| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Jun 2022 09:29:25 -0700
From: Kees Cook <keescook@...omium.org>
To: "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
Adaptec OEM Raid Solutions <aacraid@...rosemi.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH 8/8][next] scsi: aacraid: Replace one-element array with
flexible-array member in struct aac_aifcmd
On Tue, Feb 22, 2022 at 01:31:07AM -0600, Gustavo A. R. Silva wrote:
> Replace one-element array with flexible-array member in struct
> aac_aifcmd.
>
> This issue was found with the help of Coccinelle and audited and fixed,
> manually.
>
> Link: https://www.kernel.org/doc/html/v5.16/process/deprecated.html#zero-length-and-one-element-arrays
> Link: https://github.com/KSPP/linux/issues/79
> Signed-off-by: Gustavo A. R. Silva <gustavoars@...nel.org>
> ---
> drivers/scsi/aacraid/aacraid.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h
> index 97948cd5f13c..447feabf5360 100644
> --- a/drivers/scsi/aacraid/aacraid.h
> +++ b/drivers/scsi/aacraid/aacraid.h
> @@ -2616,7 +2616,7 @@ struct aac_hba_info {
> struct aac_aifcmd {
> __le32 command; /* Tell host what type of notify this is */
> __le32 seqnum; /* To allow ordering of reports (if necessary) */
> - u8 data[1]; /* Undefined length (from kernel viewpoint) */
> + u8 data[]; /* Undefined length (from kernel viewpoint) */
> };
>
> /**
> --
> 2.27.0
>
FWIW, this patch solves an -Warray-bounds warning that is seen under
-fstrict-flex-arrays=3 (coming soon[1]):
../drivers/scsi/aacraid/commsup.c:1166:17: warning: array index 1 is past the end of the array (which contains 1 element) [-Warray-bounds]
(((__le32 *)aifcmd->data)[1] == cpu_to_le32(3));
^ ~
../drivers/scsi/aacraid/aacraid.h:2620:2: note: array 'data' declared here
u8 data[1]; /* Undefined length (from kernel viewpoint) */
^
../drivers/scsi/aacraid/commsup.c:1286:20: warning: array index 3 is past the end of the array (which contains 1 element) [-Warray-bounds]
((((__le32 *)aifcmd->data)[3]
^ ~
../drivers/scsi/aacraid/aacraid.h:2620:2: note: array 'data' declared here
u8 data[1]; /* Undefined length (from kernel viewpoint) */
^
[1] new flag in GCC and Clang:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836
https://reviews.llvm.org/D126864
--
Kees Cook
Powered by blists - more mailing lists