stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* FAILED: patch "[PATCH] scsi: fnic: fix invalid stack access" failed to apply to 4.9-stable tree
@ 2020-01-19 13:43 gregkh
  2020-01-19 15:53 ` Sasha Levin
  0 siblings, 1 reply; 2+ messages in thread
From: gregkh @ 2020-01-19 13:43 UTC (permalink / raw)
  To: arnd, martin.petersen; +Cc: stable


The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From 42ec15ceaea74b5f7a621fc6686cbf69ca66c4cf Mon Sep 17 00:00:00 2001
From: Arnd Bergmann <arnd@arndb.de>
Date: Tue, 7 Jan 2020 21:15:49 +0100
Subject: [PATCH] scsi: fnic: fix invalid stack access

gcc -O3 warns that some local variables are not properly initialized:

drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_hang_notify':
drivers/scsi/fnic/vnic_dev.c:511:16: error: 'a0' is used uninitialized in this function [-Werror=uninitialized]
  vdev->args[0] = *a0;
  ~~~~~~~~~~~~~~^~~~~
drivers/scsi/fnic/vnic_dev.c:691:6: note: 'a0' was declared here
  u64 a0, a1;
      ^~
drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized]
  vdev->args[1] = *a1;
  ~~~~~~~~~~~~~~^~~~~
drivers/scsi/fnic/vnic_dev.c:691:10: note: 'a1' was declared here
  u64 a0, a1;
          ^~
drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_mac_addr':
drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized]
  vdev->args[1] = *a1;
  ~~~~~~~~~~~~~~^~~~~
drivers/scsi/fnic/vnic_dev.c:698:10: note: 'a1' was declared here
  u64 a0, a1;
          ^~

Apparently the code relies on the local variables occupying adjacent memory
locations in the same order, but this is of course not guaranteed.

Use an array of two u64 variables where needed to make it work correctly.

I suspect there is also an endianness bug here, but have not digged in deep
enough to be sure.

Fixes: 5df6d737dd4b ("[SCSI] fnic: Add new Cisco PCI-Express FCoE HBA")
Fixes: mmtom ("init/Kconfig: enable -O3 for all arches")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200107201602.4096790-1-arnd@arndb.de
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/fnic/vnic_dev.c b/drivers/scsi/fnic/vnic_dev.c
index 1f55b9e4e74a..1b88a3b53eee 100644
--- a/drivers/scsi/fnic/vnic_dev.c
+++ b/drivers/scsi/fnic/vnic_dev.c
@@ -688,26 +688,26 @@ int vnic_dev_soft_reset_done(struct vnic_dev *vdev, int *done)
 
 int vnic_dev_hang_notify(struct vnic_dev *vdev)
 {
-	u64 a0, a1;
+	u64 a0 = 0, a1 = 0;
 	int wait = 1000;
 	return vnic_dev_cmd(vdev, CMD_HANG_NOTIFY, &a0, &a1, wait);
 }
 
 int vnic_dev_mac_addr(struct vnic_dev *vdev, u8 *mac_addr)
 {
-	u64 a0, a1;
+	u64 a[2] = {};
 	int wait = 1000;
 	int err, i;
 
 	for (i = 0; i < ETH_ALEN; i++)
 		mac_addr[i] = 0;
 
-	err = vnic_dev_cmd(vdev, CMD_MAC_ADDR, &a0, &a1, wait);
+	err = vnic_dev_cmd(vdev, CMD_MAC_ADDR, &a[0], &a[1], wait);
 	if (err)
 		return err;
 
 	for (i = 0; i < ETH_ALEN; i++)
-		mac_addr[i] = ((u8 *)&a0)[i];
+		mac_addr[i] = ((u8 *)&a)[i];
 
 	return 0;
 }
@@ -732,30 +732,30 @@ void vnic_dev_packet_filter(struct vnic_dev *vdev, int directed, int multicast,
 
 void vnic_dev_add_addr(struct vnic_dev *vdev, u8 *addr)
 {
-	u64 a0 = 0, a1 = 0;
+	u64 a[2] = {};
 	int wait = 1000;
 	int err;
 	int i;
 
 	for (i = 0; i < ETH_ALEN; i++)
-		((u8 *)&a0)[i] = addr[i];
+		((u8 *)&a)[i] = addr[i];
 
-	err = vnic_dev_cmd(vdev, CMD_ADDR_ADD, &a0, &a1, wait);
+	err = vnic_dev_cmd(vdev, CMD_ADDR_ADD, &a[0], &a[1], wait);
 	if (err)
 		pr_err("Can't add addr [%pM], %d\n", addr, err);
 }
 
 void vnic_dev_del_addr(struct vnic_dev *vdev, u8 *addr)
 {
-	u64 a0 = 0, a1 = 0;
+	u64 a[2] = {};
 	int wait = 1000;
 	int err;
 	int i;
 
 	for (i = 0; i < ETH_ALEN; i++)
-		((u8 *)&a0)[i] = addr[i];
+		((u8 *)&a)[i] = addr[i];
 
-	err = vnic_dev_cmd(vdev, CMD_ADDR_DEL, &a0, &a1, wait);
+	err = vnic_dev_cmd(vdev, CMD_ADDR_DEL, &a[0], &a[1], wait);
 	if (err)
 		pr_err("Can't del addr [%pM], %d\n", addr, err);
 }


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: FAILED: patch "[PATCH] scsi: fnic: fix invalid stack access" failed to apply to 4.9-stable tree
  2020-01-19 13:43 FAILED: patch "[PATCH] scsi: fnic: fix invalid stack access" failed to apply to 4.9-stable tree gregkh
@ 2020-01-19 15:53 ` Sasha Levin
  0 siblings, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2020-01-19 15:53 UTC (permalink / raw)
  To: gregkh; +Cc: arnd, martin.petersen, stable

On Sun, Jan 19, 2020 at 02:43:27PM +0100, gregkh@linuxfoundation.org wrote:
>
>The patch below does not apply to the 4.9-stable tree.
>If someone wants it applied there, or to any other stable or longterm
>tree, then please email the backport, including the original git commit
>id to <stable@vger.kernel.org>.
>
>thanks,
>
>greg k-h
>
>------------------ original commit in Linus's tree ------------------
>
>From 42ec15ceaea74b5f7a621fc6686cbf69ca66c4cf Mon Sep 17 00:00:00 2001
>From: Arnd Bergmann <arnd@arndb.de>
>Date: Tue, 7 Jan 2020 21:15:49 +0100
>Subject: [PATCH] scsi: fnic: fix invalid stack access
>
>gcc -O3 warns that some local variables are not properly initialized:
>
>drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_hang_notify':
>drivers/scsi/fnic/vnic_dev.c:511:16: error: 'a0' is used uninitialized in this function [-Werror=uninitialized]
>  vdev->args[0] = *a0;
>  ~~~~~~~~~~~~~~^~~~~
>drivers/scsi/fnic/vnic_dev.c:691:6: note: 'a0' was declared here
>  u64 a0, a1;
>      ^~
>drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized]
>  vdev->args[1] = *a1;
>  ~~~~~~~~~~~~~~^~~~~
>drivers/scsi/fnic/vnic_dev.c:691:10: note: 'a1' was declared here
>  u64 a0, a1;
>          ^~
>drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_mac_addr':
>drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized]
>  vdev->args[1] = *a1;
>  ~~~~~~~~~~~~~~^~~~~
>drivers/scsi/fnic/vnic_dev.c:698:10: note: 'a1' was declared here
>  u64 a0, a1;
>          ^~
>
>Apparently the code relies on the local variables occupying adjacent memory
>locations in the same order, but this is of course not guaranteed.
>
>Use an array of two u64 variables where needed to make it work correctly.
>
>I suspect there is also an endianness bug here, but have not digged in deep
>enough to be sure.
>
>Fixes: 5df6d737dd4b ("[SCSI] fnic: Add new Cisco PCI-Express FCoE HBA")
>Fixes: mmtom ("init/Kconfig: enable -O3 for all arches")
>Cc: stable@vger.kernel.org
>Link: https://lore.kernel.org/r/20200107201602.4096790-1-arnd@arndb.de
>Signed-off-by: Arnd Bergmann <arnd@arndb.de>
>Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

I've grabbed 36fe90b0f0bd ("scsi: fnic: use kernel's '%pM' format option
to print MAC") to resolve this conflict and queued both for 4.9 and 4.4

-- 
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-19 15:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-19 13:43 FAILED: patch "[PATCH] scsi: fnic: fix invalid stack access" failed to apply to 4.9-stable tree gregkh
2020-01-19 15:53 ` Sasha Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).