lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20230204183715.never.937-kees@kernel.org>
Date:   Sat,  4 Feb 2023 10:37:16 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Sumit Saxena <sumit.saxena@...adcom.com>
Cc:     Kees Cook <keescook@...omium.org>,
        Himanshu Madhani <himanshu.madhani@...cle.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        kernel test robot <lkp@...el.com>,
        linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: [PATCH] scsi: mpi3mr: Replace 1-element array with flex-array

Nothing else defined MPI3_NVME_ENCAP_CMD_MAX, so the "command"
buffer was being defined as a fake flexible array of size 1. Replace
this with a proper flex array. Avoids this GCC 13 warning under
-fstrict-flex-arrays=3:

In function 'fortify_memset_chk',
    inlined from 'mpi3mr_build_nvme_sgl' at ../drivers/scsi/mpi3mr/mpi3mr_app.c:693:2,
    inlined from 'mpi3mr_bsg_process_mpt_cmds.constprop' at ../drivers/scsi/mpi3mr/mpi3mr_app.c:1214:8:
../include/linux/fortify-string.h:430:25: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()?  [-Wattribute-warning]
  430 |                         __write_overflow_field(p_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cc: Sumit Saxena <sumit.saxena@...adcom.com>
Cc: Himanshu Madhani <himanshu.madhani@...cle.com>
Cc: "Martin K. Petersen" <martin.petersen@...cle.com>
Cc: Stephen Rothwell <sfr@...b.auug.org.au>
Cc: kernel test robot <lkp@...el.com>
Signed-off-by: Kees Cook <keescook@...omium.org>
---
 include/uapi/scsi/scsi_bsg_mpi3mr.h | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/include/uapi/scsi/scsi_bsg_mpi3mr.h b/include/uapi/scsi/scsi_bsg_mpi3mr.h
index fdc3517f9e19..907d345f04f9 100644
--- a/include/uapi/scsi/scsi_bsg_mpi3mr.h
+++ b/include/uapi/scsi/scsi_bsg_mpi3mr.h
@@ -455,12 +455,6 @@ struct mpi3mr_bsg_packet {
 	} cmd;
 };
 
-
-/* MPI3: NVMe Encasulation related definitions */
-#ifndef MPI3_NVME_ENCAP_CMD_MAX
-#define MPI3_NVME_ENCAP_CMD_MAX               (1)
-#endif
-
 struct mpi3_nvme_encapsulated_request {
 	__le16	host_tag;
 	__u8	ioc_use_only02;
@@ -474,7 +468,7 @@ struct mpi3_nvme_encapsulated_request {
 	__le16	flags;
 	__le32	data_length;
 	__le32  reserved14[3];
-	__le32	command[MPI3_NVME_ENCAP_CMD_MAX];
+	__le32	command[];
 };
 
 struct mpi3_nvme_encapsulated_error_reply {
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ