @@ -1929,7 +1929,7 @@ struct aac_raw_io2 {
>  	u8		bpComplete;	/* reserved for F/W use */
>  	u8		sgeFirstIndex;	/* reserved for F/W use */
>  	u8		unused[4];
> -	struct sge_ieee1212	sge[1];
> +	struct sge_ieee1212	sge[];
>  };
>  
>  #define CT_FLUSH_CACHE 129
> 

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
  2021-05-04  0:19 ` Gustavo A. R. Silva
@ 2021-05-04  2:56   ` Martin K. Petersen
  2021-05-04  3:06     ` Gustavo A. R. Silva
  0 siblings, 1 reply; 9+ messages in thread
From: Martin K. Petersen @ 2021-05-04  2:56 UTC (permalink / raw)
  To: Gustavo A. R. Silva
  Cc: Gustavo A. R. Silva, Adaptec OEM Raid Solutions,
	James E.J. Bottomley, Martin K. Petersen, linux-scsi,
	linux-kernel, linux-hardening, Kees Cook


Gustavo,

> Friendly ping: could you take this patch, please? :)

Applied to 5.14/scsi-staging, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
  2021-05-04  2:56   ` Martin K. Petersen
@ 2021-05-04  3:06     ` Gustavo A. R. Silva
  0 siblings, 0 replies; 9+ messages in thread
From: Gustavo A. R. Silva @ 2021-05-04  3:06 UTC (permalink / raw)
  To: Martin K. Petersen
  Cc: Gustavo A. R. Silva, Adaptec OEM Raid Solutions,
	James E.J. Bottomley, linux-scsi, linux-kernel, linux-hardening,
	Kees Cook



On 5/3/21 21:56, Martin K. Petersen wrote:

> Applied to 5.14/scsi-staging, thanks!

Awesome! :)

Thank you.
--
Gustavo

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
  2021-04-21 18:56 [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member Gustavo A. R. Silva
  2021-04-22  3:03 ` Martin K. Petersen
  2021-05-04  0:19 ` Gustavo A. R. Silva
@ 2021-05-11  3:25 ` Martin K. Petersen
  2021-05-11  3:30   ` Gustavo A. R. Silva
  2 siblings, 1 reply; 9+ messages in thread
From: Martin K. Petersen @ 2021-05-11  3:25 UTC (permalink / raw)
  To: Adaptec OEM Raid Solutions, James E.J. Bottomley, Gustavo A. R. Silva
  Cc: Martin K . Petersen, Kees Cook, linux-kernel, linux-scsi,
	linux-hardening

On Wed, 21 Apr 2021 13:56:11 -0500, Gustavo A. R. Silva wrote:

> There is a regular need in the kernel to provide a way to declare having
> a dynamically sized set of trailing elements in a structure. Kernel code
> should always use “flexible array members”[1] for these cases. The older
> style of one-element or zero-length arrays should no longer be used[2].
> 
> Refactor the code according to the use of a flexible-array member in
> struct aac_raw_io2 instead of one-element array, and use the
> struct_size() helper.
> 
> [...]

Applied to 5.14/scsi-queue, thanks!

[1/1] scsi: aacraid: Replace one-element array with flexible-array member
      https://git.kernel.org/mkp/scsi/c/39107e8577ad

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member
  2021-05-11  3:25 ` Martin K. Petersen
@ 2021-05-11  3:30   ` Gustavo A. R. Silva
  0 siblings, 0 replies; 9+ messages in thread
From: Gustavo A. R. Silva @ 2021-05-11  3:30 UTC (permalink / raw)
  To: Martin K. Petersen, Adaptec OEM Raid Solutions,
	James E.J. Bottomley, Gustavo A. R. Silva
  Cc: Kees Cook, linux-kernel, linux-scsi, linux-hardening



On 5/10/21 22:25, Martin K. Petersen wrote:
> On Wed, 21 Apr 2021 13:56:11 -0500, Gustavo A. R. Silva wrote:
> 
>> There is a regular need in the kernel to provide a way to declare having
>> a dynamically sized set of trailing elements in a structure. Kernel code
>> should always use “flexible array members”[1] for these cases. The older
>> style of one-element or zero-length arrays should no longer be used[2].
>>
>> Refactor the code according to the use of a flexible-array member in
>> struct aac_raw_io2 instead of one-element array, and use the
>> struct_size() helper.
>>
>> [...]
> 
> Applied to 5.14/scsi-queue, thanks!
> 
> [1/1] scsi: aacraid: Replace one-element array with flexible-array member
>       https://git.kernel.org/mkp/scsi/c/39107e8577ad

Awesome. :)

Thanks, Martin.
--
Gustavo


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2021-05-11  3:30 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-21 18:56 [PATCH v3][next] scsi: aacraid: Replace one-element array with flexible-array member Gustavo A. R. Silva
2021-04-22  3:03 ` Martin K. Petersen
2021-04-22  3:20   ` Kees Cook
2021-04-22  3:34     ` Martin K. Petersen
2021-05-04  0:19 ` Gustavo A. R. Silva
2021-05-04  2:56   ` Martin K. Petersen
2021-05-04  3:06     ` Gustavo A. R. Silva
2021-05-11  3:25 ` Martin K. Petersen
2021-05-11  3:30   ` Gustavo A. R. Silva

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).