Re: [PATCH] ocfs2: Annotate struct ocfs2_slot_info with __counted_by
On 9/15/23 14:15, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ocfs2_slot_info.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Mark Fasheh
Cc: Joel Becker
Cc: Joseph Qi
Cc: ocfs2-de...@lists.linux.dev
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
fs/ocfs2/slot_map.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
index da7718cef735..e544c704b583 100644
--- a/fs/ocfs2/slot_map.c
+++ b/fs/ocfs2/slot_map.c
@@ -37,7 +37,7 @@ struct ocfs2_slot_info {
unsigned int si_blocks;
struct buffer_head **si_bh;
unsigned int si_num_slots;
- struct ocfs2_slot si_slots[];
+ struct ocfs2_slot si_slots[] __counted_by(si_num_slots);
};
Re: [PATCH] afs: Annotate struct afs_permits with __counted_by
On 9/15/23 14:14, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct afs_permits.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: David Howells
Cc: Marc Dionne
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
fs/afs/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/afs/internal.h b/fs/afs/internal.h
index 07433a5349ca..469a717467a4 100644
--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h
@@ -705,7 +705,7 @@ struct afs_permits {
refcount_t usage;
unsigned short nr_permits; /* Number of records */
boolinvalidated;/* Invalidated due to key
change */
- struct afs_permit permits[]; /* List of permits sorted by
key pointer */
+ struct afs_permit permits[] __counted_by(nr_permits); /* List
of permits sorted by key pointer */
};
/*
Re: [PATCH] ceph: Annotate struct ceph_osd_request with __counted_by
On 9/15/23 14:15, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ceph_osd_request.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Ilya Dryomov
Cc: Xiubo Li
Cc: Jeff Layton
Cc: ceph-de...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
include/linux/ceph/osd_client.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/ceph/osd_client.h b/include/linux/ceph/osd_client.h
index bf9823956758..b8610e9d2471 100644
--- a/include/linux/ceph/osd_client.h
+++ b/include/linux/ceph/osd_client.h
@@ -278,7 +278,7 @@ struct ceph_osd_request {
int r_attempts;
u32 r_map_dne_bound;
- struct ceph_osd_req_op r_ops[];
+ struct ceph_osd_req_op r_ops[] __counted_by(r_num_ops);
};
struct ceph_request_redirect {
Re: [PATCH] ceph: Annotate struct ceph_monmap with __counted_by
On 9/15/23 14:15, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ceph_monmap.
Additionally, since the element count member must be set before accessing
the annotated flexible array member, move its initialization earlier.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Ilya Dryomov
Cc: Xiubo Li
Cc: Jeff Layton
Cc: "David S. Miller"
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc: Paolo Abeni
Cc: ceph-de...@vger.kernel.org
Cc: net...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
include/linux/ceph/mon_client.h | 2 +-
net/ceph/mon_client.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/ceph/mon_client.h b/include/linux/ceph/mon_client.h
index b658961156a0..7a9a40163c0f 100644
--- a/include/linux/ceph/mon_client.h
+++ b/include/linux/ceph/mon_client.h
@@ -19,7 +19,7 @@ struct ceph_monmap {
struct ceph_fsid fsid;
u32 epoch;
u32 num_mon;
- struct ceph_entity_inst mon_inst[];
+ struct ceph_entity_inst mon_inst[] __counted_by(num_mon);
};
struct ceph_mon_client;
diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
index faabad6603db..f263f7e91a21 100644
--- a/net/ceph/mon_client.c
+++ b/net/ceph/mon_client.c
@@ -1136,6 +1136,7 @@ static int build_initial_monmap(struct ceph_mon_client
*monc)
GFP_KERNEL);
if (!monc->monmap)
return -ENOMEM;
+ monc->monmap->num_mon = num_mon;
for (i = 0; i < num_mon; i++) {
struct ceph_entity_inst *inst = >monmap->mon_inst[i];
@@ -1147,7 +1148,6 @@ static int build_initial_monmap(struct ceph_mon_client
*monc)
inst->name.type = CEPH_ENTITY_TYPE_MON;
inst->name.num = cpu_to_le64(i);
}
- monc->monmap->num_mon = num_mon;
return 0;
}
Re: [PATCH] NFS/flexfiles: Annotate struct nfs4_ff_layout_segment with __counted_by
On 9/15/23 14:14, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct nfs4_ff_layout_segment.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Trond Myklebust
Cc: Anna Schumaker
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
fs/nfs/flexfilelayout/flexfilelayout.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/flexfilelayout/flexfilelayout.h
b/fs/nfs/flexfilelayout/flexfilelayout.h
index 354a031c69b1..f84b3fb0 100644
--- a/fs/nfs/flexfilelayout/flexfilelayout.h
+++ b/fs/nfs/flexfilelayout/flexfilelayout.h
@@ -99,7 +99,7 @@ struct nfs4_ff_layout_segment {
u64 stripe_unit;
u32 flags;
u32 mirror_array_cnt;
- struct nfs4_ff_layout_mirror*mirror_array[];
+ struct nfs4_ff_layout_mirror*mirror_array[]
__counted_by(mirror_array_cnt);
};
struct nfs4_flexfile_layout {
Re: [PATCH] afs: Annotate struct afs_addr_list with __counted_by
On 9/15/23 14:14, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct afs_addr_list.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: David Howells
Cc: Marc Dionne
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
fs/afs/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/afs/internal.h b/fs/afs/internal.h
index da73b97e19a9..07433a5349ca 100644
--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h
@@ -87,7 +87,7 @@ struct afs_addr_list {
enum dns_lookup_status status:8;
unsigned long failed; /* Mask of addrs that failed
locally/ICMP */
unsigned long responded; /* Mask of addrs that responded
*/
- struct sockaddr_rxrpc addrs[];
+ struct sockaddr_rxrpc addrs[] __counted_by(max_addrs);
#define AFS_MAX_ADDRESSES ((unsigned int)(sizeof(unsigned long) * 8))
};
Re: [PATCH] aio: Annotate struct kioctx_table with __counted_by
On 9/15/23 14:14, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct kioctx_table.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Benjamin LaHaise
Cc: Alexander Viro
Cc: Christian Brauner
Cc: linux-...@kvack.org
Cc: linux-fsde...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
fs/aio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/aio.c b/fs/aio.c
index a4c2a6bac72c..f8589caef9c1 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -80,7 +80,7 @@ struct aio_ring {
struct kioctx_table {
struct rcu_head rcu;
unsignednr;
- struct kioctx __rcu *table[];
+ struct kioctx __rcu *table[] __counted_by(nr);
};
struct kioctx_cpu {
Re: [PATCH] udf: Annotate struct udf_bitmap with __counted_by
On 9/15/23 14:14, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct udf_bitmap.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Jan Kara
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
fs/udf/udf_sb.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/udf/udf_sb.h b/fs/udf/udf_sb.h
index 9af6ff7f9747..f9a60bc1abcf 100644
--- a/fs/udf/udf_sb.h
+++ b/fs/udf/udf_sb.h
@@ -86,7 +86,7 @@ struct udf_virtual_data {
struct udf_bitmap {
__u32 s_extPosition;
int s_nr_groups;
- struct buffer_head *s_block_bitmap[];
+ struct buffer_head *s_block_bitmap[] __counted_by(s_nr_groups);
};
struct udf_part_map {
Re: [PATCH] mtd: rawnand: renesas: Annotate struct rnand_chip with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct rnand_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Cc: linux-renesas-...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/mtd/nand/raw/renesas-nand-controller.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/renesas-nand-controller.c
b/drivers/mtd/nand/raw/renesas-nand-controller.c
index 589021ea9eb2..c9a01feff8df 100644
--- a/drivers/mtd/nand/raw/renesas-nand-controller.c
+++ b/drivers/mtd/nand/raw/renesas-nand-controller.c
@@ -210,7 +210,7 @@ struct rnand_chip {
u32 tim_gen_seq1;
u32 tim_gen_seq2;
u32 tim_gen_seq3;
- struct rnand_chip_sel sels[];
+ struct rnand_chip_sel sels[] __counted_by(nsels);
};
struct rnandc {
Re: [PATCH] mtd: rawnand: sunxi: Annotate struct sunxi_nand_chip with __counted_by
On 9/15/23 14:13, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct sunxi_nand_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: Chen-Yu Tsai
Cc: Jernej Skrabec
Cc: Samuel Holland
Cc: Manuel Dipolt
Cc: linux-...@lists.infradead.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-su...@lists.linux.dev
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/mtd/nand/raw/sunxi_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/sunxi_nand.c
b/drivers/mtd/nand/raw/sunxi_nand.c
index 9abf38049d35..4ec17c8bce5a 100644
--- a/drivers/mtd/nand/raw/sunxi_nand.c
+++ b/drivers/mtd/nand/raw/sunxi_nand.c
@@ -197,7 +197,7 @@ struct sunxi_nand_chip {
u32 timing_cfg;
u32 timing_ctl;
int nsels;
- struct sunxi_nand_chip_sel sels[];
+ struct sunxi_nand_chip_sel sels[] __counted_by(nsels);
};
static inline struct sunxi_nand_chip *to_sunxi_nand(struct nand_chip *nand)
Re: [PATCH] mtd: rawnand: marvell: Annotate struct marvell_nand_chip with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct marvell_nand_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/mtd/nand/raw/marvell_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/marvell_nand.c
b/drivers/mtd/nand/raw/marvell_nand.c
index b841a81cb128..a46698744850 100644
--- a/drivers/mtd/nand/raw/marvell_nand.c
+++ b/drivers/mtd/nand/raw/marvell_nand.c
@@ -348,7 +348,7 @@ struct marvell_nand_chip {
int addr_cyc;
int selected_die;
unsigned int nsels;
- struct marvell_nand_chip_sel sels[];
+ struct marvell_nand_chip_sel sels[] __counted_by(nsels);
};
static inline struct marvell_nand_chip *to_marvell_nand(struct nand_chip *chip)
Re: [PATCH] mtd: rawnand: meson: Annotate struct meson_nfc_nand_chip with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct meson_nfc_nand_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Liang Yang
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: Neil Armstrong
Cc: Kevin Hilman
Cc: Jerome Brunet
Cc: Martin Blumenstingl
Cc: linux-...@lists.infradead.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-amlo...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/mtd/nand/raw/meson_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/meson_nand.c
b/drivers/mtd/nand/raw/meson_nand.c
index 25e3c1cb605e..378f28ce6a74 100644
--- a/drivers/mtd/nand/raw/meson_nand.c
+++ b/drivers/mtd/nand/raw/meson_nand.c
@@ -128,7 +128,7 @@ struct meson_nfc_nand_chip {
u8 *data_buf;
__le64 *info_buf;
u32 nsels;
- u8 sels[];
+ u8 sels[] __counted_by(nsels);
};
struct meson_nand_ecc {
Re: [PATCH] mtd: rawnand: ingenic: Annotate struct ingenic_nfc with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ingenic_nfc.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Paul Cercueil
Cc: Harvey Hunt
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-m...@vger.kernel.org
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c
b/drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c
index 6748226b8bd1..ce9ef4e65597 100644
--- a/drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c
+++ b/drivers/mtd/nand/raw/ingenic/ingenic_nand_drv.c
@@ -46,7 +46,7 @@ struct ingenic_nfc {
struct nand_controller controller;
unsigned int num_banks;
struct list_head chips;
- struct ingenic_nand_cs cs[];
+ struct ingenic_nand_cs cs[] __counted_by(num_banks);
};
struct ingenic_nand {
Re: [PATCH] mtd: rawnand: denali: Annotate struct denali_chip with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct denali_chip.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/mtd/nand/raw/denali.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/denali.h b/drivers/mtd/nand/raw/denali.h
index ac46eb7956ce..5f2fab022fc5 100644
--- a/drivers/mtd/nand/raw/denali.h
+++ b/drivers/mtd/nand/raw/denali.h
@@ -328,7 +328,7 @@ struct denali_chip {
struct nand_chip chip;
struct list_head node;
unsigned int nsels;
- struct denali_chip_sel sels[];
+ struct denali_chip_sel sels[] __counted_by(nsels);
};
/**
Re: [PATCH] mtd: cfi: Annotate struct cfi_private with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct cfi_private.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
include/linux/mtd/cfi.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/mtd/cfi.h b/include/linux/mtd/cfi.h
index d88bb56c18e2..947410faf9e2 100644
--- a/include/linux/mtd/cfi.h
+++ b/include/linux/mtd/cfi.h
@@ -287,7 +287,7 @@ struct cfi_private {
unsigned long chipshift; /* Because they're of the same type */
const char *im_name; /* inter_module name for cmdset_setup */
unsigned long quirks;
- struct flchip chips[]; /* per-chip data structure for each chip */
+ struct flchip chips[] __counted_by(numchips); /* per-chip data
structure for each chip */
};
uint32_t cfi_build_cmd_addr(uint32_t cmd_ofs,
Re: [PATCH] mtd: rawnand: atmel: Annotate struct atmel_nand with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct atmel_nand.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Tudor Ambarus
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: Nicolas Ferre
Cc: Alexandre Belloni
Cc: Claudiu Beznea
Cc: linux-...@lists.infradead.org
Cc: linux-arm-ker...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c
b/drivers/mtd/nand/raw/atmel/nand-controller.c
index 3f494f7c7ecb..4cb478bbee4a 100644
--- a/drivers/mtd/nand/raw/atmel/nand-controller.c
+++ b/drivers/mtd/nand/raw/atmel/nand-controller.c
@@ -165,7 +165,7 @@ struct atmel_nand {
struct atmel_pmecc_user *pmecc;
struct gpio_desc *cdgpio;
int numcs;
- struct atmel_nand_cs cs[];
+ struct atmel_nand_cs cs[] __counted_by(numcs);
};
static inline struct atmel_nand *to_atmel_nand(struct nand_chip *chip)
Re: [PATCH] leds: qcom-lpg: Annotate struct lpg_led with __counted_by
On 9/15/23 14:11, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct lpg_led.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: Bjorn Andersson
Cc: "Uwe Kleine-König"
Cc: Douglas Anderson
Cc: Anjelique Melendez
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/rgb/leds-qcom-lpg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/rgb/leds-qcom-lpg.c b/drivers/leds/rgb/leds-qcom-lpg.c
index df469aaa7e6e..7d93e02a030a 100644
--- a/drivers/leds/rgb/leds-qcom-lpg.c
+++ b/drivers/leds/rgb/leds-qcom-lpg.c
@@ -173,7 +173,7 @@ struct lpg_led {
struct led_classdev_mc mcdev;
unsigned int num_channels;
- struct lpg_channel *channels[];
+ struct lpg_channel *channels[] __counted_by(num_channels);
};
/**
Re: [PATCH] leds: mt6370: Annotate struct mt6370_priv with __counted_by
On 9/15/23 14:10, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct mt6370_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: Matthias Brugger
Cc: AngeloGioacchino Del Regno
Cc: Alice Chen
Cc: Jacek Anaszewski
Cc: ChiYuan Huang
Cc: ChiaEn Wu
Cc: kernel test robot
Cc: linux-l...@vger.kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-media...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/flash/leds-mt6370-flash.c | 2 +-
drivers/leds/rgb/leds-mt6370-rgb.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/leds/flash/leds-mt6370-flash.c
b/drivers/leds/flash/leds-mt6370-flash.c
index 931067c8a75f..912d9d622320 100644
--- a/drivers/leds/flash/leds-mt6370-flash.c
+++ b/drivers/leds/flash/leds-mt6370-flash.c
@@ -81,7 +81,7 @@ struct mt6370_priv {
unsigned int fled_torch_used;
unsigned int leds_active;
unsigned int leds_count;
- struct mt6370_led leds[];
+ struct mt6370_led leds[] __counted_by(leds_count);
};
static int mt6370_torch_brightness_set(struct led_classdev *lcdev, enum led_brightness level)
diff --git a/drivers/leds/rgb/leds-mt6370-rgb.c
b/drivers/leds/rgb/leds-mt6370-rgb.c
index bb62431efe83..448d0da11848 100644
--- a/drivers/leds/rgb/leds-mt6370-rgb.c
+++ b/drivers/leds/rgb/leds-mt6370-rgb.c
@@ -153,7 +153,7 @@ struct mt6370_priv {
const struct mt6370_pdata *pdata;
unsigned int leds_count;
unsigned int leds_active;
- struct mt6370_led leds[];
+ struct mt6370_led leds[] __counted_by(leds_count);
};
static const struct reg_field common_reg_fields[F_MAX_FIELDS] = {
Re: [PATCH] mtd: Annotate struct lpddr_private with __counted_by
On 9/15/23 14:12, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct lpddr_private.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Miquel Raynal
Cc: Richard Weinberger
Cc: Vignesh Raghavendra
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
include/linux/mtd/qinfo.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/mtd/qinfo.h b/include/linux/mtd/qinfo.h
index 2e3f43788d48..0421f12156b5 100644
--- a/include/linux/mtd/qinfo.h
+++ b/include/linux/mtd/qinfo.h
@@ -24,7 +24,7 @@ struct lpddr_private {
struct qinfo_chip *qinfo;
int numchips;
unsigned long chipshift;
- struct flchip chips[];
+ struct flchip chips[] __counted_by(numchips);
};
/* qinfo_query_info structure contains request information for
Re: [PATCH] leds: mt6360: Annotate struct mt6360_priv with __counted_by
On 9/15/23 14:10, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct mt6360_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: Matthias Brugger
Cc: AngeloGioacchino Del Regno
Cc: Gene Chen
Cc: Jacek Anaszewski
Cc: Andy Shevchenko
Cc: linux-l...@vger.kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-media...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/flash/leds-mt6360.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/flash/leds-mt6360.c b/drivers/leds/flash/leds-mt6360.c
index 1af6c5898343..b70dc689b33f 100644
--- a/drivers/leds/flash/leds-mt6360.c
+++ b/drivers/leds/flash/leds-mt6360.c
@@ -91,7 +91,7 @@ struct mt6360_priv {
unsigned int fled_torch_used;
unsigned int leds_active;
unsigned int leds_count;
- struct mt6360_led leds[];
+ struct mt6360_led leds[] __counted_by(leds_count);
};
static int mt6360_mc_brightness_set(struct led_classdev *lcdev,
Re: [PATCH] leds: lm3697: Annotate struct lm3697 with __counted_by
On 9/15/23 14:10, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct lm3697.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-lm3697.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-lm3697.c b/drivers/leds/leds-lm3697.c
index cfb8ac220db6..380d17a58fe9 100644
--- a/drivers/leds/leds-lm3697.c
+++ b/drivers/leds/leds-lm3697.c
@@ -89,7 +89,7 @@ struct lm3697 {
int bank_cfg;
int num_banks;
- struct lm3697_led leds[];
+ struct lm3697_led leds[] __counted_by(num_banks);
};
static const struct reg_default lm3697_reg_defs[] = {
Re: [PATCH] leds: gpio: Annotate struct gpio_leds_priv with __counted_by
On 9/15/23 14:10, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct gpio_leds_priv.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-gpio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-gpio.c b/drivers/leds/leds-gpio.c
index 7bfe40a6bfdd..a6597f0f3eb4 100644
--- a/drivers/leds/leds-gpio.c
+++ b/drivers/leds/leds-gpio.c
@@ -142,7 +142,7 @@ static int create_gpio_led(const struct gpio_led *template,
struct gpio_leds_priv {
int num_leds;
- struct gpio_led_data leds[];
+ struct gpio_led_data leds[] __counted_by(num_leds);
};
static struct gpio_leds_priv *gpio_leds_create(struct platform_device *pdev)
Re: [PATCH] leds: cr0014114: Annotate struct cr0014114 with __counted_by
On 9/15/23 14:09, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct cr0014114.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-cr0014114.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-cr0014114.c b/drivers/leds/leds-cr0014114.c
index b33bca397ea6..c9914fc51f20 100644
--- a/drivers/leds/leds-cr0014114.c
+++ b/drivers/leds/leds-cr0014114.c
@@ -56,7 +56,7 @@ struct cr0014114 {
struct spi_device *spi;
u8 *buf;
unsigned long delay;
- struct cr0014114_ledleds[];
+ struct cr0014114_ledleds[] __counted_by(count);
};
static void cr0014114_calc_crc(u8 *buf, const size_t len)
Re: [PATCH] leds: el15203000: Annotate struct el15203000 with __counted_by
On 9/15/23 14:09, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct el15203000.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-el15203000.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-el15203000.c b/drivers/leds/leds-el15203000.c
index 7e7b617bcd56..d40194a3029f 100644
--- a/drivers/leds/leds-el15203000.c
+++ b/drivers/leds/leds-el15203000.c
@@ -80,7 +80,7 @@ struct el15203000 {
struct spi_device *spi;
unsigned long delay;
size_t count;
- struct el15203000_led leds[];
+ struct el15203000_led leds[] __counted_by(count);
};
#define to_el15203000_led(d) container_of(d, struct el15203000_led, ldev)
Re: [PATCH] leds: aw200xx: Annotate struct aw200xx with __counted_by
On 9/15/23 14:09, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct aw200xx.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Pavel Machek
Cc: Lee Jones
Cc: linux-l...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/leds/leds-aw200xx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/leds/leds-aw200xx.c b/drivers/leds/leds-aw200xx.c
index 691a743cc9b0..4d517cace3e7 100644
--- a/drivers/leds/leds-aw200xx.c
+++ b/drivers/leds/leds-aw200xx.c
@@ -112,7 +112,7 @@ struct aw200xx {
struct mutex mutex;
u32 num_leds;
u32 display_rows;
- struct aw200xx_led leds[];
+ struct aw200xx_led leds[] __counted_by(num_leds);
};
static ssize_t dim_show(struct device *dev, struct device_attribute *devattr,
Re: [PATCH] wifi: mt76: Annotate struct mt76_rx_tid with __counted_by
On 9/15/23 14:06, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct mt76_rx_tid.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Felix Fietkau
Cc: Lorenzo Bianconi
Cc: Ryder Lee
Cc: Shayne Chen
Cc: Sean Wang
Cc: Kalle Valo
Cc: Matthias Brugger
Cc: AngeloGioacchino Del Regno
Cc: linux-wirel...@vger.kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linux-media...@lists.infradead.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/mediatek/mt76/mt76.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h
b/drivers/net/wireless/mediatek/mt76/mt76.h
index e8757865a3d0..03ef617b1527 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76.h
@@ -376,7 +376,7 @@ struct mt76_rx_tid {
u8 started:1, stopped:1, timer_pending:1;
- struct sk_buff *reorder_buf[];
+ struct sk_buff *reorder_buf[] __counted_by(size);
};
#define MT_TX_CB_DMA_DONE BIT(0)
Re: [PATCH] wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by
On 9/15/23 14:06, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct wcn36xx_hal_ind_msg.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Loic Poulain
Cc: Kalle Valo
Cc: wcn3...@lists.infradead.org
Cc: linux-wirel...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/ath/wcn36xx/smd.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/smd.h
b/drivers/net/wireless/ath/wcn36xx/smd.h
index cf15cde2a364..2c1ed9e570bf 100644
--- a/drivers/net/wireless/ath/wcn36xx/smd.h
+++ b/drivers/net/wireless/ath/wcn36xx/smd.h
@@ -47,7 +47,7 @@ struct wcn36xx_fw_msg_status_rsp {
struct wcn36xx_hal_ind_msg {
struct list_head list;
size_t msg_len;
- u8 msg[];
+ u8 msg[] __counted_by(msg_len);
};
struct wcn36xx;
Re: [PATCH] wifi: ipw2x00: Annotate struct libipw_txb with __counted_by
On 9/15/23 14:06, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct libipw_txb.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Stanislav Yakovlev
Cc: Kalle Valo
Cc: linux-wirel...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/intel/ipw2x00/libipw.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/ipw2x00/libipw.h
b/drivers/net/wireless/intel/ipw2x00/libipw.h
index bec7bc273748..9065ca5b0208 100644
--- a/drivers/net/wireless/intel/ipw2x00/libipw.h
+++ b/drivers/net/wireless/intel/ipw2x00/libipw.h
@@ -488,7 +488,7 @@ struct libipw_txb {
u8 reserved;
u16 frag_size;
u16 payload_size;
- struct sk_buff *fragments[];
+ struct sk_buff *fragments[] __counted_by(nr_frags);
};
/* SWEEP TABLE ENTRIES NUMBER */
Re: [PATCH] wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by
On 9/15/23 14:05, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct brcmf_fw_request.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Arend van Spriel
Cc: Franky Lin
Cc: Hante Meuleman
Cc: Kalle Valo
Cc: Matthias Brugger
Cc: Hector Martin
Cc: "Alvin Šipraga"
Cc: Hans de Goede
Cc: linux-wirel...@vger.kernel.org
Cc: brcm80211-dev-list@broadcom.com
Cc: sha-cyfmac-dev-l...@infineon.com
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
index 1266cbaee072..4002d326fd21 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.h
@@ -69,7 +69,7 @@ struct brcmf_fw_request {
u16 bus_nr;
u32 n_items;
const char *board_types[BRCMF_FW_MAX_BOARD_TYPES];
- struct brcmf_fw_item items[];
+ struct brcmf_fw_item items[] __counted_by(n_items);
};
struct brcmf_fw_name {
Re: [PATCH] md/md-linear: Annotate struct linear_conf with __counted_by
On 9/15/23 14:03, Kees Cook wrote: Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct linear_conf. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Song Liu Cc: linux-r...@vger.kernel.org Signed-off-by: Kees Cook Reviewed-by: Gustavo A. R. Silva Thanks -- Gustavo --- drivers/md/md-linear.c | 26 +- drivers/md/md-linear.h | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/drivers/md/md-linear.c b/drivers/md/md-linear.c index 71ac99646827..ae2826e9645b 100644 --- a/drivers/md/md-linear.c +++ b/drivers/md/md-linear.c @@ -69,6 +69,19 @@ static struct linear_conf *linear_conf(struct mddev *mddev, int raid_disks) if (!conf) return NULL; + /* +* conf->raid_disks is copy of mddev->raid_disks. The reason to +* keep a copy of mddev->raid_disks in struct linear_conf is, +* mddev->raid_disks may not be consistent with pointers number of +* conf->disks[] when it is updated in linear_add() and used to +* iterate old conf->disks[] earray in linear_congested(). +* Here conf->raid_disks is always consitent with number of +* pointers in conf->disks[] array, and mddev->private is updated +* with rcu_assign_pointer() in linear_addr(), such race can be +* avoided. +*/ + conf->raid_disks = raid_disks; + cnt = 0; conf->array_sectors = 0; @@ -112,19 +125,6 @@ static struct linear_conf *linear_conf(struct mddev *mddev, int raid_disks) conf->disks[i-1].end_sector + conf->disks[i].rdev->sectors; - /* -* conf->raid_disks is copy of mddev->raid_disks. The reason to -* keep a copy of mddev->raid_disks in struct linear_conf is, -* mddev->raid_disks may not be consistent with pointers number of -* conf->disks[] when it is updated in linear_add() and used to -* iterate old conf->disks[] earray in linear_congested(). -* Here conf->raid_disks is always consitent with number of -* pointers in conf->disks[] array, and mddev->private is updated -* with rcu_assign_pointer() in linear_addr(), such race can be -* avoided. -*/ - conf->raid_disks = raid_disks; - return conf; out: diff --git a/drivers/md/md-linear.h b/drivers/md/md-linear.h index 24e97db50ebb..5587eeedb882 100644 --- a/drivers/md/md-linear.h +++ b/drivers/md/md-linear.h @@ -12,6 +12,6 @@ struct linear_conf struct rcu_head rcu; sector_tarray_sectors; int raid_disks; /* a copy of mddev->raid_disks */ - struct dev_info disks[]; + struct dev_info disks[] __counted_by(raid_disks); }; #endif
Re: [PATCH] usb: gadget: f_midi: Annotate struct f_midi with __counted_by
On 9/15/23 13:59, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct f_midi.
Additionally, since the element count member must be set before accessing
the annotated flexible array member, move its initialization earlier.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Greg Kroah-Hartman
Cc: John Keeping
Cc: Peter Chen
Cc: Hulk Robot
Cc: Allen Pais
Cc: Will McVicker
Cc: Davidlohr Bueso
Cc: Zhang Qilong
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/usb/gadget/function/f_midi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/function/f_midi.c
b/drivers/usb/gadget/function/f_midi.c
index 2d02f25f9597..033e347554db 100644
--- a/drivers/usb/gadget/function/f_midi.c
+++ b/drivers/usb/gadget/function/f_midi.c
@@ -99,7 +99,7 @@ struct f_midi {
unsigned int in_last_port;
unsigned char free_ref;
- struct gmidi_in_port in_ports_array[/* in_ports */];
+ struct gmidi_in_portin_ports_array[] __counted_by(in_ports);
};
static inline struct f_midi *func_to_midi(struct usb_function *f)
@@ -1349,6 +1349,7 @@ static struct usb_function *f_midi_alloc(struct
usb_function_instance *fi)
status = -ENOMEM;
goto setup_fail;
}
+ midi->in_ports = opts->in_ports;
for (i = 0; i < opts->in_ports; i++)
midi->in_ports_array[i].cable = i;
@@ -1359,7 +1360,6 @@ static struct usb_function *f_midi_alloc(struct
usb_function_instance *fi)
status = -ENOMEM;
goto midi_free;
}
- midi->in_ports = opts->in_ports;
midi->out_ports = opts->out_ports;
midi->index = opts->index;
midi->buflen = opts->buflen;
Re: [PATCH] usb: gadget: f_fs: Annotate struct ffs_buffer with __counted_by
On 9/15/23 13:58, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct ffs_buffer.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Greg Kroah-Hartman
Cc: John Keeping
Cc: Udipto Goswami
Cc: Linyu Yuan
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/usb/gadget/function/f_fs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/f_fs.c
b/drivers/usb/gadget/function/f_fs.c
index 6e9ef35a43a7..af400d083777 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -202,7 +202,7 @@ struct ffs_epfile {
struct ffs_buffer {
size_t length;
char *data;
- char storage[];
+ char storage[] __counted_by(length);
};
/* ffs_io_data structure ***/
Re: [PATCH] wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by
On 9/15/23 14:05, Kees Cook wrote:
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct brcmf_gscan_config.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Arend van Spriel
Cc: Franky Lin
Cc: Hante Meuleman
Cc: Kalle Valo
Cc: "Gustavo A. R. Silva"
Cc: Hector Martin
Cc: Ryohei Kondo
Cc: Hans de Goede
Cc: linux-wirel...@vger.kernel.org
Cc: brcm80211-dev-list@broadcom.com
Cc: sha-cyfmac-dev-l...@infineon.com
Signed-off-by: Kees Cook
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
index bece26741d3a..6eef6bc430e2 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
@@ -1209,7 +1209,7 @@ struct brcmf_gscan_config {
u8 count_of_channel_buckets;
u8 retry_threshold;
__le16 lost_ap_window;
- struct brcmf_gscan_bucket_config bucket[];
+ struct brcmf_gscan_bucket_config bucket[]
__counted_by(count_of_channel_buckets);
};
/**
[PATCH][next] net: spider_net: Use size_add() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: 3f1071ec39f7 ("net: spider_net: Use struct_size() helper")
Signed-off-by: Gustavo A. R. Silva
---
drivers/net/ethernet/toshiba/spider_net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/toshiba/spider_net.c
b/drivers/net/ethernet/toshiba/spider_net.c
index 50d7eacfec58..87e67121477c 100644
--- a/drivers/net/ethernet/toshiba/spider_net.c
+++ b/drivers/net/ethernet/toshiba/spider_net.c
@@ -2332,7 +2332,7 @@ spider_net_alloc_card(void)
struct spider_net_card *card;
netdev = alloc_etherdev(struct_size(card, darray,
- tx_descriptors + rx_descriptors));
+ size_add(tx_descriptors,
rx_descriptors)));
if (!netdev)
return NULL;
--
2.34.1
[PATCH][next] usb: atm: Use size_add() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: b626871a7cda ("usb: atm: Use struct_size() helper")
Signed-off-by: Gustavo A. R. Silva
---
drivers/usb/atm/usbatm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c
index 1cdb8758ae01..2da6615fbb6f 100644
--- a/drivers/usb/atm/usbatm.c
+++ b/drivers/usb/atm/usbatm.c
@@ -1018,7 +1018,8 @@ int usbatm_usb_probe(struct usb_interface *intf, const
struct usb_device_id *id,
size_t size;
/* instance init */
- size = struct_size(instance, urbs, num_rcv_urbs + num_snd_urbs);
+ size = struct_size(instance, urbs,
+ size_add(num_rcv_urbs, num_snd_urbs));
instance = kzalloc(size, GFP_KERNEL);
if (!instance)
return -ENOMEM;
--
2.34.1
[PATCH][next] tipc: Use size_add() in calls to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: e034c6d23bc4 ("tipc: Use struct_size() helper")
Signed-off-by: Gustavo A. R. Silva
---
net/tipc/link.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index e33b4f29f77c..d0143823658d 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1446,7 +1446,7 @@ u16 tipc_get_gap_ack_blks(struct tipc_gap_ack_blks **ga,
struct tipc_link *l,
p = (struct tipc_gap_ack_blks *)msg_data(hdr);
sz = ntohs(p->len);
/* Sanity check */
- if (sz == struct_size(p, gacks, p->ugack_cnt + p->bgack_cnt)) {
+ if (sz == struct_size(p, gacks, size_add(p->ugack_cnt,
p->bgack_cnt))) {
/* Good, check if the desired type exists */
if ((uc && p->ugack_cnt) || (!uc && p->bgack_cnt))
goto ok;
@@ -1533,7 +1533,7 @@ static u16 tipc_build_gap_ack_blks(struct tipc_link *l,
struct tipc_msg *hdr)
__tipc_build_gap_ack_blks(ga, l, ga->bgack_cnt) : 0;
/* Total len */
- len = struct_size(ga, gacks, ga->bgack_cnt + ga->ugack_cnt);
+ len = struct_size(ga, gacks, size_add(ga->bgack_cnt, ga->ugack_cnt));
ga->len = htons(len);
return len;
}
--
2.34.1
[PATCH][next] tls: Use size_add() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: b89fec54fd61 ("tls: rx: wrap decrypt params in a struct")
Signed-off-by: Gustavo A. R. Silva
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index d1fc295b83b5..270712b8d391 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1487,7 +1487,7 @@ static int tls_decrypt_sg(struct sock *sk, struct
iov_iter *out_iov,
*/
aead_size = sizeof(*aead_req) + crypto_aead_reqsize(ctx->aead_recv);
aead_size = ALIGN(aead_size, __alignof__(*dctx));
- mem = kmalloc(aead_size + struct_size(dctx, sg, n_sgin + n_sgout),
+ mem = kmalloc(aead_size + struct_size(dctx, sg, size_add(n_sgin,
n_sgout)),
sk->sk_allocation);
if (!mem) {
err = -ENOMEM;
--
2.34.1
[PATCH][next] ASoC: SOF: ipc4-topology: Use size_add() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound,
the protection that `struct_size()` adds against potential integer
overflows is defeated. Fix this by hardening call to `struct_size()`
with `size_add()`.
Fixes: f9efae954905 ("ASoC: SOF: ipc4-topology: Add support for base config
extension")
Signed-off-by: Gustavo A. R. Silva
---
sound/soc/sof/ipc4-topology.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c
index f2a30cd31378..2a19dd022aaf 100644
--- a/sound/soc/sof/ipc4-topology.c
+++ b/sound/soc/sof/ipc4-topology.c
@@ -895,7 +895,8 @@ static int sof_ipc4_widget_setup_comp_process(struct
snd_sof_widget *swidget)
if (process->init_config ==
SOF_IPC4_MODULE_INIT_CONFIG_TYPE_BASE_CFG_WITH_EXT) {
struct sof_ipc4_base_module_cfg_ext *base_cfg_ext;
u32 ext_size = struct_size(base_cfg_ext, pin_formats,
- swidget->num_input_pins +
swidget->num_output_pins);
+ size_add(swidget->num_input_pins,
+ swidget->num_output_pins));
base_cfg_ext = kzalloc(ext_size, GFP_KERNEL);
if (!base_cfg_ext) {
--
2.34.1
[PATCH][next] mlxsw: Use size_mul() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound, the
protection that `struct_size()` adds against potential integer overflows
is defeated. Fix this by hardening call to `struct_size()` with `size_mul()`.
Fixes: 2285ec872d9d ("mlxsw: spectrum_acl_bloom_filter: use struct_size() in
kzalloc()")
Signed-off-by: Gustavo A. R. Silva
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c
b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c
index e2aced7ab454..95f63fcf4ba1 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c
@@ -496,7 +496,7 @@ mlxsw_sp_acl_bf_init(struct mlxsw_sp *mlxsw_sp, unsigned
int num_erp_banks)
* is 2^ACL_MAX_BF_LOG
*/
bf_bank_size = 1 << MLXSW_CORE_RES_GET(mlxsw_sp->core, ACL_MAX_BF_LOG);
- bf = kzalloc(struct_size(bf, refcnt, bf_bank_size * num_erp_banks),
+ bf = kzalloc(struct_size(bf, refcnt, size_mul(bf_bank_size,
num_erp_banks)),
GFP_KERNEL);
if (!bf)
return ERR_PTR(-ENOMEM);
--
2.34.1
[PATCH][next] gve: Use size_add() in call to struct_size()
If, for any reason, `tx_stats_num + rx_stats_num` wraps around, the
protection that struct_size() adds against potential integer overflows
is defeated. Fix this by hardening call to struct_size() with size_add().
Fixes: 691f4077d560 ("gve: Replace zero-length array with flexible-array
member")
Signed-off-by: Gustavo A. R. Silva
---
drivers/net/ethernet/google/gve/gve_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/google/gve/gve_main.c
b/drivers/net/ethernet/google/gve/gve_main.c
index 5704b5f57cd0..83b09dcfafc4 100644
--- a/drivers/net/ethernet/google/gve/gve_main.c
+++ b/drivers/net/ethernet/google/gve/gve_main.c
@@ -190,7 +190,7 @@ static int gve_alloc_stats_report(struct gve_priv *priv)
rx_stats_num = (GVE_RX_STATS_REPORT_NUM + NIC_RX_STATS_REPORT_NUM) *
priv->rx_cfg.num_queues;
priv->stats_report_len = struct_size(priv->stats_report, stats,
-tx_stats_num + rx_stats_num);
+size_add(tx_stats_num,
rx_stats_num));
priv->stats_report =
dma_alloc_coherent(>pdev->dev, priv->stats_report_len,
>stats_report_bus, GFP_KERNEL);
--
2.34.1
Re: [PATCH v2][next] RDMA/core: Use size_{add,mul}() in calls to struct_size()
On 9/14/23 21:29, Kees Cook wrote:
On Mon, Sep 11, 2023 at 05:27:59PM -0600, Gustavo A. R. Silva wrote:
Harden calls to struct_size() with size_add() and size_mul().
Specifically, make sure that open-coded arithmetic cannot cause an
overflow/wraparound. (i.e. it will stay saturated at SIZE_MAX.)
Yep; I have another patch where I explain this in similar terms.
I'll send it, shortly.
Fixes: 467f432a521a ("RDMA/core: Split port and device counter sysfs
attributes")
Fixes: a4676388e2e2 ("RDMA/core: Simplify how the gid_attrs sysfs is created")
Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
Thanks!
--
Gustavo
-Kees
---
Changes in v2:
- Update changelog text: remove the part about binary differences (it
was added by mistake).
drivers/infiniband/core/sysfs.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/infiniband/core/sysfs.c b/drivers/infiniband/core/sysfs.c
index ee59d7391568..ec5efdc16660 100644
--- a/drivers/infiniband/core/sysfs.c
+++ b/drivers/infiniband/core/sysfs.c
@@ -903,7 +903,7 @@ alloc_hw_stats_device(struct ib_device *ibdev)
* Two extra attribue elements here, one for the lifespan entry and
* one to NULL terminate the list for the sysfs core code
*/
- data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
+ data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters,
1)),
GFP_KERNEL);
if (!data)
goto err_free_stats;
@@ -1009,7 +1009,7 @@ alloc_hw_stats_port(struct ib_port *port, struct
attribute_group *group)
* Two extra attribue elements here, one for the lifespan entry and
* one to NULL terminate the list for the sysfs core code
*/
- data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
+ data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters,
1)),
GFP_KERNEL);
if (!data)
goto err_free_stats;
@@ -1140,7 +1140,7 @@ static int setup_gid_attrs(struct ib_port *port,
int ret;
gid_attr_group = kzalloc(struct_size(gid_attr_group, attrs_list,
-attr->gid_tbl_len * 2),
+size_mul(attr->gid_tbl_len, 2)),
GFP_KERNEL);
if (!gid_attr_group)
return -ENOMEM;
@@ -1205,8 +1205,8 @@ static struct ib_port *setup_port(struct ib_core_device
*coredev, int port_num,
int ret;
p = kvzalloc(struct_size(p, attrs_list,
- attr->gid_tbl_len + attr->pkey_tbl_len),
- GFP_KERNEL);
+ size_add(attr->gid_tbl_len,
attr->pkey_tbl_len)),
+GFP_KERNEL);
if (!p)
return ERR_PTR(-ENOMEM);
p->ibdev = device;
--
2.34.1
Re: linux-next: Tree for Sep 12 (bcachefs)
On 9/14/23 13:38, Kent Overstreet wrote:
On Wed, Sep 13, 2023 at 06:17:00PM -0700, Kees Cook wrote:
On Tue, Sep 12, 2023 at 03:26:45PM +1000, Stephen Rothwell wrote:
New tree: bcachefs
Thanks for going through and fixing all the fake flexible array members.
It looks much nicer. :)
I have some questions about the remaining "markers", for example:
$ git grep -A8 '\bkey_start\b' -- fs/bcachefs
fs/bcachefs/bcachefs_format.h: __u8key_start[0];
...
fs/bcachefs/bcachefs_format.h- __u8pad[sizeof(struct bkey) - 3];
--
fs/bcachefs/bkey.c: u8 *l = k->key_start;
Why isn't this just:
u8 *l = k->pad
and you can drop the marker?
In this case, it's documentation. >pad tells us nothing; why is pad
significant? k->key_start documents the intent better.
And some seem entirely unused, like all of "struct bch_reflink_v".
No, those aren't unused :)
bcachefs does the "list of variable size items" a lot - see vstructs.h.
start[] is the type of the item being stored, _data is what we use for
pointer arithmetic - because we always store sizes in units of u64s, for
alignment.
And some are going to fail at runtime, since they're still zero-sized
and being used as an actual array:
struct bch_sb_field_journal_seq_blacklist {
struct bch_sb_field field;
struct journal_seq_blacklist_entry start[0];
__u64 _data[];
};
...
memmove(>start[i],
>start[i + 1],
sizeof(bl->start[0]) * (nr - i));
It looks like you just want a type union for the flexible array.
This can be done like this:
struct bch_sb_field_journal_seq_blacklist {
struct bch_sb_field field;
union {
DECLARE_FLEX_ARRAY(struct journal_seq_blacklist_entry, start);
DECLARE_FLEX_ARRAY(__u64, _data);
};
};
Eesh, why though?
Honestly, I'm not a fan of the change to get rid of zero size arrays,
this seems to be adding a whole lot of macro layering and indirection
for nothing.
The only thing a zero size array could possibly be is a flexible array
member or a marker, why couldn't we have just kept treating zero size
arrays like flexible array members?
Because zero-length arrays, when used as fake flexible arrays, make
things like -Warray-bounds (we've been trying to enable this compiler
option, globally) trip; among other things like being prone to result in
undefined behavior bugs when people introduce new members that make the
array end up in the middle of its containing structure.
With C99 flexible-array members, the compiler emits a warning when the
arrays are not at the end of the structure.
The DECLARE_FLEX_ARRAY() (in a union) helper allows for multiple C99
flexible-array members together at the end of a struct.
--
Gustavo
Re: [PATCH v2] wifi: brcmfmac: Replace 1-element arrays with flexible arrays
On 9/14/23 01:02, Juerg Haefliger wrote:
Since commit 2d47c6956ab3 ("ubsan: Tighten UBSAN_BOUNDS on GCC"),
UBSAN_BOUNDS no longer pretends 1-element arrays are unbounded. Walking
'element' and 'channel_list' will trigger warnings, so make them proper
flexible arrays.
False positive warnings were:
UBSAN: array-index-out-of-bounds in
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:6984:20
index 1 is out of range for type '__le32 [1]'
UBSAN: array-index-out-of-bounds in
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:1126:27
index 1 is out of range for type '__le16 [1]'
for these lines of code:
6884 ch.chspec = (u16)le32_to_cpu(list->element[i]);
1126 params_le->channel_list[i] = cpu_to_le16(chanspec);
Cc: sta...@vger.kernel.org # 6.5+
Signed-off-by: Juerg Haefliger
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
v2:
- Use element[] instead of DFA() in brcmf_chanspec_list.
- Add Cc: stable tag
---
.../wireless/broadcom/brcm80211/brcmfmac/fwil_types.h| 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
index bece26741d3a..611d1a6aabb9 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
@@ -442,7 +442,12 @@ struct brcmf_scan_params_v2_le {
* fixed parameter portion is assumed, otherwise
* ssid in the fixed portion is ignored
*/
- __le16 channel_list[1]; /* list of chanspecs */
+ union {
+ __le16 padding; /* Reserve space for at least 1 entry for abort
+* which uses an on stack
brcmf_scan_params_v2_le
+*/
+ DECLARE_FLEX_ARRAY(__le16, channel_list); /* chanspecs */
+ };
};
struct brcmf_scan_results {
@@ -702,7 +707,7 @@ struct brcmf_sta_info_le {
struct brcmf_chanspec_list {
__le32 count; /* # of entries */
- __le32 element[1]; /* variable length uint32 list */
+ __le32 element[]; /* variable length uint32 list */
};
/*
[PATCH][next] checkpatch: add a couple new alloc functions to alloc with multiplies check
vmalloc() and vzalloc() functions have now 2-factor multiplication
argument forms vmalloc_array() and vcalloc(), correspondingly.
Add alloc-with-multiplies checks for these new functions.
Link: https://github.com/KSPP/linux/issues/342
Signed-off-by: Gustavo A. R. Silva
---
scripts/checkpatch.pl | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 7d16f863edf1..45265d0eee1b 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -7207,17 +7207,19 @@ sub process {
"Prefer $3(sizeof(*$1)...) over $3($4...)\n" .
$herecurr);
}
-# check for (kv|k)[mz]alloc with multiplies that could be
kmalloc_array/kvmalloc_array/kvcalloc/kcalloc
+# check for (kv|k|v)[mz]alloc with multiplies that could be
kmalloc_array/kvmalloc_array/vmalloc_array/kvcalloc/kcalloc/vcalloc
if ($perl_version_ok &&
defined $stat &&
- $stat =~
/^\+\s*($Lval)\s*\=\s*(?:$balanced_parens)?\s*((?:kv|k)[mz]alloc)\s*\(\s*($FuncArg)\s*\*\s*($FuncArg)\s*,/)
{
+ $stat =~
/^\+\s*($Lval)\s*\=\s*(?:$balanced_parens)?\s*((?:kv|k|v)[mz]alloc)\s*\(\s*($FuncArg)\s*\*\s*($FuncArg)\s*,?/)
{
my $oldfunc = $3;
my $a1 = $4;
my $a2 = $10;
my $newfunc = "kmalloc_array";
$newfunc = "kvmalloc_array" if ($oldfunc eq "kvmalloc");
+ $newfunc = "vmalloc_array" if ($oldfunc eq "vmalloc");
$newfunc = "kvcalloc" if ($oldfunc eq "kvzalloc");
$newfunc = "kcalloc" if ($oldfunc eq "kzalloc");
+ $newfunc = "vcalloc" if ($oldfunc eq "vzalloc");
my $r1 = $a1;
my $r2 = $a2;
if ($a1 =~ /^sizeof\s*\S/) {
@@ -7233,7 +7235,7 @@ sub process {
"Prefer $newfunc over $oldfunc with
multiply\n" . $herectx) &&
$cnt == 1 &&
$fix) {
- $fixed[$fixlinenr] =~
s/\b($Lval)\s*\=\s*(?:$balanced_parens)?\s*((?:kv|k)[mz]alloc)\s*\(\s*($FuncArg)\s*\*\s*($FuncArg)/$1
. ' = ' . "$newfunc(" . trim($r1) . ', ' . trim($r2)/e;
+ $fixed[$fixlinenr] =~
s/\b($Lval)\s*\=\s*(?:$balanced_parens)?\s*((?:kv|k|v)[mz]alloc)\s*\(\s*($FuncArg)\s*\*\s*($FuncArg)/$1
. ' = ' . "$newfunc(" . trim($r1) . ', ' . trim($r2)/e;
}
}
}
--
2.34.1
[PATCH][next] RDMA/core: Use size_{add,mul}() in calls to struct_size()
Harden calls to struct_size() with size_add() and size_mul().
This results in no differences in binary output.
Fixes: 467f432a521a ("RDMA/core: Split port and device counter sysfs
attributes")
Fixes: a4676388e2e2 ("RDMA/core: Simplify how the gid_attrs sysfs is created")
Signed-off-by: Gustavo A. R. Silva
---
drivers/infiniband/core/sysfs.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/infiniband/core/sysfs.c b/drivers/infiniband/core/sysfs.c
index ee59d7391568..ec5efdc16660 100644
--- a/drivers/infiniband/core/sysfs.c
+++ b/drivers/infiniband/core/sysfs.c
@@ -903,7 +903,7 @@ alloc_hw_stats_device(struct ib_device *ibdev)
* Two extra attribue elements here, one for the lifespan entry and
* one to NULL terminate the list for the sysfs core code
*/
- data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
+ data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters,
1)),
GFP_KERNEL);
if (!data)
goto err_free_stats;
@@ -1009,7 +1009,7 @@ alloc_hw_stats_port(struct ib_port *port, struct
attribute_group *group)
* Two extra attribue elements here, one for the lifespan entry and
* one to NULL terminate the list for the sysfs core code
*/
- data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
+ data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters,
1)),
GFP_KERNEL);
if (!data)
goto err_free_stats;
@@ -1140,7 +1140,7 @@ static int setup_gid_attrs(struct ib_port *port,
int ret;
gid_attr_group = kzalloc(struct_size(gid_attr_group, attrs_list,
-attr->gid_tbl_len * 2),
+size_mul(attr->gid_tbl_len, 2)),
GFP_KERNEL);
if (!gid_attr_group)
return -ENOMEM;
@@ -1205,8 +1205,8 @@ static struct ib_port *setup_port(struct ib_core_device
*coredev, int port_num,
int ret;
p = kvzalloc(struct_size(p, attrs_list,
- attr->gid_tbl_len + attr->pkey_tbl_len),
- GFP_KERNEL);
+ size_add(attr->gid_tbl_len,
attr->pkey_tbl_len)),
+GFP_KERNEL);
if (!p)
return ERR_PTR(-ENOMEM);
p->ibdev = device;
--
2.34.1
[PATCH v2][next] RDMA/core: Use size_{add,mul}() in calls to struct_size()
Harden calls to struct_size() with size_add() and size_mul().
Fixes: 467f432a521a ("RDMA/core: Split port and device counter sysfs
attributes")
Fixes: a4676388e2e2 ("RDMA/core: Simplify how the gid_attrs sysfs is created")
Signed-off-by: Gustavo A. R. Silva
---
Changes in v2:
- Update changelog text: remove the part about binary differences (it
was added by mistake).
drivers/infiniband/core/sysfs.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/infiniband/core/sysfs.c b/drivers/infiniband/core/sysfs.c
index ee59d7391568..ec5efdc16660 100644
--- a/drivers/infiniband/core/sysfs.c
+++ b/drivers/infiniband/core/sysfs.c
@@ -903,7 +903,7 @@ alloc_hw_stats_device(struct ib_device *ibdev)
* Two extra attribue elements here, one for the lifespan entry and
* one to NULL terminate the list for the sysfs core code
*/
- data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
+ data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters,
1)),
GFP_KERNEL);
if (!data)
goto err_free_stats;
@@ -1009,7 +1009,7 @@ alloc_hw_stats_port(struct ib_port *port, struct
attribute_group *group)
* Two extra attribue elements here, one for the lifespan entry and
* one to NULL terminate the list for the sysfs core code
*/
- data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
+ data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters,
1)),
GFP_KERNEL);
if (!data)
goto err_free_stats;
@@ -1140,7 +1140,7 @@ static int setup_gid_attrs(struct ib_port *port,
int ret;
gid_attr_group = kzalloc(struct_size(gid_attr_group, attrs_list,
-attr->gid_tbl_len * 2),
+size_mul(attr->gid_tbl_len, 2)),
GFP_KERNEL);
if (!gid_attr_group)
return -ENOMEM;
@@ -1205,8 +1205,8 @@ static struct ib_port *setup_port(struct ib_core_device
*coredev, int port_num,
int ret;
p = kvzalloc(struct_size(p, attrs_list,
- attr->gid_tbl_len + attr->pkey_tbl_len),
- GFP_KERNEL);
+ size_add(attr->gid_tbl_len,
attr->pkey_tbl_len)),
+GFP_KERNEL);
if (!p)
return ERR_PTR(-ENOMEM);
p->ibdev = device;
--
2.34.1
Re: [PATCH][next] xfs: Fix fall-through warnings for Clang
On 4/20/21 18:38, Darrick J. Wong wrote: > On Tue, Apr 20, 2021 at 06:06:52PM -0500, Gustavo A. R. Silva wrote: >> In preparation to enable -Wimplicit-fallthrough for Clang, fix >> the following warnings by replacing /* fall through */ comments, >> and its variants, with the new pseudo-keyword macro fallthrough: >> >> fs/xfs/libxfs/xfs_alloc.c:3167:2: warning: unannotated fall-through between >> switch labels [-Wimplicit-fallthrough] >> fs/xfs/libxfs/xfs_da_btree.c:286:3: warning: unannotated fall-through >> between switch labels [-Wimplicit-fallthrough] >> fs/xfs/libxfs/xfs_ag_resv.c:346:2: warning: unannotated fall-through between >> switch labels [-Wimplicit-fallthrough] >> fs/xfs/libxfs/xfs_ag_resv.c:388:2: warning: unannotated fall-through between >> switch labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_bmap_util.c:246:2: warning: unannotated fall-through between >> switch labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_export.c:88:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_export.c:96:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_file.c:867:3: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_ioctl.c:562:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_ioctl.c:1548:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_iomap.c:1040:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_inode.c:852:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_log.c:2627:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/xfs_trans_buf.c:298:2: warning: unannotated fall-through between >> switch labels [-Wimplicit-fallthrough] >> fs/xfs/scrub/bmap.c:275:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/scrub/btree.c:48:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/scrub/common.c:85:2: warning: unannotated fall-through between switch >> labels [-Wimplicit-fallthrough] >> fs/xfs/scrub/common.c:138:2: warning: unannotated fall-through between >> switch labels [-Wimplicit-fallthrough] >> fs/xfs/scrub/common.c:698:2: warning: unannotated fall-through between >> switch labels [-Wimplicit-fallthrough] >> fs/xfs/scrub/dabtree.c:51:2: warning: unannotated fall-through between >> switch labels [-Wimplicit-fallthrough] >> fs/xfs/scrub/repair.c:951:2: warning: unannotated fall-through between >> switch labels [-Wimplicit-fallthrough] >> >> Notice that Clang doesn't recognize /* fall through */ comments as >> implicit fall-through markings, so in order to globally enable >> -Wimplicit-fallthrough for Clang, these comments need to be >> replaced with fallthrough; in the whole codebase. >> >> Link: https://github.com/KSPP/linux/issues/115 >> Signed-off-by: Gustavo A. R. Silva > > I've already NAKd this twice, so I guess I'll NAK it a third time. Darrick, The adoption of fallthrough; has been already accepted and in use since Linux v5.7: https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through This change is needed, and I would really prefer if this goes upstream through your tree. Linus has taken these patches directly for a while, now. Could you consider taking it this time? :) Thanks -- Gustavo > > --D > >> --- >> fs/xfs/libxfs/xfs_ag_resv.c | 4 ++-- >> fs/xfs/libxfs/xfs_alloc.c| 2 +- >> fs/xfs/libxfs/xfs_da_btree.c | 2 +- >> fs/xfs/scrub/bmap.c | 2 +- >> fs/xfs/scrub/btree.c | 2 +- >> fs/xfs/scrub/common.c| 6 +++--- >> fs/xfs/scrub/dabtree.c | 2 +- >> fs/xfs/scrub/repair.c| 2 +- >> fs/xfs/xfs_bmap_util.c | 2 +- >> fs/xfs/xfs_export.c | 4 ++-- >> fs/xfs/xfs_file.c| 2 +- >> fs/xfs/xfs_inode.c | 2 +- >> fs/xfs/xfs_ioctl.c | 4 ++-- >> fs/xfs/xfs_iomap.c | 2 +- >> fs/xfs/xfs_trans_buf.c | 2 +- >> 15 files changed, 20 insertions(+), 20 deletions(-) >> >> diff --git a/fs/xfs/libxfs/xfs_ag_resv.c b/fs/xfs/libxfs/xfs_ag_resv.c >> index 6c5f8d10589c..8c3c99a9bf83 100644 >> --- a/fs/xfs/libxfs/xfs_ag_resv.c >> +++ b/fs/xfs/libxfs/xfs_ag_resv.c >> @@
[PATCH][next] xfs: Fix fall-through warnings for Clang
In preparation to enable -Wimplicit-fallthrough for Clang, fix the following warnings by replacing /* fall through */ comments, and its variants, with the new pseudo-keyword macro fallthrough: fs/xfs/libxfs/xfs_alloc.c:3167:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/libxfs/xfs_da_btree.c:286:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/libxfs/xfs_ag_resv.c:346:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/libxfs/xfs_ag_resv.c:388:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_bmap_util.c:246:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_export.c:88:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_export.c:96:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_file.c:867:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_ioctl.c:562:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_ioctl.c:1548:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_iomap.c:1040:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_inode.c:852:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_log.c:2627:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/xfs_trans_buf.c:298:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/scrub/bmap.c:275:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/scrub/btree.c:48:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/scrub/common.c:85:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/scrub/common.c:138:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/scrub/common.c:698:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/scrub/dabtree.c:51:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] fs/xfs/scrub/repair.c:951:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] Notice that Clang doesn't recognize /* fall through */ comments as implicit fall-through markings, so in order to globally enable -Wimplicit-fallthrough for Clang, these comments need to be replaced with fallthrough; in the whole codebase. Link: https://github.com/KSPP/linux/issues/115 Signed-off-by: Gustavo A. R. Silva --- fs/xfs/libxfs/xfs_ag_resv.c | 4 ++-- fs/xfs/libxfs/xfs_alloc.c| 2 +- fs/xfs/libxfs/xfs_da_btree.c | 2 +- fs/xfs/scrub/bmap.c | 2 +- fs/xfs/scrub/btree.c | 2 +- fs/xfs/scrub/common.c| 6 +++--- fs/xfs/scrub/dabtree.c | 2 +- fs/xfs/scrub/repair.c| 2 +- fs/xfs/xfs_bmap_util.c | 2 +- fs/xfs/xfs_export.c | 4 ++-- fs/xfs/xfs_file.c| 2 +- fs/xfs/xfs_inode.c | 2 +- fs/xfs/xfs_ioctl.c | 4 ++-- fs/xfs/xfs_iomap.c | 2 +- fs/xfs/xfs_trans_buf.c | 2 +- 15 files changed, 20 insertions(+), 20 deletions(-) diff --git a/fs/xfs/libxfs/xfs_ag_resv.c b/fs/xfs/libxfs/xfs_ag_resv.c index 6c5f8d10589c..8c3c99a9bf83 100644 --- a/fs/xfs/libxfs/xfs_ag_resv.c +++ b/fs/xfs/libxfs/xfs_ag_resv.c @@ -342,7 +342,7 @@ xfs_ag_resv_alloc_extent( break; default: ASSERT(0); - /* fall through */ + fallthrough; case XFS_AG_RESV_NONE: field = args->wasdel ? XFS_TRANS_SB_RES_FDBLOCKS : XFS_TRANS_SB_FDBLOCKS; @@ -384,7 +384,7 @@ xfs_ag_resv_free_extent( break; default: ASSERT(0); - /* fall through */ + fallthrough; case XFS_AG_RESV_NONE: xfs_trans_mod_sb(tp, XFS_TRANS_SB_FDBLOCKS, (int64_t)len); return; diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c index aaa19101bb2a..9eabdeeec492 100644 --- a/fs/xfs/libxfs/xfs_alloc.c +++ b/fs/xfs/libxfs/xfs_alloc.c @@ -3163,7 +3163,7 @@ xfs_alloc_vextent( } args->agbno = XFS_FSB_TO_AGBNO(mp, args->fsbno); args->type = XFS_ALLOCTYPE_NEAR_BNO; - /* FALLTHROUGH */ + fallthrough; case XFS_ALLOCTYPE_FIRST_AG: /* * Rotate through the allocation groups looking for a winner. diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c index 83ac9771bfb5..747ec77912c3 100644 --- a/fs/xfs/libxfs/xfs_da_btree.c
Re: [PATCH 027/141] drbd: Fix fall-through warnings for Clang
On 4/20/21 16:23, Jens Axboe wrote: > Applied, thanks. Awesome. :) Thanks -- Gustavo
Re: [PATCH 010/141] ima: Fix fall-through warnings for Clang
On 4/20/21 16:32, Mimi Zohar wrote: > Applied to > git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git > next-integrity Thanks, Mimi. -- Gustavo
Re: [PATCH 077/141] dm raid: Fix fall-through warnings for Clang
On 4/20/21 17:13, Mike Snitzer wrote: > I've picked it up for 5.13, thanks. Thanks, Mike. -- Gustavo
[PATCH v2][next] afs: Fix fall-through warnings for Clang
In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple
warnings by explicitly adding multiple fallthrough pseudo-keywords
in places where the code is intended to fall through to the next
case.
Link: https://github.com/KSPP/linux/issues/115
Signed-off-by: Gustavo A. R. Silva
---
Changes in v2:
- Place blank line after the fallthrough markings, not before.
Link:
https://lore.kernel.org/linux-hardening/748935.1606147...@warthog.procyon.org.uk/
fs/afs/cmservice.c | 5 +
fs/afs/fsclient.c | 4
fs/afs/vlclient.c | 1 +
3 files changed, 10 insertions(+)
diff --git a/fs/afs/cmservice.c b/fs/afs/cmservice.c
index a4e9e6e07e93..d3c6bb22c5f4 100644
--- a/fs/afs/cmservice.c
+++ b/fs/afs/cmservice.c
@@ -322,6 +322,8 @@ static int afs_deliver_cb_callback(struct afs_call *call)
return ret;
call->unmarshall++;
+ fallthrough;
+
case 5:
break;
}
@@ -418,6 +420,7 @@ static int afs_deliver_cb_init_call_back_state3(struct
afs_call *call)
r->node[loop] = ntohl(b[loop + 5]);
call->unmarshall++;
+ fallthrough;
case 2:
break;
@@ -530,6 +533,7 @@ static int afs_deliver_cb_probe_uuid(struct afs_call *call)
r->node[loop] = ntohl(b[loop + 5]);
call->unmarshall++;
+ fallthrough;
case 2:
break;
@@ -663,6 +667,7 @@ static int afs_deliver_yfs_cb_callback(struct afs_call
*call)
afs_extract_to_tmp(call);
call->unmarshall++;
+ fallthrough;
case 3:
break;
diff --git a/fs/afs/fsclient.c b/fs/afs/fsclient.c
index 2f695a260442..dd3f45d906d2 100644
--- a/fs/afs/fsclient.c
+++ b/fs/afs/fsclient.c
@@ -388,6 +388,7 @@ static int afs_deliver_fs_fetch_data(struct afs_call *call)
req->file_size = vp->scb.status.size;
call->unmarshall++;
+ fallthrough;
case 5:
break;
@@ -1408,6 +1409,7 @@ static int afs_deliver_fs_get_volume_status(struct
afs_call *call)
_debug("motd '%s'", p);
call->unmarshall++;
+ fallthrough;
case 8:
break;
@@ -1845,6 +1847,7 @@ static int afs_deliver_fs_inline_bulk_status(struct
afs_call *call)
xdr_decode_AFSVolSync(, >volsync);
call->unmarshall++;
+ fallthrough;
case 6:
break;
@@ -1979,6 +1982,7 @@ static int afs_deliver_fs_fetch_acl(struct afs_call *call)
xdr_decode_AFSVolSync(, >volsync);
call->unmarshall++;
+ fallthrough;
case 4:
break;
diff --git a/fs/afs/vlclient.c b/fs/afs/vlclient.c
index dc9327332f06..00fca3c66ba6 100644
--- a/fs/afs/vlclient.c
+++ b/fs/afs/vlclient.c
@@ -593,6 +593,7 @@ static int afs_deliver_yfsvl_get_endpoints(struct afs_call
*call)
if (ret < 0)
return ret;
call->unmarshall = 6;
+ fallthrough;
case 6:
break;
--
2.27.0
Re: [PATCH 010/141] ima: Fix fall-through warnings for Clang
Hi all,
Friendly ping: who can take this, please?
Thanks
--
Gustavo
On 11/20/20 12:25, Gustavo A. R. Silva wrote:
> In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple
> warnings by explicitly adding multiple break statements instead of just
> letting the code fall through to the next case.
>
> Link: https://github.com/KSPP/linux/issues/115
> Signed-off-by: Gustavo A. R. Silva
> ---
> security/integrity/ima/ima_main.c | 1 +
> security/integrity/ima/ima_policy.c | 2 ++
> 2 files changed, 3 insertions(+)
>
> diff --git a/security/integrity/ima/ima_main.c
> b/security/integrity/ima/ima_main.c
> index 2d1af8899cab..600b97677085 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -743,6 +743,7 @@ int ima_load_data(enum kernel_load_data_id id, bool
> contents)
> pr_err("impossible to appraise a module without a file
> descriptor. sig_enforce kernel parameter might help\n");
> return -EACCES; /* INTEGRITY_UNKNOWN */
> }
> + break;
> default:
> break;
> }
> diff --git a/security/integrity/ima/ima_policy.c
> b/security/integrity/ima/ima_policy.c
> index 9b5adeaa47fc..ea634fc3b82f 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -566,6 +566,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
> struct inode *inode,
> rc = ima_filter_rule_match(secid, rule->lsm[i].type,
> Audit_equal,
> rule->lsm[i].rule);
> + break;
> default:
> break;
> }
> @@ -802,6 +803,7 @@ void __init ima_init_policy(void)
> add_rules(default_measurement_rules,
> ARRAY_SIZE(default_measurement_rules),
> IMA_DEFAULT_POLICY);
> + break;
> default:
> break;
> }
>
Re: [PATCH 016/141] nfsd: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 11/23/20 16:46, Gustavo A. R. Silva wrote: > On Fri, Nov 20, 2020 at 01:27:51PM -0500, Chuck Lever wrote: >> >> >>> On Nov 20, 2020, at 1:26 PM, Gustavo A. R. Silva >>> wrote: >>> >>> In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple >>> warnings by explicitly adding a couple of break statements instead of >>> just letting the code fall through to the next case. >>> >>> Link: https://github.com/KSPP/linux/issues/115 >>> Signed-off-by: Gustavo A. R. Silva >>> --- >>> fs/nfsd/nfs4state.c | 1 + >>> fs/nfsd/nfsctl.c| 1 + >>> 2 files changed, 2 insertions(+) >>> >>> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c >>> index d7f27ed6b794..cdab0d5be186 100644 >>> --- a/fs/nfsd/nfs4state.c >>> +++ b/fs/nfsd/nfs4state.c >>> @@ -3113,6 +3113,7 @@ nfsd4_exchange_id(struct svc_rqst *rqstp, struct >>> nfsd4_compound_state *cstate, >>> goto out_nolock; >>> } >>> new->cl_mach_cred = true; >>> + break; >>> case SP4_NONE: >>> break; >>> default:/* checked by xdr code */ >>> diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c >>> index f6d5d783f4a4..9a3bb1e217f9 100644 >>> --- a/fs/nfsd/nfsctl.c >>> +++ b/fs/nfsd/nfsctl.c >>> @@ -1165,6 +1165,7 @@ static struct inode *nfsd_get_inode(struct >>> super_block *sb, umode_t mode) >>> inode->i_fop = _dir_operations; >>> inode->i_op = _dir_inode_operations; >>> inc_nlink(inode); >>> + break; >>> default: >>> break; >>> } >>> -- >>> 2.27.0 >>> >> >> Acked-by: Chuck Lever > > Thanks, Chuck. > -- > Gustavo >
Re: [PATCH 038/141] isofs: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 11/20/20 12:30, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of just letting the code > fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > fs/isofs/rock.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c > index 94ef92fe806c..4880146babaf 100644 > --- a/fs/isofs/rock.c > +++ b/fs/isofs/rock.c > @@ -767,6 +767,7 @@ static int rock_ridge_symlink_readpage(struct file *file, > struct page *page) > rs.cont_extent = isonum_733(rr->u.CE.extent); > rs.cont_offset = isonum_733(rr->u.CE.offset); > rs.cont_size = isonum_733(rr->u.CE.size); > + break; > default: > break; > } >
Re: [PATCH RESEND][next] nfp: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 06:19, Simon Horman wrote: > On Fri, Mar 05, 2021 at 03:49:37AM -0600, Gustavo A. R. Silva wrote: >> In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning >> by explicitly adding a break statement instead of letting the code fall >> through to the next case. >> >> Link: https://github.com/KSPP/linux/issues/115 >> Signed-off-by: Gustavo A. R. Silva > > Thanks Gustavo, > > this looks good to me. > > Acked-by: Simon Horman > >> --- >> drivers/net/ethernet/netronome/nfp/nfp_net_repr.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_repr.c >> b/drivers/net/ethernet/netronome/nfp/nfp_net_repr.c >> index b3cabc274121..3b8e675087de 100644 >> --- a/drivers/net/ethernet/netronome/nfp/nfp_net_repr.c >> +++ b/drivers/net/ethernet/netronome/nfp/nfp_net_repr.c >> @@ -103,6 +103,7 @@ nfp_repr_get_stats64(struct net_device *netdev, struct >> rtnl_link_stats64 *stats) >> case NFP_PORT_PF_PORT: >> case NFP_PORT_VF_PORT: >> nfp_repr_vnic_get_stats64(repr->port, stats); >> +break; >> default: >> break; >> } >> -- >> 2.27.0 >>
Re: [PATCH RESEND][next] bnxt_en: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:50, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of just letting the code > fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/net/ethernet/broadcom/bnxt/bnxt.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c > b/drivers/net/ethernet/broadcom/bnxt/bnxt.c > index b53a0d87371a..a34810750058 100644 > --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c > +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c > @@ -2158,6 +2158,7 @@ static int bnxt_hwrm_handler(struct bnxt *bp, struct > tx_cmp *txcmp) > case CMPL_BASE_TYPE_HWRM_ASYNC_EVENT: > bnxt_async_event_process(bp, >(struct hwrm_async_event_cmpl *)txcmp); > + break; > > default: > break; >
Re: [PATCH 051/141] reiserfs: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 11/20/20 12:32, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > fs/reiserfs/namei.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c > index 1594687582f0..90bb49bfdba0 100644 > --- a/fs/reiserfs/namei.c > +++ b/fs/reiserfs/namei.c > @@ -132,6 +132,7 @@ int search_by_entry_key(struct super_block *sb, const > struct cpu_key *key, > return IO_ERROR; > } > PATH_LAST_POSITION(path)--; > + break; > > case ITEM_FOUND: > break; >
Re: [PATCH 071/141] braille_console: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 11/20/20 12:34, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/accessibility/braille/braille_console.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/accessibility/braille/braille_console.c > b/drivers/accessibility/braille/braille_console.c > index 9861302cc7db..359bead4b280 100644 > --- a/drivers/accessibility/braille/braille_console.c > +++ b/drivers/accessibility/braille/braille_console.c > @@ -246,6 +246,7 @@ static int keyboard_notifier_call(struct notifier_block > *blk, > beep(440); > } > } > + break; > case KBD_UNBOUND_KEYCODE: > case KBD_UNICODE: > case KBD_KEYSYM: >
Re: [PATCH 032/141] floppy: Fix fall-through warnings for Clang
On 4/20/21 15:30, Jens Axboe wrote:
>>>
>>> diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
>>> index 7df79ae6b0a1..21a2a7becba0 100644
>>> --- a/drivers/block/floppy.c
>>> +++ b/drivers/block/floppy.c
>>> @@ -2124,6 +2124,7 @@ static void format_interrupt(void)
>>> switch (interpret_errors()) {
>>> case 1:
>>> cont->error();
>>> + fallthrough;
>>> case 2:
>>> break;
>>> case 0:
>
> I wonder about the consistency of the patches. The one I just applied
> for libata adds a break, this one annotates fallthrough. But the cases
> are really 100% the same. Why aren't the changes consistent? Both are
> obviously fine, but for identical cases it seems odd that they differ.
>
> IMHO, adding a break makes more sense. Annotate the fallthrough if the
> two cases share work that needs to be done, as then that solution makes
> sense.
>
Yeah; I'll resend this with a break, instead.
Thanks for the feedback.
--
Gustavo
Re: [PATCH 077/141] dm raid: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 11/20/20 12:35, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/md/dm-raid.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c > index 9c1f7c4de65b..e98af0b9d00c 100644 > --- a/drivers/md/dm-raid.c > +++ b/drivers/md/dm-raid.c > @@ -1854,6 +1854,7 @@ static int rs_check_takeover(struct raid_set *rs) > ((mddev->layout == ALGORITHM_PARITY_N && mddev->new_layout > == ALGORITHM_PARITY_N) || >__within_range(mddev->new_layout, > ALGORITHM_LEFT_ASYMMETRIC, ALGORITHM_RIGHT_SYMMETRIC))) > return 0; > + break; > > default: > break; >
Re: [PATCH RESEND][next] ide: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 04:00, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/ide/siimage.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/ide/siimage.c b/drivers/ide/siimage.c > index 198847488cc6..c190dc6dfb50 100644 > --- a/drivers/ide/siimage.c > +++ b/drivers/ide/siimage.c > @@ -493,6 +493,7 @@ static int init_chipset_siimage(struct pci_dev *dev) > case 0x30: > /* Clocking is disabled, attempt to force 133MHz clocking. */ > sil_iowrite8(dev, tmp & ~0x20, scsc_addr); > + break; > case 0x10: > /* On 133Mhz clocking. */ > break; >
Re: [PATCH 092/141] libata: Fix fall-through warnings for Clang
Hi all,
Friendly ping: who can take this, please?
Thanks
--
Gustavo
On 11/20/20 12:36, Gustavo A. R. Silva wrote:
> In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning
> by explicitly adding a break statement instead of letting the code fall
> through to the next case.
>
> Link: https://github.com/KSPP/linux/issues/115
> Signed-off-by: Gustavo A. R. Silva
> ---
> drivers/ata/libata-eh.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c
> index b6f92050e60c..2db1e9c66088 100644
> --- a/drivers/ata/libata-eh.c
> +++ b/drivers/ata/libata-eh.c
> @@ -2613,6 +2613,7 @@ int ata_eh_reset(struct ata_link *link, int classify,
> switch (tmp) {
> case -EAGAIN:
> rc = -EAGAIN;
> + break;
> case 0:
> break;
> default:
>
Re: [PATCH RESEND][next] rds: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:06, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple > warnings by explicitly adding multiple break statements instead of > letting the code fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > net/rds/tcp_connect.c | 1 + > net/rds/threads.c | 2 ++ > 2 files changed, 3 insertions(+) > > diff --git a/net/rds/tcp_connect.c b/net/rds/tcp_connect.c > index 4e64598176b0..5461d77fff4f 100644 > --- a/net/rds/tcp_connect.c > +++ b/net/rds/tcp_connect.c > @@ -78,6 +78,7 @@ void rds_tcp_state_change(struct sock *sk) > case TCP_CLOSE_WAIT: > case TCP_CLOSE: > rds_conn_path_drop(cp, false); > + break; > default: > break; > } > diff --git a/net/rds/threads.c b/net/rds/threads.c > index 32dc50f0a303..1f424cbfcbb4 100644 > --- a/net/rds/threads.c > +++ b/net/rds/threads.c > @@ -208,6 +208,7 @@ void rds_send_worker(struct work_struct *work) > case -ENOMEM: > rds_stats_inc(s_send_delayed_retry); > queue_delayed_work(rds_wq, >cp_send_w, 2); > + break; > default: > break; > } > @@ -232,6 +233,7 @@ void rds_recv_worker(struct work_struct *work) > case -ENOMEM: > rds_stats_inc(s_recv_delayed_retry); > queue_delayed_work(rds_wq, >cp_recv_w, 2); > + break; > default: > break; > } >
Re: [PATCH 092/141] libata: Fix fall-through warnings for Clang
On 4/20/21 15:23, Jens Axboe wrote: > On 4/20/21 2:11 PM, Gustavo A. R. Silva wrote: >> Hi all, >> >> Friendly ping: who can take this, please? > > Applied for 5.13. > Thanks, Jens. -- Gustavo
Re: [PATCH 006/141] gfs2: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 11/20/20 12:25, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple > warnings by explicitly adding multiple goto statements instead of just > letting the code fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > fs/gfs2/inode.c| 2 ++ > fs/gfs2/recovery.c | 1 + > 2 files changed, 3 insertions(+) > > diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c > index 077ccb1b3ccc..9a85214c2505 100644 > --- a/fs/gfs2/inode.c > +++ b/fs/gfs2/inode.c > @@ -960,6 +960,7 @@ static int gfs2_link(struct dentry *old_dentry, struct > inode *dir, > break; > case 0: > error = -EEXIST; > + goto out_gunlock; > default: > goto out_gunlock; > } > @@ -1500,6 +1501,7 @@ static int gfs2_rename(struct inode *odir, struct > dentry *odentry, > break; > case 0: > error = -EEXIST; > + goto out_gunlock; > default: > goto out_gunlock; > } > diff --git a/fs/gfs2/recovery.c b/fs/gfs2/recovery.c > index c26c68ebd29d..5b2a01d9c463 100644 > --- a/fs/gfs2/recovery.c > +++ b/fs/gfs2/recovery.c > @@ -437,6 +437,7 @@ void gfs2_recover_func(struct work_struct *work) > case GLR_TRYFAILED: > fs_info(sdp, "jid=%u: Busy\n", jd->jd_jid); > error = 0; > + goto fail; > > default: > goto fail; >
Re: [PATCH RESEND][next] qlcnic: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:17, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple > warnings by explicitly adding a break and a goto statements instead of > just letting the code fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 1 + > drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c > b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c > index bdf15d2a6431..af4c516a9e7c 100644 > --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c > +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c > @@ -1390,6 +1390,7 @@ static int qlcnic_process_rcv_ring(struct > qlcnic_host_sds_ring *sds_ring, int ma > break; > case QLCNIC_RESPONSE_DESC: > qlcnic_handle_fw_message(desc_cnt, consumer, sds_ring); > + goto skip; > default: > goto skip; > } > diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c > b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c > index 96b947fde646..8966f1bcda77 100644 > --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c > +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c > @@ -3455,6 +3455,7 @@ qlcnic_fwinit_work(struct work_struct *work) > adapter->fw_wait_cnt = 0; > return; > } > + break; > case QLCNIC_DEV_FAILED: > break; > default: >
Re: [PATCH 027/141] drbd: Fix fall-through warnings for Clang
Hi all,
Friendly ping: who can take this, please?
Thanks
--
Gustavo
On 11/20/20 12:28, Gustavo A. R. Silva wrote:
> In preparation to enable -Wimplicit-fallthrough for Clang, fix a couple
> of warnings by explicitly adding a break statement instead of just
> letting the code fall through to the next, and by adding a fallthrough
> pseudo-keyword in places whre the code is intended to fall through.
>
> Link: https://github.com/KSPP/linux/issues/115
> Signed-off-by: Gustavo A. R. Silva
> ---
> drivers/block/drbd/drbd_receiver.c | 1 +
> drivers/block/drbd/drbd_req.c | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/drivers/block/drbd/drbd_receiver.c
> b/drivers/block/drbd/drbd_receiver.c
> index dc333dbe5232..c19bb74ac935 100644
> --- a/drivers/block/drbd/drbd_receiver.c
> +++ b/drivers/block/drbd/drbd_receiver.c
> @@ -5863,6 +5863,7 @@ static int got_NegRSDReply(struct drbd_connection
> *connection, struct packet_inf
> switch (pi->cmd) {
> case P_NEG_RS_DREPLY:
> drbd_rs_failed_io(device, sector, size);
> + break;
> case P_RS_CANCEL:
> break;
> default:
> diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c
> index 330f851cb8f0..9f212a923a3c 100644
> --- a/drivers/block/drbd/drbd_req.c
> +++ b/drivers/block/drbd/drbd_req.c
> @@ -750,6 +750,7 @@ int __req_mod(struct drbd_request *req, enum
> drbd_req_event what,
>
> case WRITE_ACKED_BY_PEER_AND_SIS:
> req->rq_state |= RQ_NET_SIS;
> + fallthrough;
> case WRITE_ACKED_BY_PEER:
> /* Normal operation protocol C: successfully written on peer.
>* During resync, even in protocol != C,
>
Re: [PATCH 070/141] atm: fore200e: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 11/20/20 12:34, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a fallthrough pseudo-keyword. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/atm/fore200e.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/atm/fore200e.c b/drivers/atm/fore200e.c > index 9a70bee84125..ba3ed1b77bc5 100644 > --- a/drivers/atm/fore200e.c > +++ b/drivers/atm/fore200e.c > @@ -423,6 +423,7 @@ fore200e_shutdown(struct fore200e* fore200e) > /* XXX shouldn't we *start* by deregistering the device? */ > atm_dev_deregister(fore200e->atm_dev); > > + fallthrough; > case FORE200E_STATE_BLANK: > /* nothing to do for that state */ > break; >
Re: [PATCH 032/141] floppy: Fix fall-through warnings for Clang
Hi all,
Friendly ping: who can take this, please?
Thanks
--
Gustavo
On 11/20/20 12:28, Gustavo A. R. Silva wrote:
> In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning
> by explicitly adding a fallthrough pseudo-keyword in places where the
> code is intended to fall through to the next case.
>
> Link: https://github.com/KSPP/linux/issues/115
> Signed-off-by: Gustavo A. R. Silva
> ---
> drivers/block/floppy.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
> index 7df79ae6b0a1..21a2a7becba0 100644
> --- a/drivers/block/floppy.c
> +++ b/drivers/block/floppy.c
> @@ -2124,6 +2124,7 @@ static void format_interrupt(void)
> switch (interpret_errors()) {
> case 1:
> cont->error();
> + fallthrough;
> case 2:
> break;
> case 0:
>
Re: [PATCH 061/141] tee: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 11/23/20 16:55, Gustavo A. R. Silva wrote: > On Sun, Nov 22, 2020 at 10:26:09AM +0100, Jens Wiklander wrote: >> On Fri, Nov 20, 2020 at 7:33 PM Gustavo A. R. Silva >> wrote: >>> >>> In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning >>> by explicitly adding a break statement instead of letting the code fall >>> through to the next case. >>> >>> Link: https://github.com/KSPP/linux/issues/115 >>> Signed-off-by: Gustavo A. R. Silva >>> --- >>> drivers/tee/tee_core.c | 1 + >>> 1 file changed, 1 insertion(+) >> >> Acked-by: Jens Wiklander > > Thanks, Jens. > -- > Gustavo >
Re: [PATCH RESEND][next] vxge: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:47, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a return statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/net/ethernet/neterion/vxge/vxge-config.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c > b/drivers/net/ethernet/neterion/vxge/vxge-config.c > index 5162b938a1ac..b47d74743f5a 100644 > --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c > +++ b/drivers/net/ethernet/neterion/vxge/vxge-config.c > @@ -3784,6 +3784,7 @@ vxge_hw_rts_rth_data0_data1_get(u32 j, u64 *data0, u64 > *data1, > VXGE_HW_RTS_ACCESS_STEER_DATA1_RTH_ITEM1_ENTRY_EN | > VXGE_HW_RTS_ACCESS_STEER_DATA1_RTH_ITEM1_BUCKET_DATA( > itable[j]); > + return; > default: > return; > } >
Re: [PATCH RESEND][next] net/mlx4: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 02:48, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of just letting the code > fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Reviewed-by: Tariq Toukan > Signed-off-by: Gustavo A. R. Silva > --- > drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c > b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c > index a99e71bc7b3c..771b92019af1 100644 > --- a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c > +++ b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c > @@ -2660,6 +2660,7 @@ int mlx4_FREE_RES_wrapper(struct mlx4_dev *dev, int > slave, > case RES_XRCD: > err = xrcdn_free_res(dev, slave, vhcr->op_modifier, alop, >vhcr->in_param, >out_param); > + break; > > default: > break; >
Re: [PATCH RESEND][next] netxen_nic: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:45, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a goto statement instead of just letting the code > fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c > b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c > index 08f9477d2ee8..35ec9aab3dc7 100644 > --- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c > +++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c > @@ -1685,6 +1685,7 @@ netxen_process_rcv_ring(struct nx_host_sds_ring > *sds_ring, int max) > break; > case NETXEN_NIC_RESPONSE_DESC: > netxen_handle_fw_message(desc_cnt, consumer, sds_ring); > + goto skip; > default: > goto skip; > } >
Re: [PATCH][next] firewire: core: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 01:42, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a fallthrough pseudo-keyword. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/firewire/core-topology.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/firewire/core-topology.c > b/drivers/firewire/core-topology.c > index ec68ed27b0a5..b63d55f5ebd3 100644 > --- a/drivers/firewire/core-topology.c > +++ b/drivers/firewire/core-topology.c > @@ -58,6 +58,7 @@ static u32 *count_ports(u32 *sid, int *total_port_count, > int *child_port_count) > case SELFID_PORT_PARENT: > case SELFID_PORT_NCONN: > (*total_port_count)++; > + fallthrough; > case SELFID_PORT_NONE: > break; > } >
Re: [PATCH RESEND][next] drm/nouveau: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:56, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a couple > of warnings by explicitly adding a couple of break statements instead > of letting the code fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/gpu/drm/nouveau/nouveau_bo.c| 1 + > drivers/gpu/drm/nouveau/nouveau_connector.c | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c > b/drivers/gpu/drm/nouveau/nouveau_bo.c > index 2375711877cf..62903c3b368d 100644 > --- a/drivers/gpu/drm/nouveau/nouveau_bo.c > +++ b/drivers/gpu/drm/nouveau/nouveau_bo.c > @@ -443,6 +443,7 @@ nouveau_bo_pin(struct nouveau_bo *nvbo, uint32_t domain, > bool contig) > break; > case TTM_PL_TT: > error |= !(domain & NOUVEAU_GEM_DOMAIN_GART); > + break; > default: > break; > } > diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c > b/drivers/gpu/drm/nouveau/nouveau_connector.c > index 61e6d7412505..eb844cdcaec2 100644 > --- a/drivers/gpu/drm/nouveau/nouveau_connector.c > +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c > @@ -157,6 +157,7 @@ nouveau_conn_atomic_set_property(struct drm_connector > *connector, > default: > break; > } > + break; > case DRM_MODE_SCALE_FULLSCREEN: > case DRM_MODE_SCALE_CENTER: > case DRM_MODE_SCALE_ASPECT: >
Re: [PATCH RESEND][next] drm/nouveau/therm: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:58, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/gpu/drm/nouveau/nvkm/subdev/therm/gf119.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/therm/gf119.c > b/drivers/gpu/drm/nouveau/nvkm/subdev/therm/gf119.c > index 2b031d4eaeb6..684aff7437ee 100644 > --- a/drivers/gpu/drm/nouveau/nvkm/subdev/therm/gf119.c > +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/therm/gf119.c > @@ -41,6 +41,7 @@ pwm_info(struct nvkm_therm *therm, int line) > default: > break; > } > + break; > default: > break; > } >
Re: [PATCH RESEND][next] drm/nouveau/clk: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:56, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > drivers/gpu/drm/nouveau/nvkm/subdev/clk/nv50.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/clk/nv50.c > b/drivers/gpu/drm/nouveau/nvkm/subdev/clk/nv50.c > index 83067763c0ec..e1d31c62f9ec 100644 > --- a/drivers/gpu/drm/nouveau/nvkm/subdev/clk/nv50.c > +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/clk/nv50.c > @@ -313,6 +313,7 @@ nv50_clk_read(struct nvkm_clk *base, enum nv_clk_src src) > default: > break; > } > + break; > default: > break; > } >
Re: [PATCH RESEND][next] net: netrom: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:22, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple > warnings by explicitly adding multiple break statements instead of > letting the code fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > net/netrom/nr_route.c | 4 > 1 file changed, 4 insertions(+) > > diff --git a/net/netrom/nr_route.c b/net/netrom/nr_route.c > index 78da5eab252a..de9821b6a62a 100644 > --- a/net/netrom/nr_route.c > +++ b/net/netrom/nr_route.c > @@ -266,6 +266,7 @@ static int __must_check nr_add_node(ax25_address *nr, > const char *mnemonic, > fallthrough; > case 2: > re_sort_routes(nr_node, 0, 1); > + break; > case 1: > break; > } > @@ -359,6 +360,7 @@ static int nr_del_node(ax25_address *callsign, > ax25_address *neighbour, struct n > fallthrough; > case 1: > nr_node->routes[1] = nr_node->routes[2]; > + break; > case 2: > break; > } > @@ -482,6 +484,7 @@ static int nr_dec_obs(void) > fallthrough; > case 1: > s->routes[1] = s->routes[2]; > + break; > case 2: > break; > } > @@ -529,6 +532,7 @@ void nr_rt_device_down(struct net_device *dev) > fallthrough; > case 1: > t->routes[1] = > t->routes[2]; > + break; > case 2: > break; > } >
Re: [PATCH RESEND][next] net/packet: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:44, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > net/packet/af_packet.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c > index e24b2841c643..880a1ab9a305 100644 > --- a/net/packet/af_packet.c > +++ b/net/packet/af_packet.c > @@ -1652,6 +1652,7 @@ static int fanout_add(struct sock *sk, struct > fanout_args *args) > case PACKET_FANOUT_ROLLOVER: > if (type_flags & PACKET_FANOUT_FLAG_ROLLOVER) > return -EINVAL; > + break; > case PACKET_FANOUT_HASH: > case PACKET_FANOUT_LB: > case PACKET_FANOUT_CPU: >
Re: [PATCH RESEND][next] rxrpc: Fix fall-through warnings for Clang
Hi all,
Friendly ping: who can take this, please?
Thanks
--
Gustavo
On 3/5/21 03:19, Gustavo A. R. Silva wrote:
> In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning
> by explicitly adding a break statement instead of letting the code fall
> through to the next case.
>
> Link: https://github.com/KSPP/linux/issues/115
> Signed-off-by: Gustavo A. R. Silva
> ---
> net/rxrpc/af_rxrpc.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
> index 41671af6b33f..2b5f89713e36 100644
> --- a/net/rxrpc/af_rxrpc.c
> +++ b/net/rxrpc/af_rxrpc.c
> @@ -471,6 +471,7 @@ static int rxrpc_connect(struct socket *sock, struct
> sockaddr *addr,
> switch (rx->sk.sk_state) {
> case RXRPC_UNBOUND:
> rx->sk.sk_state = RXRPC_CLIENT_UNBOUND;
> + break;
> case RXRPC_CLIENT_UNBOUND:
> case RXRPC_CLIENT_BOUND:
> break;
>
Re: [PATCH RESEND][next] sctp: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:07, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a couple > of warnings by explicitly adding a break statement and replacing a > comment with a goto statement instead of letting the code fall through > to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > net/sctp/input.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/sctp/input.c b/net/sctp/input.c > index d508f6f3dd08..5ceaf75105ba 100644 > --- a/net/sctp/input.c > +++ b/net/sctp/input.c > @@ -633,7 +633,7 @@ int sctp_v4_err(struct sk_buff *skb, __u32 info) > break; > case ICMP_REDIRECT: > sctp_icmp_redirect(sk, transport, skb); > - /* Fall through to out_unlock. */ > + goto out_unlock; > default: > goto out_unlock; > } > @@ -1236,6 +1236,7 @@ static struct sctp_association > *__sctp_rcv_walk_lookup(struct net *net, > net, ch, laddr, > sctp_hdr(skb)->source, > transportp); > + break; > default: > break; > } >
Re: [PATCH RESEND][next] tipc: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:25, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > net/tipc/link.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/tipc/link.c b/net/tipc/link.c > index 115109259430..bcc426e16725 100644 > --- a/net/tipc/link.c > +++ b/net/tipc/link.c > @@ -649,6 +649,7 @@ int tipc_link_fsm_evt(struct tipc_link *l, int evt) > break; > case LINK_FAILOVER_BEGIN_EVT: > l->state = LINK_FAILINGOVER; > + break; > case LINK_FAILURE_EVT: > case LINK_RESET_EVT: > case LINK_ESTABLISH_EVT: >
Re: [PATCH RESEND][next] xfrm: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:23, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning > by explicitly adding a break statement instead of letting the code fall > through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > net/xfrm/xfrm_interface.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c > index 8831f5a9e992..41de46b5ffa9 100644 > --- a/net/xfrm/xfrm_interface.c > +++ b/net/xfrm/xfrm_interface.c > @@ -432,6 +432,7 @@ static int xfrmi4_err(struct sk_buff *skb, u32 info) > case ICMP_DEST_UNREACH: > if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) > return 0; > + break; > case ICMP_REDIRECT: > break; > default: >
Re: [PATCH RESEND][next] ipv4: Fix fall-through warnings for Clang
Hi all, Friendly ping: who can take this, please? Thanks -- Gustavo On 3/5/21 03:02, Gustavo A. R. Silva wrote: > In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple > warnings by explicitly adding multiple break statements instead of just > letting the code fall through to the next case. > > Link: https://github.com/KSPP/linux/issues/115 > Signed-off-by: Gustavo A. R. Silva > --- > net/ipv4/ah4.c | 1 + > net/ipv4/esp4.c | 1 + > net/ipv4/fib_semantics.c | 1 + > net/ipv4/ip_vti.c| 1 + > net/ipv4/ipcomp.c| 1 + > 5 files changed, 5 insertions(+) > > diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c > index 36ed85bf2ad5..fab0958c41be 100644 > --- a/net/ipv4/ah4.c > +++ b/net/ipv4/ah4.c > @@ -450,6 +450,7 @@ static int ah4_err(struct sk_buff *skb, u32 info) > case ICMP_DEST_UNREACH: > if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) > return 0; > + break; > case ICMP_REDIRECT: > break; > default: > diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c > index 4b834bbf95e0..6cb3ecad04b8 100644 > --- a/net/ipv4/esp4.c > +++ b/net/ipv4/esp4.c > @@ -982,6 +982,7 @@ static int esp4_err(struct sk_buff *skb, u32 info) > case ICMP_DEST_UNREACH: > if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) > return 0; > + break; > case ICMP_REDIRECT: > break; > default: > diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c > index a632b66bc13a..4c0c33e4710d 100644 > --- a/net/ipv4/fib_semantics.c > +++ b/net/ipv4/fib_semantics.c > @@ -1874,6 +1874,7 @@ static int call_fib_nh_notifiers(struct fib_nh *nh, > (nh->fib_nh_flags & RTNH_F_DEAD)) > return call_fib4_notifiers(dev_net(nh->fib_nh_dev), > event_type, ); > + break; > default: > break; > } > diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c > index 31c6c6d99d5e..eb560eecee08 100644 > --- a/net/ipv4/ip_vti.c > +++ b/net/ipv4/ip_vti.c > @@ -351,6 +351,7 @@ static int vti4_err(struct sk_buff *skb, u32 info) > case ICMP_DEST_UNREACH: > if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) > return 0; > + break; > case ICMP_REDIRECT: > break; > default: > diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c > index b42683212c65..bbb56f5e06dd 100644 > --- a/net/ipv4/ipcomp.c > +++ b/net/ipv4/ipcomp.c > @@ -31,6 +31,7 @@ static int ipcomp4_err(struct sk_buff *skb, u32 info) > case ICMP_DEST_UNREACH: > if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) > return 0; > + break; > case ICMP_REDIRECT: > break; > default: >
[PATCH] media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
Fix an 11-year old bug in ngene_command_config_free_buf() while
addressing the following warnings caught with -Warray-bounds:
arch/alpha/include/asm/string.h:22:16: warning: '__builtin_memcpy' offset [12,
16] from the object at 'com' is out of the bounds of referenced subobject
'config' with type 'unsigned char' at offset 10 [-Warray-bounds]
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset
[12, 16] from the object at 'com' is out of the bounds of referenced subobject
'config' with type 'unsigned char' at offset 10 [-Warray-bounds]
The problem is that the original code is trying to copy 6 bytes of
data into a one-byte size member _config_ of the wrong structue
FW_CONFIGURE_BUFFERS, in a single call to memcpy(). This causes a
legitimate compiler warning because memcpy() overruns the length
of It seems that the right
structure is FW_CONFIGURE_FREE_BUFFERS, instead, because it contains
6 more members apart from the header _hdr_. Also, the name of
the function ngene_command_config_free_buf() suggests that the actual
intention is to ConfigureFreeBuffers, instead of ConfigureBuffers
(which configuration takes place in the function ngene_command_config_buf(),
above).
Fix this by enclosing those 6 members of struct FW_CONFIGURE_FREE_BUFFERS
into new struct config, and use as
the destination address, instead of ,
when calling memcpy().
This also helps with the ongoing efforts to globally enable
-Warray-bounds and get us closer to being able to tighten the
FORTIFY_SOURCE routines on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Fixes: dae52d009fc9 ("V4L/DVB: ngene: Initial check-in")
Cc: sta...@vger.kernel.org
Reported-by: kernel test robot
Signed-off-by: Gustavo A. R. Silva
---
drivers/media/pci/ngene/ngene-core.c | 2 +-
drivers/media/pci/ngene/ngene.h | 14 --
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/media/pci/ngene/ngene-core.c
b/drivers/media/pci/ngene/ngene-core.c
index 07f342db6701..7481f553f959 100644
--- a/drivers/media/pci/ngene/ngene-core.c
+++ b/drivers/media/pci/ngene/ngene-core.c
@@ -385,7 +385,7 @@ static int ngene_command_config_free_buf(struct ngene *dev,
u8 *config)
com.cmd.hdr.Opcode = CMD_CONFIGURE_FREE_BUFFER;
com.cmd.hdr.Length = 6;
- memcpy(, config, 6);
+ memcpy(, config, 6);
com.in_len = 6;
com.out_len = 0;
diff --git a/drivers/media/pci/ngene/ngene.h b/drivers/media/pci/ngene/ngene.h
index 84f04e0e0cb9..3d296f1998a1 100644
--- a/drivers/media/pci/ngene/ngene.h
+++ b/drivers/media/pci/ngene/ngene.h
@@ -407,12 +407,14 @@ enum _BUFFER_CONFIGS {
struct FW_CONFIGURE_FREE_BUFFERS {
struct FW_HEADER hdr;
- u8 UVI1_BufferLength;
- u8 UVI2_BufferLength;
- u8 TVO_BufferLength;
- u8 AUD1_BufferLength;
- u8 AUD2_BufferLength;
- u8 TVA_BufferLength;
+ struct {
+ u8 UVI1_BufferLength;
+ u8 UVI2_BufferLength;
+ u8 TVO_BufferLength;
+ u8 AUD1_BufferLength;
+ u8 AUD2_BufferLength;
+ u8 TVA_BufferLength;
+ } __packed config;
} __attribute__ ((__packed__));
struct FW_CONFIGURE_UART {
--
2.27.0
Re: [PATCH RESEND][next] rtl8xxxu: Fix fall-through warnings for Clang
On 4/17/21 12:52, Kalle Valo wrote: > "Gustavo A. R. Silva" wrote: > >> In preparation to enable -Wimplicit-fallthrough for Clang, fix >> multiple warnings by replacing /* fall through */ comments with >> the new pseudo-keyword macro fallthrough; instead of letting the >> code fall through to the next case. >> >> Notice that Clang doesn't recognize /* fall through */ comments as >> implicit fall-through markings. >> >> Link: https://github.com/KSPP/linux/issues/115 >> Signed-off-by: Gustavo A. R. Silva > > Patch applied to wireless-drivers-next.git, thanks. > > bf3365a856a1 rtl8xxxu: Fix fall-through warnings for Clang Thanks for this, Kalle. Could you take this series too, please? https://lore.kernel.org/lkml/cover.1618442265.git.gustavo...@kernel.org/ Thanks -- Gustavo
Re: [PATCH][next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
On 4/19/21 17:34, David Miller wrote: >> Thanks for this. Can you take these other two, as well, please? >> >> https://lore.kernel.org/linux-hardening/20210416201540.GA593906@embeddedor/ >> https://lore.kernel.org/linux-hardening/20210416193151.GA591935@embeddedor/ >> > > Done. Thanks, Dave! -- Gustavo
Re: [PATCH RESEND][next] rtl8xxxu: Fix fall-through warnings for Clang
On 4/17/21 13:29, Jes Sorensen wrote: > On 3/10/21 3:59 PM, Kees Cook wrote: >> On Wed, Mar 10, 2021 at 02:51:24PM -0500, Jes Sorensen wrote: >>> On 3/10/21 2:45 PM, Kees Cook wrote: On Wed, Mar 10, 2021 at 02:31:57PM -0500, Jes Sorensen wrote: > On 3/10/21 2:14 PM, Kees Cook wrote: >> Hm, this conversation looks like a miscommunication, mainly? I see >> Gustavo, as requested by many others[1], replacing the fallthrough >> comments with the "fallthrough" statement. (This is more than just a >> "Clang doesn't parse comments" issue.) >> >> This could be a tree-wide patch and not bother you, but Greg KH has >> generally advised us to send these changes broken out. Anyway, this >> change still needs to land, so what would be the preferred path? I think >> Gustavo could just carry it for Linus to merge without bothering you if >> that'd be preferred? > > I'll respond with the same I did last time, fallthrough is not C and > it's ugly. I understand your point of view, but this is not the consensus[1] of the community. "fallthrough" is a macro, using the GCC fallthrough attribute, with the expectation that we can move to the C17/C18 "[[fallthrough]]" statement once it is finalized by the C standards body. >>> >>> I don't know who decided on that, but I still disagree. It's an ugly and >>> pointless change that serves little purpose. We shouldn't have allowed >>> the ugly /* fall-through */ comments in either, but at least they didn't >>> mess with the code. I guess when you give someone an inch, they take a mile. >>> >>> Last time this came up, the discussion was that clang refused to fix >>> their brokenness and therefore this nonsense was being pushed into the >>> kernel. It's still a pointless argument, if clang can't fix it's crap, >>> then stop using it. >>> >>> As Kalle correctly pointed out, none of the previous comments to this >>> were addressed, the patches were just reposted as fact. Not exactly a >>> nice way to go about it either. >> >> Do you mean changing the commit log to re-justify these changes? I >> guess that could be done, but based on the thread, it didn't seem to >> be needed. The change is happening to match the coding style consensus >> reached to give the kernel the flexibility to move from a gcc extension >> to the final C standards committee results without having to do treewide >> commits again (i.e. via the macro). > > No, I am questioning why Gustavo continues to push this nonsense that > serves no purpose whatsoever. In addition he has consistently ignored > comments and just keep reposting it. But I guess that is how it works, > ignore feedback, repost junk, repeat. I was asking for feedback here[1] and here[2] after people (you and Kalle) commented on this patch. How is that ignoring people? And -again- why people ignored my requests for feedback in this conversation? It's a mystery to me, honestly. Thanks -- Gustavo [1] https://lore.kernel.org/lkml/20201124160906.GB17735@embeddedor/ [2] https://lore.kernel.org/lkml/e10b2a6a-d91a-9783-ddbe-ea2c10a15...@embeddedor.com/
Re: [PATCH][next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
Dave, On 4/16/21 19:00, patchwork-bot+netdev...@kernel.org wrote: > Hello: > > This patch was applied to netdev/net-next.git (refs/heads/master): > > On Fri, 16 Apr 2021 14:12:36 -0500 you wrote: >> Fix the following out-of-bounds warning: >> >> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the >> object at 'addr' is out of the bounds of referenced subobject 'v4' with type >> 'struct sockaddr_in' at offset 0 [-Warray-bounds] >> >> This helps with the ongoing efforts to globally enable -Warray-bounds >> and get us closer to being able to tighten the FORTIFY_SOURCE routines >> on memcpy(). >> >> [...] > > Here is the summary with links: > - [next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param() > https://git.kernel.org/netdev/net-next/c/e5272ad4aab3 Thanks for this. Can you take these other two, as well, please? https://lore.kernel.org/linux-hardening/20210416201540.GA593906@embeddedor/ https://lore.kernel.org/linux-hardening/20210416193151.GA591935@embeddedor/ Thanks! -- Gustavo
Re: [PATCH][next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
On 4/16/21 14:53, Kees Cook wrote: > On Fri, Apr 16, 2021 at 02:12:36PM -0500, Gustavo A. R. Silva wrote: >> Fix the following out-of-bounds warning: >> >> net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the >> object at 'addr' is out of the bounds of referenced subobject 'v4' with type >> 'struct sockaddr_in' at offset 0 [-Warray-bounds] >> >> This helps with the ongoing efforts to globally enable -Warray-bounds >> and get us closer to being able to tighten the FORTIFY_SOURCE routines >> on memcpy(). >> >> Link: https://github.com/KSPP/linux/issues/109 >> Reported-by: kernel test robot >> Signed-off-by: Gustavo A. R. Silva > > Yup! :) > Reviewed-by: Kees Cook Thanks, Kees. -- Gustavo
[PATCH][next] ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
Fix the following out-of-bounds warning:
net/ethtool/ioctl.c:492:2: warning: 'memcpy' offset [49, 84] from the object at
'link_usettings' is out of the bounds of referenced subobject 'base' with type
'struct ethtool_link_settings' at offset 0 [-Warray-bounds]
The problem is that the original code is trying to copy data into a
some struct members adjacent to each other in a single call to
memcpy(). This causes a legitimate compiler warning because memcpy()
overruns the length of _usettings.base. Fix this by directly
using _usettings and _from_ as destination and source addresses,
instead.
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot
Signed-off-by: Gustavo A. R. Silva
---
net/ethtool/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c
index 27f1c5224acb..3fa7a394eabf 100644
--- a/net/ethtool/ioctl.c
+++ b/net/ethtool/ioctl.c
@@ -489,7 +489,7 @@ store_link_ksettings_for_user(void __user *to,
{
struct ethtool_link_usettings link_usettings;
- memcpy(_usettings.base, >base, sizeof(link_usettings));
+ memcpy(_usettings, from, sizeof(link_usettings));
bitmap_to_arr32(link_usettings.link_modes.supported,
from->link_modes.supported,
__ETHTOOL_LINK_MODE_MASK_NBITS);
--
2.27.0
[PATCH][next] flow_dissector: Fix out-of-bounds warning in __skb_flow_bpf_to_target()
Fix the following out-of-bounds warning:
net/core/flow_dissector.c:835:3: warning: 'memcpy' offset [33, 48] from the
object at 'flow_keys' is out of the bounds of referenced subobject 'ipv6_src'
with type '__u32[4]' {aka 'unsigned int[4]'} at offset 16 [-Warray-bounds]
The problem is that the original code is trying to copy data into a
couple of struct members adjacent to each other in a single call to
memcpy(). So, the compiler legitimately complains about it. As these
are just a couple of members, fix this by copying each one of them in
separate calls to memcpy().
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot
Signed-off-by: Gustavo A. R. Silva
---
net/core/flow_dissector.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 5985029e43d4..3ed7c98a98e1 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -832,8 +832,10 @@ static void __skb_flow_bpf_to_target(const struct
bpf_flow_keys *flow_keys,
key_addrs = skb_flow_dissector_target(flow_dissector,
FLOW_DISSECTOR_KEY_IPV6_ADDRS,
target_container);
- memcpy(_addrs->v6addrs, _keys->ipv6_src,
- sizeof(key_addrs->v6addrs));
+ memcpy(_addrs->v6addrs.src, _keys->ipv6_src,
+ sizeof(key_addrs->v6addrs.src));
+ memcpy(_addrs->v6addrs.dst, _keys->ipv6_dst,
+ sizeof(key_addrs->v6addrs.dst));
key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
}
--
2.27.0
[PATCH][next] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
Fix the following out-of-bounds warning: net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds] This helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy(). Link: https://github.com/KSPP/linux/issues/109 Reported-by: kernel test robot Signed-off-by: Gustavo A. R. Silva --- net/sctp/sm_make_chunk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 54e6a708d06e..5f9a7c028274 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -3147,7 +3147,7 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, * primary. */ if (af->is_any()) - memcpy(, sctp_source(asconf), sizeof(addr)); + memcpy(, sctp_source(asconf), sizeof(addr)); if (security_sctp_bind_connect(asoc->ep->base.sk, SCTP_PARAM_SET_PRIMARY, -- 2.27.0
Re: [PATCH v3 2/2] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
On 4/15/21 14:58, Kees Cook wrote:
> On Wed, Apr 14, 2021 at 06:45:15PM -0500, Gustavo A. R. Silva wrote:
>> Fix the following out-of-bounds warnings by adding a new structure
>> wl3501_req instead of duplicating the same members in structure
>> wl3501_join_req and wl3501_scan_confirm:
>>
>> arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset
>> [39, 108] from the object at 'sig' is out of the bounds of referenced
>> subobject 'beacon_period' with type 'short unsigned int' at offset 36
>> [-Warray-bounds]
>> arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset
>> [25, 95] from the object at 'sig' is out of the bounds of referenced
>> subobject 'beacon_period' with type 'short unsigned int' at offset 22
>> [-Warray-bounds]
>>
>> Refactor the code, accordingly:
>>
>> $ pahole -C wl3501_req drivers/net/wireless/wl3501_cs.o
>> struct wl3501_req {
>> u16beacon_period;/* 0 2 */
>> u16dtim_period; /* 2 2 */
>> u16cap_info; /* 4 2 */
>> u8 bss_type; /* 6 1 */
>> u8 bssid[6]; /* 7 6 */
>> struct iw_mgmt_essid_pset ssid; /*1334 */
>> struct iw_mgmt_ds_pset ds_pset; /*47 3 */
>> struct iw_mgmt_cf_pset cf_pset; /*50 8 */
>> struct iw_mgmt_ibss_pset ibss_pset;/*58 4 */
>> struct iw_mgmt_data_rset bss_basic_rset; /*6210 */
>>
>> /* size: 72, cachelines: 2, members: 10 */
>> /* last cacheline: 8 bytes */
>> };
>>
>> $ pahole -C wl3501_join_req drivers/net/wireless/wl3501_cs.o
>> struct wl3501_join_req {
>> u16next_blk; /* 0 2 */
>> u8 sig_id; /* 2 1 */
>> u8 reserved; /* 3 1 */
>> struct iw_mgmt_data_rset operational_rset; /* 410 */
>> u16reserved2;/*14 2 */
>> u16timeout; /*16 2 */
>> u16probe_delay; /*18 2 */
>> u8 timestamp[8]; /*20 8 */
>> u8 local_time[8];/*28 8 */
>> struct wl3501_req req; /*3672 */
>>
>> /* size: 108, cachelines: 2, members: 10 */
>> /* last cacheline: 44 bytes */
>> };
>>
>> $ pahole -C wl3501_scan_confirm drivers/net/wireless/wl3501_cs.o
>> struct wl3501_scan_confirm {
>> u16next_blk; /* 0 2 */
>> u8 sig_id; /* 2 1 */
>> u8 reserved; /* 3 1 */
>> u16status; /* 4 2 */
>> char timestamp[8]; /* 6 8 */
>> char localtime[8]; /*14 8 */
>> struct wl3501_req req; /*2272 */
>> /* --- cacheline 1 boundary (64 bytes) was 30 bytes ago --- */
>> u8 rssi; /*94 1 */
>>
>> /* size: 96, cachelines: 2, members: 8 */
>> /* padding: 1 */
>> /* last cacheline: 32 bytes */
>> };
>>
>> The problem is that the original code is trying to copy data into a
>> bunch of struct members adjacent to each other in a single call to
>> memcpy(). Now that a new struct wl3501_req enclosing all those adjacent
>> members is introduced, memcpy() doesn't overrun the length of
>> _period and >bss_set[i].beacon_period, because the
>> address of the new struct object _req_ is used as the destination,
>> instead.
>>
>> This helps with the ongoing efforts to globally enable -Warray-bounds
>> and get us closer to being able to tighten the FORTIFY_SOURCE routines
>> on memcpy().
>>
>> Link: https://github.com/KSPP/linux/issues/109
>> Reported-by: kernel test robot
>> Signed-off-by: Gustavo A. R. Silva
>
> Awesome! Thank you for this solution.
>
> Reviewed-by: Kees Cook
Thanks, Kees!
--
Gustavo
Re: [PATCH][next] hpfs: Replace one-element array with flexible-array member
Hi all,
Friendly ping: who can take this, please?
Thanks
--
Gustavo
On 3/26/21 12:35, Gustavo A. R. Silva wrote:
> There is a regular need in the kernel to provide a way to declare having
> a dynamically sized set of trailing elements in a structure. Kernel code
> should always use “flexible array members”[1] for these cases. The older
> style of one-element or zero-length arrays should no longer be used[2].
>
> Also, this helps with the ongoing efforts to enable -Warray-bounds by
> fixing the following warning:
>
> CC [M] fs/hpfs/dir.o
> fs/hpfs/dir.c: In function ‘hpfs_readdir’:
> fs/hpfs/dir.c:163:41: warning: array subscript 1 is above array bounds of
> ‘u8[1]’ {aka ‘unsigned char[1]’} [-Warray-bounds]
> 163 | || de ->name[0] != 1 || de->name[1] != 1))
> | ^~~
>
> [1] https://en.wikipedia.org/wiki/Flexible_array_member
> [2]
> https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
>
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/109
> Signed-off-by: Gustavo A. R. Silva
> ---
> fs/hpfs/hpfs.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/hpfs/hpfs.h b/fs/hpfs/hpfs.h
> index 302f45101a96..d92c4af3e1b4 100644
> --- a/fs/hpfs/hpfs.h
> +++ b/fs/hpfs/hpfs.h
> @@ -356,7 +356,8 @@ struct hpfs_dirent {
>u8 no_of_acls; /* number of ACL's (low 3 bits) */
>u8 ix; /* code page index (of filename), see
> struct code_page_data */
> - u8 namelen, name[1]; /* file name */
> + u8 namelen;/* file name length */
> + u8 name[]; /* file name */
>/* dnode_secno down; btree down pointer, if present,
> follows name on next word boundary, or maybe
> it
> precedes next dirent, which is on a word boundary. */
>
Re: [PATCH v2 0/2][next] wl3501_cs: Fix out-of-bounds warnings
On 4/14/21 01:51, Kalle Valo wrote: > "Gustavo A. R. Silva" writes: > >> Friendly ping: could somebody give us some feedback or take >> this series, please? > > First patch 2 comment needs to be resolved. Done: https://lore.kernel.org/lkml/cover.1618442265.git.gustavo...@kernel.org/ Thanks -- Gustavo
[PATCH v3 2/2] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
Fix the following out-of-bounds warnings by adding a new structure
wl3501_req instead of duplicating the same members in structure
wl3501_join_req and wl3501_scan_confirm:
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset
[39, 108] from the object at 'sig' is out of the bounds of referenced subobject
'beacon_period' with type 'short unsigned int' at offset 36 [-Warray-bounds]
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset
[25, 95] from the object at 'sig' is out of the bounds of referenced subobject
'beacon_period' with type 'short unsigned int' at offset 22 [-Warray-bounds]
Refactor the code, accordingly:
$ pahole -C wl3501_req drivers/net/wireless/wl3501_cs.o
struct wl3501_req {
u16beacon_period;/* 0 2 */
u16dtim_period; /* 2 2 */
u16cap_info; /* 4 2 */
u8 bss_type; /* 6 1 */
u8 bssid[6]; /* 7 6 */
struct iw_mgmt_essid_pset ssid; /*1334 */
struct iw_mgmt_ds_pset ds_pset; /*47 3 */
struct iw_mgmt_cf_pset cf_pset; /*50 8 */
struct iw_mgmt_ibss_pset ibss_pset;/*58 4 */
struct iw_mgmt_data_rset bss_basic_rset; /*6210 */
/* size: 72, cachelines: 2, members: 10 */
/* last cacheline: 8 bytes */
};
$ pahole -C wl3501_join_req drivers/net/wireless/wl3501_cs.o
struct wl3501_join_req {
u16next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 reserved; /* 3 1 */
struct iw_mgmt_data_rset operational_rset; /* 410 */
u16reserved2;/*14 2 */
u16timeout; /*16 2 */
u16probe_delay; /*18 2 */
u8 timestamp[8]; /*20 8 */
u8 local_time[8];/*28 8 */
struct wl3501_req req; /*3672 */
/* size: 108, cachelines: 2, members: 10 */
/* last cacheline: 44 bytes */
};
$ pahole -C wl3501_scan_confirm drivers/net/wireless/wl3501_cs.o
struct wl3501_scan_confirm {
u16next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 reserved; /* 3 1 */
u16status; /* 4 2 */
char timestamp[8]; /* 6 8 */
char localtime[8]; /*14 8 */
struct wl3501_req req; /*2272 */
/* --- cacheline 1 boundary (64 bytes) was 30 bytes ago --- */
u8 rssi; /*94 1 */
/* size: 96, cachelines: 2, members: 8 */
/* padding: 1 */
/* last cacheline: 32 bytes */
};
The problem is that the original code is trying to copy data into a
bunch of struct members adjacent to each other in a single call to
memcpy(). Now that a new struct wl3501_req enclosing all those adjacent
members is introduced, memcpy() doesn't overrun the length of
_period and >bss_set[i].beacon_period, because the
address of the new struct object _req_ is used as the destination,
instead.
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot
Signed-off-by: Gustavo A. R. Silva
---
Changes in v3:
- Add new struct wl3501_req and refactor the code, accordingly.
- Fix one more instance of this same issue.
- Update changelog text.
Changes in v2:
- None.
drivers/net/wireless/wl3501.h| 35 +++--
drivers/net/wireless/wl3501_cs.c | 44 +---
2 files changed, 38 insertions(+), 41 deletions(-)
diff --git a/drivers/net/wireless/wl3501.h b/drivers/net/wireless/wl3501.h
index aa8222cbea68..59b7b93c5963 100644
--- a/drivers/net/wireless/wl3501.h
+++ b/drivers/net/wireless/wl3501.h
@@ -379,16 +379,7 @@ struct wl3501_get_confirm {
u8 mib_value[100];
};
-struct wl3501_join_req {
- u16 next_blk;
- u8 sig_id;
- u8 reserved;
- struct iw_mgmt_data_rsetoperational_rset;
- u16 reserved2;
-
[PATCH v3 1/2] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
Fix the following out-of-bounds warnings by enclosing structure members
daddr and saddr into new struct addr, in structures wl3501_md_req and
wl3501_md_ind:
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset
[18, 23] from the object at 'sig' is out of the bounds of referenced subobject
'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds]
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset
[18, 23] from the object at 'sig' is out of the bounds of referenced subobject
'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds]
Refactor the code, accordingly:
$ pahole -C wl3501_md_req drivers/net/wireless/wl3501_cs.o
struct wl3501_md_req {
u16next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 routing; /* 3 1 */
u16data; /* 4 2 */
u16size; /* 6 2 */
u8 pri; /* 8 1 */
u8 service_class;/* 9 1 */
struct {
u8 daddr[6]; /*10 6 */
u8 saddr[6]; /*16 6 */
} addr; /*1012 */
/* size: 22, cachelines: 1, members: 8 */
/* last cacheline: 22 bytes */
};
$ pahole -C wl3501_md_ind drivers/net/wireless/wl3501_cs.o
struct wl3501_md_ind {
u16next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 routing; /* 3 1 */
u16data; /* 4 2 */
u16size; /* 6 2 */
u8 reception;/* 8 1 */
u8 pri; /* 9 1 */
u8 service_class;/*10 1 */
struct {
u8 daddr[6]; /*11 6 */
u8 saddr[6]; /*17 6 */
} addr; /*1112 */
/* size: 24, cachelines: 1, members: 9 */
/* padding: 1 */
/* last cacheline: 24 bytes */
};
The problem is that the original code is trying to copy data into a
couple of arrays adjacent to each other in a single call to memcpy().
Now that a new struct _addr_ enclosing those two adjacent arrays
is introduced, memcpy() doesn't overrun the length of [0]
and , because the address of the new struct object _addr_
is used, instead.
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot
Reviewed-by: Kees Cook
Signed-off-by: Gustavo A. R. Silva
---
Changes in v3:
- Enclose adjacent members in struct wl3501_md_ind into new struct req.
- Fix one more instance of this same issue in function
wl3501_md_ind_interrupt().
- Update changelog text.
- Add Kees' RB tag.
Changes in v2:
- Update changelog text.
- Replace a couple of magic numbers with new variable sig_addr_len.
drivers/net/wireless/wl3501.h| 12
drivers/net/wireless/wl3501_cs.c | 10 ++
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/wl3501.h b/drivers/net/wireless/wl3501.h
index e98e04ee9a2c..aa8222cbea68 100644
--- a/drivers/net/wireless/wl3501.h
+++ b/drivers/net/wireless/wl3501.h
@@ -471,8 +471,10 @@ struct wl3501_md_req {
u16 size;
u8 pri;
u8 service_class;
- u8 daddr[ETH_ALEN];
- u8 saddr[ETH_ALEN];
+ struct {
+ u8 daddr[ETH_ALEN];
+ u8 saddr[ETH_ALEN];
+ } addr;
};
struct wl3501_md_ind {
@@ -484,8 +486,10 @@ struct wl3501_md_ind {
u8 reception;
u8 pri;
u8 service_class;
- u8 daddr[ETH_ALEN];
- u8 saddr[ETH_ALEN];
+ struct {
+ u8 daddr[ETH_ALEN];
+ u8 saddr[ETH_ALEN];
+ } addr;
};
struct wl3501_md_confirm {
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index 8ca5789c7b37..70307308635f 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -469,6 +469,7 @@ static int wl3501_send_pkt(struct wl3501_card *this, u8
*data, u16 len)
struct wl3501_md_req sig = {
.sig_id
[PATCH v3 0/2] Fix out-of-bounds warnings
Fix multiple out-of-bounds warnings by making the code a bit more structured. This helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy(). Link: https://github.com/KSPP/linux/issues/109 Changes in v3: - Add new struct wl3501_req. - Update changelog text in patch 2/2. - Add Kees' RB tag to patch 1/2. - Fix one more instance of this same issue in both patches. Changes in v2: - Update changelog text in patch 1/2. - Replace a couple of magic numbers with new variable sig_addr_len. Gustavo A. R. Silva (2): wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join drivers/net/wireless/wl3501.h| 47 ++- drivers/net/wireless/wl3501_cs.c | 54 +--- 2 files changed, 52 insertions(+), 49 deletions(-) -- 2.27.0
