From: Michael Ellerman <patch-notifications@ellerman.id.au>
To: Stephen Rothwell <sfr@canb.auug.org.au>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jiri Slaby <jslaby@suse.com>
Cc: PowerPC Mailing List <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH] evh_bytechan: fix out of bounds accesses
Date: Wed, 18 Mar 2020 00:14:37 +1100 (AEDT) [thread overview]
Message-ID: <48hYYB1926z9sRR@ozlabs.org> (raw)
In-Reply-To: <20200109183912.5fcb52aa@canb.auug.org.au>
On Thu, 2020-01-09 at 07:39:12 UTC, Stephen Rothwell wrote:
> ev_byte_channel_send() assumes that its third argument is a 16 byte array.
> Some places where it is called it may not be (or we can't easily tell
> if it is). Newer compilers have started producing warnings about this,
> so make sure we actually pass a 16 byte array.
>
> There may be more elegant solutions to this, but the driver is quite
> old and hasn't been updated in many years.
>
> The warnings (from a powerpc allyesconfig build) are:
>
> In file included from include/linux/byteorder/big_endian.h:5,
> from arch/powerpc/include/uapi/asm/byteorder.h:14,
> from include/asm-generic/bitops/le.h:6,
> from arch/powerpc/include/asm/bitops.h:250,
> from include/linux/bitops.h:29,
> from include/linux/kernel.h:12,
> from include/asm-generic/bug.h:19,
> from arch/powerpc/include/asm/bug.h:109,
> from include/linux/bug.h:5,
> from include/linux/mmdebug.h:5,
> from include/linux/gfp.h:5,
> from include/linux/slab.h:15,
> from drivers/tty/ehv_bytechan.c:24:
> drivers/tty/ehv_bytechan.c: In function =E2=80=98ehv_bc_udbg_putc=E2=80=99:
> arch/powerpc/include/asm/epapr_hcalls.h:298:20: warning: array subscript 1 =
> is outside array bounds of =E2=80=98const char[1]=E2=80=99 [-Warray-bounds]
> 298 | r6 =3D be32_to_cpu(p[1]);
> include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of mac=
> ro =E2=80=98__be32_to_cpu=E2=80=99
> 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
> | ^
> arch/powerpc/include/asm/epapr_hcalls.h:298:7: note: in expansion of macro =
> =E2=80=98be32_to_cpu=E2=80=99
> 298 | r6 =3D be32_to_cpu(p[1]);
> | ^~~~~~~~~~~
> drivers/tty/ehv_bytechan.c:166:13: note: while referencing =E2=80=98data=E2=
> =80=99
> 166 | static void ehv_bc_udbg_putc(char c)
> | ^~~~~~~~~~~~~~~~
> In file included from include/linux/byteorder/big_endian.h:5,
> from arch/powerpc/include/uapi/asm/byteorder.h:14,
> from include/asm-generic/bitops/le.h:6,
> from arch/powerpc/include/asm/bitops.h:250,
> from include/linux/bitops.h:29,
> from include/linux/kernel.h:12,
> from include/asm-generic/bug.h:19,
> from arch/powerpc/include/asm/bug.h:109,
> from include/linux/bug.h:5,
> from include/linux/mmdebug.h:5,
> from include/linux/gfp.h:5,
> from include/linux/slab.h:15,
> from drivers/tty/ehv_bytechan.c:24:
> arch/powerpc/include/asm/epapr_hcalls.h:299:20: warning: array subscript 2 =
> is outside array bounds of =E2=80=98const char[1]=E2=80=99 [-Warray-bounds]
> 299 | r7 =3D be32_to_cpu(p[2]);
> include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of mac=
> ro =E2=80=98__be32_to_cpu=E2=80=99
> 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
> | ^
> arch/powerpc/include/asm/epapr_hcalls.h:299:7: note: in expansion of macro =
> =E2=80=98be32_to_cpu=E2=80=99
> 299 | r7 =3D be32_to_cpu(p[2]);
> | ^~~~~~~~~~~
> drivers/tty/ehv_bytechan.c:166:13: note: while referencing =E2=80=98data=E2=
> =80=99
> 166 | static void ehv_bc_udbg_putc(char c)
> | ^~~~~~~~~~~~~~~~
> In file included from include/linux/byteorder/big_endian.h:5,
> from arch/powerpc/include/uapi/asm/byteorder.h:14,
> from include/asm-generic/bitops/le.h:6,
> from arch/powerpc/include/asm/bitops.h:250,
> from include/linux/bitops.h:29,
> from include/linux/kernel.h:12,
> from include/asm-generic/bug.h:19,
> from arch/powerpc/include/asm/bug.h:109,
> from include/linux/bug.h:5,
> from include/linux/mmdebug.h:5,
> from include/linux/gfp.h:5,
> from include/linux/slab.h:15,
> from drivers/tty/ehv_bytechan.c:24:
> arch/powerpc/include/asm/epapr_hcalls.h:300:20: warning: array subscript 3 =
> is outside array bounds of =E2=80=98const char[1]=E2=80=99 [-Warray-bounds]
> 300 | r8 =3D be32_to_cpu(p[3]);
> include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of mac=
> ro =E2=80=98__be32_to_cpu=E2=80=99
> 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
> | ^
> arch/powerpc/include/asm/epapr_hcalls.h:300:7: note: in expansion of macro =
> =E2=80=98be32_to_cpu=E2=80=99
> 300 | r8 =3D be32_to_cpu(p[3]);
> | ^~~~~~~~~~~
> drivers/tty/ehv_bytechan.c:166:13: note: while referencing =E2=80=98data=E2=
> =80=99
> 166 | static void ehv_bc_udbg_putc(char c)
> | ^~~~~~~~~~~~~~~~
> In file included from include/linux/byteorder/big_endian.h:5,
> from arch/powerpc/include/uapi/asm/byteorder.h:14,
> from include/asm-generic/bitops/le.h:6,
> from arch/powerpc/include/asm/bitops.h:250,
> from include/linux/bitops.h:29,
> from include/linux/kernel.h:12,
> from include/asm-generic/bug.h:19,
> from arch/powerpc/include/asm/bug.h:109,
> from include/linux/bug.h:5,
> from include/linux/mmdebug.h:5,
> from include/linux/gfp.h:5,
> from include/linux/slab.h:15,
> from drivers/tty/ehv_bytechan.c:24:
> arch/powerpc/include/asm/epapr_hcalls.h:298:20: warning: array subscript 1 =
> is outside array bounds of =E2=80=98const char[1]=E2=80=99 [-Warray-bounds]
> 298 | r6 =3D be32_to_cpu(p[1]);
> include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of mac=
> ro =E2=80=98__be32_to_cpu=E2=80=99
> 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
> | ^
> arch/powerpc/include/asm/epapr_hcalls.h:298:7: note: in expansion of macro =
> =E2=80=98be32_to_cpu=E2=80=99
> 298 | r6 =3D be32_to_cpu(p[1]);
> | ^~~~~~~~~~~
> drivers/tty/ehv_bytechan.c:166:13: note: while referencing =E2=80=98data=E2=
> =80=99
> 166 | static void ehv_bc_udbg_putc(char c)
> | ^~~~~~~~~~~~~~~~
> In file included from include/linux/byteorder/big_endian.h:5,
> from arch/powerpc/include/uapi/asm/byteorder.h:14,
> from include/asm-generic/bitops/le.h:6,
> from arch/powerpc/include/asm/bitops.h:250,
> from include/linux/bitops.h:29,
> from include/linux/kernel.h:12,
> from include/asm-generic/bug.h:19,
> from arch/powerpc/include/asm/bug.h:109,
> from include/linux/bug.h:5,
> from include/linux/mmdebug.h:5,
> from include/linux/gfp.h:5,
> from include/linux/slab.h:15,
> from drivers/tty/ehv_bytechan.c:24:
> arch/powerpc/include/asm/epapr_hcalls.h:299:20: warning: array subscript 2 =
> is outside array bounds of =E2=80=98const char[1]=E2=80=99 [-Warray-bounds]
> 299 | r7 =3D be32_to_cpu(p[2]);
> include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of mac=
> ro =E2=80=98__be32_to_cpu=E2=80=99
> 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
> | ^
> arch/powerpc/include/asm/epapr_hcalls.h:299:7: note: in expansion of macro =
> =E2=80=98be32_to_cpu=E2=80=99
> 299 | r7 =3D be32_to_cpu(p[2]);
> | ^~~~~~~~~~~
> drivers/tty/ehv_bytechan.c:166:13: note: while referencing =E2=80=98data=E2=
> =80=99
> 166 | static void ehv_bc_udbg_putc(char c)
> | ^~~~~~~~~~~~~~~~
> In file included from include/linux/byteorder/big_endian.h:5,
> from arch/powerpc/include/uapi/asm/byteorder.h:14,
> from include/asm-generic/bitops/le.h:6,
> from arch/powerpc/include/asm/bitops.h:250,
> from include/linux/bitops.h:29,
> from include/linux/kernel.h:12,
> from include/asm-generic/bug.h:19,
> from arch/powerpc/include/asm/bug.h:109,
> from include/linux/bug.h:5,
> from include/linux/mmdebug.h:5,
> from include/linux/gfp.h:5,
> from include/linux/slab.h:15,
> from drivers/tty/ehv_bytechan.c:24:
> arch/powerpc/include/asm/epapr_hcalls.h:300:20: warning: array subscript 3 =
> is outside array bounds of =E2=80=98const char[1]=E2=80=99 [-Warray-bounds]
> 300 | r8 =3D be32_to_cpu(p[3]);
> include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of mac=
> ro =E2=80=98__be32_to_cpu=E2=80=99
> 40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
> | ^
> arch/powerpc/include/asm/epapr_hcalls.h:300:7: note: in expansion of macro =
> =E2=80=98be32_to_cpu=E2=80=99
> 300 | r8 =3D be32_to_cpu(p[3]);
> | ^~~~~~~~~~~
> drivers/tty/ehv_bytechan.c:166:13: note: while referencing =E2=80=98data=E2=
> =80=99
> 166 | static void ehv_bc_udbg_putc(char c)
> | ^~~~~~~~~~~~~~~~
>
> Fixes: dcd83aaff1c8 ("tty/powerpc: introduce the ePAPR embedded hypervisor =
> byte channel driver")
> Cc: Michael Ellerman <mpe@ellerman.id.au>
> Cc: PowerPC Mailing List <linuxppc-dev@lists.ozlabs.org>
> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/3670664b5da555a2a481449b3baafff113b0ac35
cheers
prev parent reply other threads:[~2020-03-17 13:25 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-09 7:39 [PATCH] evh_bytechan: fix out of bounds accesses Stephen Rothwell
2020-01-13 12:26 ` Michael Ellerman
2020-01-13 13:48 ` Timur Tabi
2020-01-13 14:34 ` Laurentiu Tudor
2020-01-13 15:48 ` Timur Tabi
2020-01-14 1:10 ` Michael Ellerman
2020-01-14 9:18 ` Laurentiu Tudor
2020-01-14 11:01 ` Timur Tabi
2020-01-13 16:03 ` Timur Tabi
2020-01-13 20:25 ` Stephen Rothwell
2020-01-14 1:10 ` Timur Tabi
2020-01-14 1:13 ` Timur Tabi
2020-01-14 1:17 ` Scott Wood
2020-01-14 6:31 ` Stephen Rothwell
2020-01-15 12:33 ` Laurentiu Tudor
2020-01-15 13:25 ` Timur Tabi
2020-01-15 19:42 ` Stephen Rothwell
2020-01-15 20:01 ` Scott Wood
2020-01-16 0:37 ` Stephen Rothwell
2020-02-20 23:57 ` Stephen Rothwell
2020-02-25 9:54 ` Laurentiu Tudor
2020-02-25 20:56 ` Stephen Rothwell
2020-02-26 9:43 ` Laurentiu Tudor
2020-01-16 2:29 ` Timur Tabi
2020-01-14 8:29 ` Segher Boessenkool
2020-01-14 11:53 ` Timur Tabi
2020-01-14 12:24 ` Segher Boessenkool
2020-03-17 13:14 ` Michael Ellerman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48hYYB1926z9sRR@ozlabs.org \
--to=patch-notifications@ellerman.id.au \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).