From patchwork Mon Jul 31 09:04:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 108984 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp2043938qge; Mon, 31 Jul 2017 02:04:50 -0700 (PDT) X-Received: by 10.98.68.218 with SMTP id m87mr14519970pfi.16.1501491890391; Mon, 31 Jul 2017 02:04:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501491890; cv=none; d=google.com; s=arc-20160816; b=riwU4ePcl1r7BzFSOJxlvaJC99ylQvV3C4d9da4835U130+PUxTP5YN0YVLsrng5B8 w7BMeg1ORvil4SFurCExvWAmoh9uWo/kBLYHiHM0g7sJtH4kFGwCvBfQvA6febqNgHc5 ctgMqQG3cmoZa+5+D3PgKswptJ83cf4A8VSjXGH8EU8s/T4C757K9fuBcafrZfg9d7ZG VPLqLZ1pe8eQD0eVhSpnBPJycWfwwtFJut0k7tW4GzvgKtc3VQl+2dabZkskVrX3CRdq QwrbFrti9YusqDw98z7p0andE6YLnN/wSA+9UJ5xDl05sMTwtpkC3eZMmuYq6yRY762u GhJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=SEU9AGan91Iskj36mDOT+0KddwNfLKVUT7acJyJ1F0s=; b=iz6SRJGwKMtR5HNjShsUlK9wdmYhNu/fifiJqHcNzxn3u/F1c/Z0kCtyWYrMHA+tLv g8yQhIQkMnsMPZzrFJGrWNwDkiwi1Szu3Z8v6dKjnE3NQ8aWAh1ui7hpuPuKkNqwSf3D zrzTrIImlX9+pY6MmgqQrLuP1I0APTWVaRI91nN74asWf3jNc9wuV7RC5I1urPOJwnR7 rEQ1mpisLvoOE/l8OqNH0GZ0jPWX064Uhpoi1bPWAa8Mr3BnHoPbJVmN5u3/zklFwxdI ai/uID7PXXoAgQbVij2wLnZn0UHqjNKvEoWhKfJNr7+ZOtfTvQxpaoJ18giS5l68W9R9 lDFA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a30si10727406pli.390.2017.07.31.02.04.50; Mon, 31 Jul 2017 02:04:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752011AbdGaJEs (ORCPT + 26 others); Mon, 31 Jul 2017 05:04:48 -0400 Received: from mout.kundenserver.de ([212.227.126.135]:53235 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751976AbdGaJEm (ORCPT ); Mon, 31 Jul 2017 05:04:42 -0400 Received: from wuerfel.lan ([78.43.238.10]) by mrelayeu.kundenserver.de (mreue001 [212.227.15.129]) with ESMTPA (Nemesis) id 0Ly6OT-1dfQag2UhZ-015Ywv; Mon, 31 Jul 2017 11:04:39 +0200 From: Arnd Bergmann To: Armin Schindler , Karsten Keil Cc: Arnd Bergmann , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] ISDN: eicon: fix array-bounds warning properly Date: Mon, 31 Jul 2017 11:04:29 +0200 Message-Id: <20170731090438.458392-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:VezLMC8cNAgTWinklFjUUicKpjeUL/BwCS0DuAMS6b3i1MQ7Bi3 VO9RviQxXo3np73NbZgXCm+jLETXHaOxI93BHM3ariv0ovK3RXkwlTN5IaMQBu5m2cSgAyC pi4KBzSHCt5uSfJWnFlZeR4wS4j/ip7zdSWdWJMoQ6KkAqMlWJHPsq1YZFJ1HDmaxyd42F8 66wY1m/wkkGVlRUI/hhlg== X-UI-Out-Filterresults: notjunk:1; V01:K0:DgsB8zAATjY=:lg3ZRrMfz8v39li4hNhMiI SwFFbnl+wfSGpX/RSkPIhXsmSS+hTECf0M32AG4VAnw0iQV/UiMIGQEa/svR9pUCvvtNFIKrw PagV0MBjnB3AB+6aY4f4Gu5XwM5LEGfIEokpyRFbKkcTex2SuVLlZlfA7W0IHDqrW7IKmfYPz Uqx1wPQf4EQhOMIxRK+ZUqewgwOU/onzHXHjGwGvlpIOL5TogcAqvZbSmJpx+w4voDkuzx2Jc xrGubw5OCoFQPVJNjIcBeh4O3oxHA2A4y4nIqGD+xGusI091roJ3Htp2PzAHjMBC42LOK2zfd nO7AlMBRsICrUxfWxeFeKdO3GXtizIX1L/70lgT33MmrfRA+p3azgey9CFxf415pl7JmiI8PF rHRNisMLK+O0gBxmUuuxc4cxBPLazvHEj++pWMXvgPTMghJO6LXGhxa4HWimauvxgq6h4g4Yd Sd7pOxS+0hyHpVGu9GTB2K+kFjRzMJvcpkjKiypNaud6INwSZldlGjdMi84fcbM7jcjZ27Awu GnonlItPn9loGlIPzLLcFLyD7H0IWCwSrAQ50J0fyNMPN6hCAdWkQJHcnvziI19o/c/Yx9Iur vNqi8QLMNXEb+hOTHUqsAjMr4+UMhNSqSDLyUK6MR7jgzF6DzrCPI8566V0h+7sdsTTlhuipq rp/35re1hSa5XglovtsQ6rfiT03zNickuz5cGJZsjwJIATLtnjkrDYyVQ647o5wxAhBfwjsQX p+imdaVVAqWJZbfOvN58e80joMOXSJMlQm5IyA== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I patched a variant of this warning before, but now saw it come back in a different configuration with gcc-7 and UBSAN: drivers/isdn/hardware/eicon/message.c: In function 'mixer_notify_update': drivers/isdn/hardware/eicon/message.c:11162:54: error: array subscript is above array bounds [-Werror=array-bounds] ((CAPI_MSG *) msg)->info.facility_req.structs[1] = LI_REQ_SILENT_UPDATE & 0xff; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/isdn/hardware/eicon/message.c:11163:54: error: array subscript is above array bounds [-Werror=array-bounds] ((CAPI_MSG *) msg)->info.facility_req.structs[2] = LI_REQ_SILENT_UPDATE >> 8; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/isdn/hardware/eicon/message.c:11164:54: error: array subscript is above array bounds [-Werror=array-bounds] ((CAPI_MSG *) msg)->info.facility_req.structs[3] = 0; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~ I spent a long time narrowing down what caused this, as I suspected yet another false-positive warning in gcc. However, this time it turned out to be an ancient kernel bug, which probably prevented this from ever working on 64-bit machines, causing a stack buffer overflow as indicated by the warning originally. The problem is that having a 64-bit pointer inside of the CAPI_MSG->info union leads to the start of the union to become 64-bit aligned by adding four padding bytes. The structure is however aliased to a fixed-length array on the stack in mixer_notify_update(), and later copied directly to the hardware, so both go wrong. This just removes the fields that were apparently added in a misguided attempt to make the driver work on 64-bit machines but never actually used. Fixes: 950eabbd6dde ("ISDN: eicon: silence misleading array-bounds warning") Signed-off-by: Arnd Bergmann --- drivers/isdn/hardware/eicon/capi20.h | 18 ------------------ 1 file changed, 18 deletions(-) -- 2.9.0 diff --git a/drivers/isdn/hardware/eicon/capi20.h b/drivers/isdn/hardware/eicon/capi20.h index 391e4175b0b5..7b97cd576485 100644 --- a/drivers/isdn/hardware/eicon/capi20.h +++ b/drivers/isdn/hardware/eicon/capi20.h @@ -301,14 +301,6 @@ typedef struct { word Number; word Flags; } _DAT_B3_REQP; -/* DATA-B3-REQUEST 64 BIT Systems */ -typedef struct { - dword Data; - word Data_Length; - word Number; - word Flags; - void *pData; -} _DAT_B3_REQ64P; /* DATA-B3-CONFIRM */ typedef struct { word Number; @@ -321,14 +313,6 @@ typedef struct { word Number; word Flags; } _DAT_B3_INDP; -/* DATA-B3-INDICATION 64 BIT Systems */ -typedef struct { - dword Data; - word Data_Length; - word Number; - word Flags; - void *pData; -} _DAT_B3_IND64P; /* DATA-B3-RESPONSE */ typedef struct { word Number; @@ -409,10 +393,8 @@ struct _API_MSG { _DIS_B3_INDP disconnect_b3_ind; _DIS_B3_RESP disconnect_b3_res; _DAT_B3_REQP data_b3_req; - _DAT_B3_REQ64P data_b3_req64; _DAT_B3_CONP data_b3_con; _DAT_B3_INDP data_b3_ind; - _DAT_B3_IND64P data_b3_ind64; _DAT_B3_RESP data_b3_res; _RES_B3_REQP reset_b3_req; _RES_B3_CONP reset_b3_con;