mainline build failure due to df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")

mainline build failure due to df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")

[Sudip Mukherjee (Codethink)]

Hi All,

The latest mainline kernel branch fails to build with clang (version 16.0.1), and the errors are like:


drivers/scsi/aacraid/commsup.c:1170:17: error: array index 1 is past the end of the array (that has type 'u8[1]' (aka 'unsigned char[1]'), cast to '__le32 *' (aka 'unsigned int *')) [-Werror,-Warray-bounds]
                                (((__le32 *)aifcmd->data)[1] == cpu_to_le32(3));
                                            ^             ~
drivers/scsi/aacraid/aacraid.h:2621:2: note: array 'data' declared here
        u8 data[1];             /* Undefined length (from kernel viewpoint) */
        ^
drivers/scsi/aacraid/commsup.c:1290:20: error: array index 3 is past the end of the array (that has type 'u8[1]' (aka 'unsigned char[1]'), cast to '__le32 *' (aka 'unsigned int *')) [-Werror,-Warray-bounds]
                                  ((((__le32 *)aifcmd->data)[3]
                                               ^

_______________________________________________________________________


drivers/staging/ks7010/ks_wlan_net.c:1600:34: error: array index 16 is past the end of the array (that has type '__u8[0]' (aka 'unsigned char[0]')) [-Werror,-Warray-bounds]
                                memcpy(&key->tx_mic_key[0], &enc->key[16], 8);
                                                             ^        ~~
./include/linux/fortify-string.h:694:35: note: expanded from macro 'memcpy'
                __struct_size(p), __struct_size(q),                     \
                                                ^
./include/linux/fortify-string.h:96:56: note: expanded from macro '__struct_size'
#define __struct_size(p)        __builtin_dynamic_object_size(p, 0)
                                                              ^
./include/linux/fortify-string.h:638:27: note: expanded from macro '__fortify_memcpy_chk'
        const size_t __q_size = (q_size);                               \
                                 ^~~~~~
./include/uapi/linux/wireless.h:838:2: note: array 'key' declared here
        __u8            key[0];
        ^

_______________________________________________________________________


git bisect pointed to df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3").

Reverting the commit has fixed the build failure.

I will be happy to test any patch or provide any extra log if needed.

#regzbot introduced: df8fc4e934c12b906d08050d7779f292b9c5c6b5


-- 
Regards
Sudip

Re: mainline build failure due to df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")

[Gustavo A. R. Silva]

Hi,

Thanks for the report. See my comments below.

On 6/29/23 07:53, Sudip Mukherjee (Codethink) wrote:
> Hi All,
> 
> The latest mainline kernel branch fails to build with clang (version 16.0.1), and the errors are like:
> 
> 
> drivers/scsi/aacraid/commsup.c:1170:17: error: array index 1 is past the end of the array (that has type 'u8[1]' (aka 'unsigned char[1]'), cast to '__le32 *' (aka 'unsigned int *')) [-Werror,-Warray-bounds]
>                                  (((__le32 *)aifcmd->data)[1] == cpu_to_le32(3));
>                                              ^             ~
> drivers/scsi/aacraid/aacraid.h:2621:2: note: array 'data' declared here
>          u8 data[1];             /* Undefined length (from kernel viewpoint) */
>          ^
> drivers/scsi/aacraid/commsup.c:1290:20: error: array index 3 is past the end of the array (that has type 'u8[1]' (aka 'unsigned char[1]'), cast to '__le32 *' (aka 'unsigned int *')) [-Werror,-Warray-bounds]
>                                    ((((__le32 *)aifcmd->data)[3]

These are addressed by this patch:
https://lore.kernel.org/linux-hardening/65907ee4083de62fbaadc5c2e6512e3828912d1b.1687974498.git.gustavoars@kernel.org/

in this series (for which I'll send v2 shortly):
https://lore.kernel.org/linux-hardening/62386518-4123-db1f-4656-6b4ea509f5b1@embeddedor.com/T/


> drivers/staging/ks7010/ks_wlan_net.c:1600:34: error: array index 16 is past the end of the array (that has type '__u8[0]' (aka 'unsigned char[0]')) [-Werror,-Warray-bounds]
>                                  memcpy(&key->tx_mic_key[0], &enc->key[16], 8);
>                                                               ^        ~~
> ./include/linux/fortify-string.h:694:35: note: expanded from macro 'memcpy'
>                  __struct_size(p), __struct_size(q),                     \
>                                                  ^
> ./include/linux/fortify-string.h:96:56: note: expanded from macro '__struct_size'
> #define __struct_size(p)        __builtin_dynamic_object_size(p, 0)
>                                                                ^
> ./include/linux/fortify-string.h:638:27: note: expanded from macro '__fortify_memcpy_chk'
>          const size_t __q_size = (q_size);                               \
>                                   ^~~~~~
> ./include/uapi/linux/wireless.h:838:2: note: array 'key' declared here
>          __u8            key[0];
>          ^

and these are addressed by this patch:
https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git/commit/?h=for-next/kspp&id=40ca06d71d60677a8424798610c97a46e4140a21

in this pull-request:
https://lore.kernel.org/linux-hardening/ZJxZJDUDs1ry84Rc@work/

Thanks
--
Gustavo

> 
> _______________________________________________________________________
> 
> 
> git bisect pointed to df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3").
> 
> Reverting the commit has fixed the build failure.
> 
> I will be happy to test any patch or provide any extra log if needed.
> 
> #regzbot introduced: df8fc4e934c12b906d08050d7779f292b9c5c6b5
> 
> 

Re: mainline build failure due to df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")

[Linux regression tracking (Thorsten Leemhuis)]

On 29.06.23 16:09, Gustavo A. R. Silva wrote:
> 
> Thanks for the report. See my comments below.

Thx for your reply.

> On 6/29/23 07:53, Sudip Mukherjee (Codethink) wrote:
>>
>> The latest mainline kernel branch fails to build with clang (version
>> 16.0.1), and the errors are like:
>>
>> drivers/scsi/aacraid/commsup.c:1170:17: error: array index 1 is past
>> the end of the array (that has type 'u8[1]' (aka 'unsigned char[1]'),
>> cast to '__le32 *' (aka 'unsigned int *')) [-Werror,-Warray-bounds]
>>                                  (((__le32 *)aifcmd->data)[1] ==
>> cpu_to_le32(3));
>>                                              ^             ~
> [...]
> These are addressed by this patch:
> https://lore.kernel.org/linux-hardening/65907ee4083de62fbaadc5c2e6512e3828912d1b.1687974498.git.gustavoars@kernel.org/
> 
> in this series (for which I'll send v2 shortly):
> https://lore.kernel.org/linux-hardening/62386518-4123-db1f-4656-6b4ea509f5b1@embeddedor.com/T/

Are those fixes still on track? Looks like there was not much progress
since then, so I suspect this won't be fixed before -rc1? Or did miss
something?

Ciao, Thorsten

> [...]
>>
>> git bisect pointed to df8fc4e934c1 ("kbuild: Enable
>> -fstrict-flex-arrays=3").
>>
>> Reverting the commit has fixed the build failure.
>>
>> I will be happy to test any patch or provide any extra log if needed.
>>
>> #regzbot introduced: df8fc4e934c12b906d08050d7779f292b9c5c6b5
>>
>>
> 
> 

Re: mainline build failure due to df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")

[Gustavo A. R. Silva]

On 7/7/23 06:52, Linux regression tracking (Thorsten Leemhuis) wrote:

> Are those fixes still on track? Looks like there was not much progress
> since then, so I suspect this won't be fixed before -rc1? Or did miss
> something?

The change is already in SCSI for them to send it to mainline when they
see fit:
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=6.5/scsi-staging&id=47699a2b63caaa0de4841d4402627c2fdf3452a6

--
Gustavo

Re: mainline build failure due to df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")

[Linux regression tracking (Thorsten Leemhuis)]

On 07.07.23 18:17, Gustavo A. R. Silva wrote:
> On 7/7/23 06:52, Linux regression tracking (Thorsten Leemhuis) wrote:
> 
>> Are those fixes still on track? Looks like there was not much progress
>> since then, so I suspect this won't be fixed before -rc1? Or did miss
>> something?
> 
> The change is already in SCSI for them to send it to mainline when they
> see fit:
> https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=6.5/scsi-staging&id=47699a2b63caaa0de4841d4402627c2fdf3452a6

Ahh, great. I had checked -next before writing my mail, but somehow
missed this one. Sorry. And thanks for your help.

This afaics was the last remaining issue of those reported in the
initial mail of this thread, hence telling regzbot to mark this as
resolved by that commit.

#regzbot fix: scsi: aacraid: Avoid -Warray-bounds warning

Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
If I did something stupid, please tell me, as explained on that page.