| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Apr 2020 23:30:55 +0200
From: Arnd Bergmann <arnd@...db.de>
To: linux-kernel@...r.kernel.org,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
James Bottomley <James.Bottomley@...elEye.com>
Cc: Arnd Bergmann <arnd@...db.de>,
James Bottomley <James.Bottomley@...senPartnership.com>,
John Garry <john.garry@...wei.com>,
Hannes Reinecke <hare@...e.com>, linux-scsi@...r.kernel.org
Subject: [PATCH 13/15] scsi: sas: avoid gcc-10 zero-length-bounds warning
Two files access the zero-length resp_data[] array, which now
causes a compiler warning:
drivers/scsi/aic94xx/aic94xx_tmf.c: In function 'asd_get_tmf_resp_tasklet':
drivers/scsi/aic94xx/aic94xx_tmf.c:291:22: warning: array subscript 3 is outside the bounds of an interior zero-length array 'u8[0]' {aka 'unsigned char[0]'} [-Wzero-length-bounds]
291 | res = ru->resp_data[3];
| ~~~~~~~~~~~~~^~~
In file included from include/scsi/libsas.h:15,
from drivers/scsi/aic94xx/aic94xx.h:16,
from drivers/scsi/aic94xx/aic94xx_tmf.c:11:
include/scsi/sas.h:557:9: note: while referencing 'resp_data'
557 | u8 resp_data[0];
| ^~~~~~~~~
drivers/scsi/libsas/sas_task.c: In function 'sas_ssp_task_response':
drivers/scsi/libsas/sas_task.c:21:30: warning: array subscript 3 is outside the bounds of an interior zero-length array 'u8[0]' {aka 'unsigned char[0]'} [-Wzero-length-bounds]
21 | tstat->stat = iu->resp_data[3];
| ~~~~~~~~~~~~~^~~
In file included from include/scsi/scsi_transport_sas.h:8,
from drivers/scsi/libsas/sas_internal.h:14,
from drivers/scsi/libsas/sas_task.c:3:
include/scsi/sas.h:557:9: note: while referencing 'resp_data'
557 | u8 resp_data[0];
| ^~~~~~~~~
This should really be a flexible-array member, but the structure
already has such a member, swapping it out with sense_data[] would
cause many more warnings elsewhere.
As a workaround, add a temporary pointer that can be accessed without
a warning.
Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver")
Fixes: 366ca51f30de ("[SCSI] libsas: abstract STP task status into a function")
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
drivers/scsi/aic94xx/aic94xx_tmf.c | 4 +++-
drivers/scsi/libsas/sas_task.c | 3 ++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/aic94xx/aic94xx_tmf.c b/drivers/scsi/aic94xx/aic94xx_tmf.c
index f814026f26fa..a3139f9766c8 100644
--- a/drivers/scsi/aic94xx/aic94xx_tmf.c
+++ b/drivers/scsi/aic94xx/aic94xx_tmf.c
@@ -269,6 +269,7 @@ static int asd_get_tmf_resp_tasklet(struct asd_ascb *ascb,
struct ssp_frame_hdr *fh;
struct ssp_response_iu *ru;
int res = TMF_RESP_FUNC_FAILED;
+ u8 *resp;
ASD_DPRINTK("tmf resp tasklet\n");
@@ -287,8 +288,9 @@ static int asd_get_tmf_resp_tasklet(struct asd_ascb *ascb,
fh = edb->vaddr + 16;
ru = edb->vaddr + 16 + sizeof(*fh);
res = ru->status;
+ resp = ru->resp_data;
if (ru->datapres == 1) /* Response data present */
- res = ru->resp_data[3];
+ res = resp[3];
#if 0
ascb->tag = fh->tag;
#endif
diff --git a/drivers/scsi/libsas/sas_task.c b/drivers/scsi/libsas/sas_task.c
index e2d42593ce52..4cd2f9611c4a 100644
--- a/drivers/scsi/libsas/sas_task.c
+++ b/drivers/scsi/libsas/sas_task.c
@@ -12,13 +12,14 @@ void sas_ssp_task_response(struct device *dev, struct sas_task *task,
struct ssp_response_iu *iu)
{
struct task_status_struct *tstat = &task->task_status;
+ u8 *resp = iu->resp_data;
tstat->resp = SAS_TASK_COMPLETE;
if (iu->datapres == 0)
tstat->stat = iu->status;
else if (iu->datapres == 1)
- tstat->stat = iu->resp_data[3];
+ tstat->stat = resp[3];
else if (iu->datapres == 2) {
tstat->stat = SAM_STAT_CHECK_CONDITION;
tstat->buf_valid_size =
--
2.26.0
Powered by blists - more mailing lists