From: Dan Carpenter <dan.carpenter@linaro.org>
To: Jonathan Cameron <jic23@jic23.retrosnub.co.uk>
Cc: David Lechner <dlechner@baylibre.com>, linux-iio@vger.kernel.org
Subject: Re: [bug report] iio: pressure: bmp280: drop sensor_data array
Date: Wed, 7 May 2025 10:41:28 +0300 [thread overview]
Message-ID: <aBsOqAI0efLHGbeA@stanley.mountain> (raw)
In-Reply-To: <FA0C8BC9-FD7F-44B7-A4A8-EA5E5BC6C8C7@jic23.retrosnub.co.uk>
On Wed, May 07, 2025 at 07:35:27AM +0100, Jonathan Cameron wrote:
>
>
> On 6 May 2025 19:35:08 BST, Dan Carpenter <dan.carpenter@linaro.org> wrote:
> >On Tue, May 06, 2025 at 09:25:00AM -0500, David Lechner wrote:
> >> On 5/6/25 7:32 AM, Dan Carpenter wrote:
> >> > Hello David Lechner,
> >> >
> >> > Commit 4e6c3c4801a6 ("iio: pressure: bmp280: drop sensor_data array")
> >> > from Apr 22, 2025 (linux-next), leads to the following Smatch static
> >> > checker warning:
> >> >
> >> > drivers/iio/pressure/bmp280-core.c:1280 bme280_trigger_handler()
> >> > warn: check that 'buffer' doesn't leak information (struct has a hole after 'comp_humidity')
> >> >
> >> > drivers/iio/pressure/bmp280-core.c
> >> > 1225 static irqreturn_t bme280_trigger_handler(int irq, void *p)
> >> > 1226 {
> >> > 1227 struct iio_poll_func *pf = p;
> >> > 1228 struct iio_dev *indio_dev = pf->indio_dev;
> >> > 1229 struct bmp280_data *data = iio_priv(indio_dev);
> >> > 1230 u32 adc_temp, adc_press, adc_humidity;
> >> > 1231 s32 t_fine;
> >> > 1232 struct {
> >> > 1233 u32 comp_press;
> >> > 1234 s32 comp_temp;
> >> > 1235 u32 comp_humidity;
> >> > 1236 aligned_s64 timestamp;
> >> >
> >> > There is a 4 byte hole between comp_humidity and timestamp.
> >>
> >> Yes, this was the intention of this patch.
> >>
> >> >
> >> > 1237 } buffer;
> >> > 1238 int ret;
> >> > 1239
> >>
> >> ...
> >>
> >> > 1279
> >> > --> 1280 iio_push_to_buffers_with_ts(indio_dev, &buffer, sizeof(buffer),
> >> > ^^^^^^^^^^^^^^^^^^^^^^^
> >> > So I believe it leads to an information leaks here.
> >>
> >> Aha, so we should e.g. do memset() to fill the hole first.
> >>
> >
> >That works, or you could initialize it with = { }.
>
> I tried to track this down the other day.
> What are compilers guaranteeing around
> that vs { 0 } and holes? The c spec has only recently standardised on { }.
>
> I'd love to stop using memset for these.
The rule in the C standard is that if the initializer sets every struct
member then it will NOT zero out struct holes. But if there are any
unset struct members then the holes are zeroed. So = { } will always
work. You really have to try hard to invent a scenario where = { 0 }
won't fill the struct holes (a one member struct with a weird alignment).
regards,
dan carpenter
next prev parent reply other threads:[~2025-05-07 7:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-06 12:32 [bug report] iio: pressure: bmp280: drop sensor_data array Dan Carpenter
2025-05-06 14:25 ` David Lechner
2025-05-06 18:35 ` Dan Carpenter
2025-05-07 6:35 ` Jonathan Cameron
2025-05-07 7:41 ` Dan Carpenter [this message]
2025-05-07 13:33 ` David Lechner
2025-05-09 5:49 ` Dan Carpenter
2025-05-09 10:01 ` Dan Carpenter
2025-05-09 16:58 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aBsOqAI0efLHGbeA@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=dlechner@baylibre.com \
--cc=jic23@jic23.retrosnub.co.uk \
--cc=linux-iio@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox