From: Kees Cook <keescook@chromium.org>
To: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>,
Niklas Cassel <Niklas.Cassel@wdc.com>,
James Seo <james@equiv.tech>,
Sathya Prakash <sathya.prakash@broadcom.com>,
Sreekanth Reddy <sreekanth.reddy@broadcom.com>,
Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com>,
"James E.J. Bottomley" <jejb@linux.ibm.com>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 00/12] scsi: mpt3sas: Use flexible arrays and do a few cleanups
Date: Mon, 23 Oct 2023 09:30:07 -0700 [thread overview]
Message-ID: <202310230929.494FD6E14E@keescook> (raw)
In-Reply-To: <20230806170604.16143-1-james@equiv.tech>
On Sun, Aug 06, 2023 at 10:05:52AM -0700, James Seo wrote:
> Commit df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3") has
> resulted in the only arrays that UBSAN_BOUNDS considers unbounded
> being trailing arrays declared with [] as the last member of a
> struct. Unbounded trailing arrays declared with [1] are common in
> mpt3sas, which is causing spurious warnings to appear in some
> situations, e.g. when more than one physical disk is connected:
>
> UBSAN: array-index-out-of-bounds in drivers/scsi/mpt3sas/mpt3sas_scsih.c:6810:36
> index 1 is out of range for type 'MPI2_SAS_IO_UNIT0_PHY_DATA [1]'
>
> which relates to this unbounded array access:
>
> port_id = sas_iounit_pg0->PhyData[i].Port;
>
> and is just one example of 10 similar warnings currently occurring
> for me during boot.
>
> This series converts most trailing arrays declared with [1] in mptsas
> into proper C99 flexible array members. Those that are not unbounded
> and really are fixed-length arrays of length 1 are left alone.
>
> I didn't find any conversions that required further source edits
> besides changing [1] to [], and everything seems to work with my
> SAS2008-based add-in card, but please look things over in case I
> missed something subtle.
>
> Rounding out the series are some opportunistic cleanups.
>
> The only dependency is that patch 7 ("Use struct_size() for struct
> size calculations") depends on patches 3-5.
>
> History:
> v1: https://lore.kernel.org/linux-scsi/20230725161331.27481-1-james@equiv.tech/
>
> Changes v1->v2:
> - Slightly reword and add Reviewed-by: tags to commit messages
> - Split up a commit that was resulting in many binary changes
> - Remove the iounit_pg8 member of the per-adapter struct
> - Replace more dynamic allocations with local variables
Here's a tested-by: from Boris:
https://lore.kernel.org/all/20231023135615.GBZTZ7fwRh48euq3ew@fat_crate.local
-Kees
>
> James Seo (12):
> scsi: mpt3sas: Use flexible arrays when obviously possible
> scsi: mpt3sas: Make MPI2_CONFIG_PAGE_IO_UNIT_8::Sensor[] a flexible
> array
> scsi: mpt3sas: Make MPI2_CONFIG_PAGE_RAID_VOL_0::PhysDisk[] a flexible
> array
> scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_0::PhyData[] a flexible
> array
> scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_1::PhyData[] a flexible
> array
> scsi: mpt3sas: Make MPI26_CONFIG_PAGE_PIOUNIT_1::PhyData[] a flexible
> array
> scsi: mpt3sas: Use struct_size() for struct size calculations
> scsi: mpt3sas: Remove the iounit_pg8 member of the per-adapter struct
> scsi: mpt3sas: Fix an outdated comment
> scsi: mpt3sas: Fix typo of "TRIGGER"
> scsi: mpt3sas: Replace a dynamic allocation with a local variable
> scsi: mpt3sas: Replace dynamic allocations with local variables
>
> drivers/scsi/mpt3sas/mpi/mpi2_cnfg.h | 231 ++++++-------------
> drivers/scsi/mpt3sas/mpi/mpi2_image.h | 32 +--
> drivers/scsi/mpt3sas/mpi/mpi2_ioc.h | 27 +--
> drivers/scsi/mpt3sas/mpt3sas_base.c | 35 ++-
> drivers/scsi/mpt3sas/mpt3sas_base.h | 2 -
> drivers/scsi/mpt3sas/mpt3sas_config.c | 6 +-
> drivers/scsi/mpt3sas/mpt3sas_scsih.c | 55 ++---
> drivers/scsi/mpt3sas/mpt3sas_transport.c | 9 +-
> drivers/scsi/mpt3sas/mpt3sas_trigger_pages.h | 44 ++--
> drivers/scsi/mpt3sas/mpt3sas_warpdrive.c | 3 +-
> 10 files changed, 151 insertions(+), 293 deletions(-)
>
>
> base-commit: 6cae9a3910ac1b5daf5ac3db9576b78cc4eff5aa
> --
> 2.39.2
>
--
Kees Cook
next prev parent reply other threads:[~2023-10-23 16:30 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-06 17:05 [PATCH v2 00/12] scsi: mpt3sas: Use flexible arrays and do a few cleanups James Seo
2023-08-06 17:05 ` [PATCH v2 01/12] scsi: mpt3sas: Use flexible arrays when obviously possible James Seo
2023-08-06 17:05 ` [PATCH v2 02/12] scsi: mpt3sas: Make MPI2_CONFIG_PAGE_IO_UNIT_8::Sensor[] a flexible array James Seo
2023-08-25 20:37 ` Kees Cook
2023-08-27 7:05 ` James Seo
2023-08-06 17:05 ` [PATCH v2 03/12] scsi: mpt3sas: Make MPI2_CONFIG_PAGE_RAID_VOL_0::PhysDisk[] " James Seo
2023-08-25 21:03 ` Kees Cook
2023-08-27 7:06 ` James Seo
2023-08-06 17:05 ` [PATCH v2 04/12] scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_0::PhyData[] " James Seo
2023-08-06 17:05 ` [PATCH v2 05/12] scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_1::PhyData[] " James Seo
2023-08-06 17:05 ` [PATCH v2 06/12] scsi: mpt3sas: Make MPI26_CONFIG_PAGE_PIOUNIT_1::PhyData[] " James Seo
2023-08-06 17:05 ` [PATCH v2 07/12] scsi: mpt3sas: Use struct_size() for struct size calculations James Seo
2023-08-06 17:06 ` [PATCH v2 08/12] scsi: mpt3sas: Remove the iounit_pg8 member of the per-adapter struct James Seo
2023-08-06 17:06 ` [PATCH v2 09/12] scsi: mpt3sas: Fix an outdated comment James Seo
2023-08-06 17:06 ` [PATCH v2 10/12] scsi: mpt3sas: Fix typo of "TRIGGER" James Seo
2023-08-06 17:06 ` [PATCH v2 11/12] scsi: mpt3sas: Replace a dynamic allocation with a local variable James Seo
2023-08-06 17:06 ` [PATCH v2 12/12] scsi: mpt3sas: Replace dynamic allocations with local variables James Seo
2023-08-25 3:00 ` [PATCH v2 00/12] scsi: mpt3sas: Use flexible arrays and do a few cleanups Martin K. Petersen
2023-10-11 0:49 ` Kees Cook
2023-10-28 19:32 ` James Seo
2023-10-23 16:30 ` Kees Cook [this message]
2023-10-25 2:05 ` Martin K. Petersen
2023-10-25 22:33 ` Kees Cook
2023-11-15 13:54 ` Martin K. Petersen
2023-11-15 14:38 ` Kees Cook
2023-11-25 2:54 ` Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202310230929.494FD6E14E@keescook \
--to=keescook@chromium.org \
--cc=MPT-FusionLinux.pdl@broadcom.com \
--cc=Niklas.Cassel@wdc.com \
--cc=bp@alien8.de \
--cc=gustavoars@kernel.org \
--cc=james@equiv.tech \
--cc=jejb@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sathya.prakash@broadcom.com \
--cc=sreekanth.reddy@broadcom.com \
--cc=suganath-prabu.subramani@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox