From patchwork Mon Mar 22 16:02:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 406456 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8DF72C433EA for ; Mon, 22 Mar 2021 16:03:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5B1A0619C4 for ; Mon, 22 Mar 2021 16:03:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231721AbhCVQDj (ORCPT ); Mon, 22 Mar 2021 12:03:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:51740 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231684AbhCVQDV (ORCPT ); Mon, 22 Mar 2021 12:03:21 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C5EBC61992; Mon, 22 Mar 2021 16:03:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1616429000; bh=3vH1tW/3dz/29rKeu66QIybhctPu7u2aaTt+yHw+ixQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VRbsfgY+z8kWvWs+txugnu/XzSTF1os4UBObTbMaVvuShG2tPdw5ChRNTsdoitI1c Os5gXEmTV19Hh0dH4sglqm/fSEpSE1o+cdD5mtmVZ292EJ017mpHo8q2zl1C63RDvy 9IP52tHZwWSskub+gnvqqJxnuA90avLg12n2yst/hTpywQNyH7pGS5SlpLOCg1l1zv SC2S1tGwIlfSqI7YXPTsk7il0mAFtLumFo7AO2H+payHYwT3xe1jEFpNJbjQ5KEMrV fL6MEJv6J7008Lwon/8167XZUtB/IGdDaiFW7a3KldjWew3Xisi5j0MtsrpiR6liOq jy3MXhpKCZK+w== From: Arnd Bergmann To: linux-kernel@vger.kernel.org, Martin Sebor , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org Cc: Arnd Bergmann , Ning Sun , Jani Nikula , Kalle Valo , Simon Kelley , James Smart , "James E.J. Bottomley" , Anders Larsen , Tejun Heo , Serge Hallyn , Imre Deak , linux-arm-kernel@lists.infradead.org, tboot-devel@lists.sourceforge.net, intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-scsi@vger.kernel.org, cgroups@vger.kernel.org, linux-security-module@vger.kernel.org, "H. Peter Anvin" , Kees Cook Subject: [PATCH 01/11] x86: compressed: avoid gcc-11 -Wstringop-overread warning Date: Mon, 22 Mar 2021 17:02:39 +0100 Message-Id: <20210322160253.4032422-2-arnd@kernel.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210322160253.4032422-1-arnd@kernel.org> References: <20210322160253.4032422-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Arnd Bergmann gcc gets confused by the comparison of a pointer to an integer listeral, with the assumption that this is an offset from a NULL pointer and that dereferencing it is invalid: In file included from arch/x86/boot/compressed/misc.c:18: In function ‘parse_elf’, inlined from ‘extract_kernel’ at arch/x86/boot/compressed/misc.c:442:2: arch/x86/boot/compressed/../string.h:15:23: error: ‘__builtin_memcpy’ reading 64 bytes from a region of size 0 [-Werror=stringop-overread] 15 | #define memcpy(d,s,l) __builtin_memcpy(d,s,l) | ^~~~~~~~~~~~~~~~~~~~~~~ arch/x86/boot/compressed/misc.c:283:9: note: in expansion of macro ‘memcpy’ 283 | memcpy(&ehdr, output, sizeof(ehdr)); | ^~~~~~ I could not find any good workaround for this, but as this is only a warning for a failure during early boot, removing the line entirely works around the warning. This should probably get addressed in gcc instead, before 11.1 gets released. Signed-off-by: Arnd Bergmann --- arch/x86/boot/compressed/misc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index 3a214cc3239f..9ada64e66cb7 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -430,8 +430,6 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE - if ((unsigned long)output != LOAD_PHYSICAL_ADDR) - error("Destination address does not match LOAD_PHYSICAL_ADDR"); if (virt_addr != LOAD_PHYSICAL_ADDR) error("Destination virtual address changed when not relocatable"); #endif From patchwork Mon Mar 22 16:02:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 406451 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D9AEC433E2 for ; Mon, 22 Mar 2021 16:08:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 01867619BD for ; Mon, 22 Mar 2021 16:08:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231764AbhCVQEE (ORCPT ); Mon, 22 Mar 2021 12:04:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:52134 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231759AbhCVQD4 (ORCPT ); Mon, 22 Mar 2021 12:03:56 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4428761998; Mon, 22 Mar 2021 16:03:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1616429036; bh=yFqEt0Vza9xx1ZEH6vpmadF/s9WD+9cr+PvfYFx1jTs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DnY2VvcIHWNR00CmYsS8o9sdpXW8IfqlUTn3pfDogyHxX/SIITlr8SG6GxkT3eSRZ a7K8jLXsPna4Mm190+MpWcuBICb/n+i193Sgx5UJVnr/NQaks4zNGBOOkdJN7kk+Zx IrtL2gHR1/fBjD9NvgLiYwkQqQ/EKWhfodExGrNMHcxDZouSH1dybJZC/EbBnOcXm9 XQLG8dt1bjMaDOofLpAx013Fhy9k111G7DuVnc/32l3avRksgUDzsBf0x12znYeUYk RAdBhG+/y/EhxEsBwjpyhm77vbHfFV6Wbj7ETM5qbIRB/4/X2e34tKnfe8hgDnqlGY gToo1OwJ8lpqg== From: Arnd Bergmann To: linux-kernel@vger.kernel.org, Martin Sebor , Serge Hallyn , James Morris Cc: Arnd Bergmann , x86@kernel.org, Ning Sun , Jani Nikula , Kalle Valo , Simon Kelley , James Smart , "James E.J. Bottomley" , Anders Larsen , Tejun Heo , Imre Deak , linux-arm-kernel@lists.infradead.org, tboot-devel@lists.sourceforge.net, intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-scsi@vger.kernel.org, cgroups@vger.kernel.org, linux-security-module@vger.kernel.org, "Eric W. Biederman" , Christian Brauner , Kees Cook , Miklos Szeredi , Tycho Andersen Subject: [PATCH 03/11] security: commoncap: fix -Wstringop-overread warning Date: Mon, 22 Mar 2021 17:02:41 +0100 Message-Id: <20210322160253.4032422-4-arnd@kernel.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210322160253.4032422-1-arnd@kernel.org> References: <20210322160253.4032422-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Arnd Bergmann gcc-11 introdces a harmless warning for cap_inode_getsecurity: security/commoncap.c: In function ‘cap_inode_getsecurity’: security/commoncap.c:440:33: error: ‘memcpy’ reading 16 bytes from a region of size 0 [-Werror=stringop-overread] 440 | memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The problem here is that tmpbuf is initialized to NULL, so gcc assumes it is not accessible unless it gets set by vfs_getxattr_alloc(). This is a legitimate warning as far as I can tell, but the code is correct since it correctly handles the error when that function fails. Add a separate NULL check to tell gcc about it as well. Signed-off-by: Arnd Bergmann --- security/commoncap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/commoncap.c b/security/commoncap.c index 28f4d25480df..9a36ed6dd737 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -400,7 +400,7 @@ int cap_inode_getsecurity(struct user_namespace *mnt_userns, &tmpbuf, size, GFP_NOFS); dput(dentry); - if (ret < 0) + if (ret < 0 || !tmpbuf) return ret; fs_ns = inode->i_sb->s_user_ns; From patchwork Mon Mar 22 16:02:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 406455 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53F7BC433E3 for ; Mon, 22 Mar 2021 16:05:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 28DD2619BA for ; Mon, 22 Mar 2021 16:05:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231840AbhCVQFF (ORCPT ); Mon, 22 Mar 2021 12:05:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:52488 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231818AbhCVQE0 (ORCPT ); Mon, 22 Mar 2021 12:04:26 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D63E5619A4; Mon, 22 Mar 2021 16:04:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1616429066; bh=nkpO3F9iV2LP9C5b1X1yN1ZVysmYmotRTLuBUWIaptM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MU4IL9JNNK+J8U+vvpLpwovR+/suU+W9R4RhhhMaub4p/qt1HSm7/5H/LxJjfRA1v f+dccndcC0t+6DndIOBCJbVJvgtAFbUO/Xj+Ad4PAK3HRVGVN0VmdJVzwNG2nWP60W yoMi7GzhcMMul2Me0RQEOrAkh9+ikItIp0T7LrmMn4UxhxHfYhCqAAaad++VD478Ly WRurbxWp7EoqaQbB5aDSFB4iZyCpOkFivtOdus8BKdINgwMELaIsTcoM1dTXGsBCvO NUlZI47cRIaTlBnQpp36y5LIoHJRasVTH3KqfKgtuhF/A3Vph299qnut15q3EDnfE2 ATElHLu2Uchbw== From: Arnd Bergmann To: linux-kernel@vger.kernel.org, Martin Sebor , Anders Larsen Cc: Arnd Bergmann , x86@kernel.org, Ning Sun , Jani Nikula , Kalle Valo , Simon Kelley , James Smart , "James E.J. Bottomley" , Tejun Heo , Serge Hallyn , Imre Deak , linux-arm-kernel@lists.infradead.org, tboot-devel@lists.sourceforge.net, intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-scsi@vger.kernel.org, cgroups@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH 05/11] qnx: avoid -Wstringop-overread warning Date: Mon, 22 Mar 2021 17:02:43 +0100 Message-Id: <20210322160253.4032422-6-arnd@kernel.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210322160253.4032422-1-arnd@kernel.org> References: <20210322160253.4032422-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Arnd Bergmann gcc-11 warns that the size of the link name is longer than the di_fname field: fs/qnx4/dir.c: In function ‘qnx4_readdir’: fs/qnx4/dir.c:51:32: error: ‘strnlen’ specified bound 48 exceeds source size 16 [-Werror=stringop-overread] 51 | size = strnlen(de->di_fname, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from fs/qnx4/qnx4.h:3, from fs/qnx4/dir.c:16: include/uapi/linux/qnx4_fs.h:45:25: note: source object declared here 45 | char di_fname[QNX4_SHORT_NAME_MAX]; The problem here is that we access the same pointer using two different structure layouts, but gcc determines the object size based on whatever it encounters first. Change the strnlen to use the correct field size in each case, and change the first access to be on the longer field. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578 Signed-off-by: Arnd Bergmann --- fs/qnx4/dir.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/fs/qnx4/dir.c b/fs/qnx4/dir.c index a6ee23aadd28..68046450e543 100644 --- a/fs/qnx4/dir.c +++ b/fs/qnx4/dir.c @@ -39,21 +39,20 @@ static int qnx4_readdir(struct file *file, struct dir_context *ctx) ix = (ctx->pos >> QNX4_DIR_ENTRY_SIZE_BITS) % QNX4_INODES_PER_BLOCK; for (; ix < QNX4_INODES_PER_BLOCK; ix++, ctx->pos += QNX4_DIR_ENTRY_SIZE) { offset = ix * QNX4_DIR_ENTRY_SIZE; - de = (struct qnx4_inode_entry *) (bh->b_data + offset); - if (!de->di_fname[0]) + le = (struct qnx4_link_info *)(bh->b_data + offset); + de = (struct qnx4_inode_entry *)(bh->b_data + offset); + if (!le->dl_fname[0]) continue; if (!(de->di_status & (QNX4_FILE_USED|QNX4_FILE_LINK))) continue; if (!(de->di_status & QNX4_FILE_LINK)) - size = QNX4_SHORT_NAME_MAX; + size = strnlen(de->di_fname, sizeof(de->di_fname)); else - size = QNX4_NAME_MAX; - size = strnlen(de->di_fname, size); + size = strnlen(le->dl_fname, sizeof(le->dl_fname)); QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, de->di_fname)); if (!(de->di_status & QNX4_FILE_LINK)) ino = blknum * QNX4_INODES_PER_BLOCK + ix - 1; else { - le = (struct qnx4_link_info*)de; ino = ( le32_to_cpu(le->dl_inode_blk) - 1 ) * QNX4_INODES_PER_BLOCK + le->dl_inode_ndx; From patchwork Mon Mar 22 16:02:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 406454 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66449C433EC for ; Mon, 22 Mar 2021 16:05:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 27D3C619B4 for ; Mon, 22 Mar 2021 16:05:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230159AbhCVQFG (ORCPT ); Mon, 22 Mar 2021 12:05:06 -0400 Received: from mail.kernel.org ([198.145.29.99]:52588 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231455AbhCVQEi (ORCPT ); Mon, 22 Mar 2021 12:04:38 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id DD9F06199F; Mon, 22 Mar 2021 16:04:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1616429077; bh=yAy/I3E6cDxsmlVnV0YJAH5ZEQIRtNmu4zak4TbdMtM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UB5shkw7Yd4R5EAaTaJbKCgGMQHdzM6i80uoGxhNLAKr58/Z+hb/X02iDZFbFM5q7 ohBr0mnuKE2zD2dZIPp5mGV/8upXxQjJIfPGJp9PdMs6uae5VNAC7zYBRMfKWnHX2T dVcWKQocYTTmbDcT2P/QpYMSgUNzpEBC5mOFpZCLPDNYvMuLPWfLzgAFpKC9vWx2UV WcW6Gm/cjDbzo+bVOJsKrlf8DWJ6XKsV5KO6yCyvx8yAazXnd03HJIpEKsAL1WBIyL rctKK7FEjfv0XP7F/8O3bxyOq6H75TM+jdZPPW1bjsoXOWVbf0YQRUVNLoyOj2UQzP uTGmECN+tjDoA== From: Arnd Bergmann To: linux-kernel@vger.kernel.org, Martin Sebor , Tejun Heo , Zefan Li , Johannes Weiner Cc: Arnd Bergmann , x86@kernel.org, Ning Sun , Jani Nikula , Kalle Valo , Simon Kelley , James Smart , "James E.J. Bottomley" , Anders Larsen , Serge Hallyn , Imre Deak , linux-arm-kernel@lists.infradead.org, tboot-devel@lists.sourceforge.net, intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-scsi@vger.kernel.org, cgroups@vger.kernel.org, linux-security-module@vger.kernel.org, Roman Gushchin , Christian Brauner , Alexei Starovoitov , Andrii Nakryiko , Odin Ugedal , Cong Wang , =?utf-8?q?Michal_Koutn=C3=BD?= , Bhaskar Chowdhury Subject: [PATCH 06/11] cgroup: fix -Wzero-length-bounds warnings Date: Mon, 22 Mar 2021 17:02:44 +0100 Message-Id: <20210322160253.4032422-7-arnd@kernel.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210322160253.4032422-1-arnd@kernel.org> References: <20210322160253.4032422-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Arnd Bergmann When cgroups are enabled, but every single subsystem is turned off, CGROUP_SUBSYS_COUNT is zero, and the cgrp->subsys[] array has no members. gcc-11 points out that this leads to an invalid access in any function that might access this array: kernel/cgroup/cgroup.c: In function 'cgroup_addrm_files': kernel/cgroup/cgroup.c:460:58: warning: array subscript '' is outside the bounds of an interior zero-length array 'struct cgroup_subsys_state *[0]' [-Wzero-length-bounds] kernel/cgroup/cgroup.c:460:24: note: in expansion of macro 'rcu_dereference_check' 460 | return rcu_dereference_check(cgrp->subsys[ss->id], | ^~~~~~~~~~~~~~~~~~~~~ In file included from include/linux/cgroup.h:28, from kernel/cgroup/cgroup-internal.h:5, from kernel/cgroup/cgroup.c:31: include/linux/cgroup-defs.h:422:43: note: while referencing 'subsys' 422 | struct cgroup_subsys_state __rcu *subsys[CGROUP_SUBSYS_COUNT]; I'm not sure what is expected to happen for such a configuration, presumably these functions are never calls in that case. Adding a sanity check in each function we get the warning for manages to shut up the warnings and do nothing instead. Signed-off-by: Arnd Bergmann Reviewed-by: Michal Koutný --- I'm grouping this together with the -Wstringop-overread warnings, since the underlying logic in gcc seems to be the same. --- kernel/cgroup/cgroup.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 9153b20e5cc6..3477f1dc7872 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -456,7 +456,7 @@ static u16 cgroup_ss_mask(struct cgroup *cgrp) static struct cgroup_subsys_state *cgroup_css(struct cgroup *cgrp, struct cgroup_subsys *ss) { - if (ss) + if (ss && (CGROUP_SUBSYS_COUNT > 0)) return rcu_dereference_check(cgrp->subsys[ss->id], lockdep_is_held(&cgroup_mutex)); else @@ -534,6 +534,9 @@ struct cgroup_subsys_state *cgroup_e_css(struct cgroup *cgrp, { struct cgroup_subsys_state *css; + if (CGROUP_SUBSYS_COUNT == 0) + return NULL; + do { css = cgroup_css(cgrp, ss); @@ -561,6 +564,9 @@ struct cgroup_subsys_state *cgroup_get_e_css(struct cgroup *cgrp, { struct cgroup_subsys_state *css; + if (CGROUP_SUBSYS_COUNT == 0) + return NULL; + rcu_read_lock(); do { @@ -630,7 +636,7 @@ struct cgroup_subsys_state *of_css(struct kernfs_open_file *of) * the matching css from the cgroup's subsys table is guaranteed to * be and stay valid until the enclosing operation is complete. */ - if (cft->ss) + if (cft->ss && CGROUP_SUBSYS_COUNT > 0) return rcu_dereference_raw(cgrp->subsys[cft->ss->id]); else return &cgrp->self; @@ -2343,6 +2349,9 @@ struct task_struct *cgroup_taskset_next(struct cgroup_taskset *tset, struct css_set *cset = tset->cur_cset; struct task_struct *task = tset->cur_task; + if (CGROUP_SUBSYS_COUNT == 0) + return NULL; + while (&cset->mg_node != tset->csets) { if (!task) task = list_first_entry(&cset->mg_tasks, @@ -4523,7 +4532,7 @@ void css_task_iter_start(struct cgroup_subsys_state *css, unsigned int flags, it->ss = css->ss; it->flags = flags; - if (it->ss) + if (it->ss && CGROUP_SUBSYS_COUNT > 0) it->cset_pos = &css->cgroup->e_csets[css->ss->id]; else it->cset_pos = &css->cgroup->cset_links; From patchwork Mon Mar 22 16:02:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 406452 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5471EC433EA for ; Mon, 22 Mar 2021 16:07:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 39F47619AB for ; Mon, 22 Mar 2021 16:07:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232004AbhCVQGo (ORCPT ); Mon, 22 Mar 2021 12:06:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:53076 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231894AbhCVQFT (ORCPT ); Mon, 22 Mar 2021 12:05:19 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 72908619A9; Mon, 22 Mar 2021 16:05:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1616429118; bh=EPe3bIidXGt1QSXUt8K/T9qB09rG8+BNJJvNG8YjWag=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=odvbczUMlcMOL6OYbdCtO6qt6RZm272nfTphlFLY6klU5CkTn017tx34pnASZGNCF IpTcV7nYkdiHmdTO4YSIbtaihkUG1yjP/yyOdl4AEWNcNqBp3RlBD18ZnYm597BmUn wbL0s1j6ZDhyXNOvtPSEo+IomEmxiiG2PhvFgAApDhn6IwYxk6QphMYP+c26QRueLZ RufWjyGVlIhAtQ1wf9LhLwHYQjNNIjPOnznUa3dYOSsg79XhSsMNd+utp3nEch/2kA G7BxSH7No+IViGt23UWj5mYSj83XwgoEag8qXDcmE/UvDP4IP5Eh1a52oCa4LWy515 1pAfWyFQAG1Kg== From: Arnd Bergmann To: linux-kernel@vger.kernel.org, Martin Sebor , James Smart , Dick Kennedy , "James E.J. Bottomley" , "Martin K. Petersen" Cc: Arnd Bergmann , x86@kernel.org, Ning Sun , Jani Nikula , Kalle Valo , Simon Kelley , Anders Larsen , Tejun Heo , Serge Hallyn , Imre Deak , linux-arm-kernel@lists.infradead.org, tboot-devel@lists.sourceforge.net, intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-scsi@vger.kernel.org, cgroups@vger.kernel.org, linux-security-module@vger.kernel.org, Hannes Reinecke , Lee Jones , Colin Ian King , Ye Bin Subject: [PATCH 09/11] scsi: lpfc: fix gcc -Wstringop-overread warning Date: Mon, 22 Mar 2021 17:02:47 +0100 Message-Id: <20210322160253.4032422-10-arnd@kernel.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210322160253.4032422-1-arnd@kernel.org> References: <20210322160253.4032422-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Arnd Bergmann gcc-11 warns about an strnlen with a length larger than the size of the passed buffer: drivers/scsi/lpfc/lpfc_attr.c: In function 'lpfc_nvme_info_show': drivers/scsi/lpfc/lpfc_attr.c:518:25: error: 'strnlen' specified bound 4095 exceeds source size 24 [-Werror=stringop-overread] 518 | strnlen(LPFC_NVME_INFO_MORE_STR, PAGE_SIZE - 1) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In this case, the code is entirely valid, as the string is properly terminated, and the size argument is only there out of extra caution in case it exceeds a page. This cannot really happen here, so just simplify it to a sizeof(). Fixes: afff0d2321ea ("scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE") Signed-off-by: Arnd Bergmann --- drivers/scsi/lpfc/lpfc_attr.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_attr.c b/drivers/scsi/lpfc/lpfc_attr.c index bdd9a29f4201..f6d886f9dfb3 100644 --- a/drivers/scsi/lpfc/lpfc_attr.c +++ b/drivers/scsi/lpfc/lpfc_attr.c @@ -512,11 +512,9 @@ lpfc_nvme_info_show(struct device *dev, struct device_attribute *attr, "6314 Catching potential buffer " "overflow > PAGE_SIZE = %lu bytes\n", PAGE_SIZE); - strlcpy(buf + PAGE_SIZE - 1 - - strnlen(LPFC_NVME_INFO_MORE_STR, PAGE_SIZE - 1), + strlcpy(buf + PAGE_SIZE - 1 - sizeof(LPFC_NVME_INFO_MORE_STR), LPFC_NVME_INFO_MORE_STR, - strnlen(LPFC_NVME_INFO_MORE_STR, PAGE_SIZE - 1) - + 1); + sizeof(LPFC_NVME_INFO_MORE_STR) + 1); } return len; From patchwork Mon Mar 22 16:02:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 406453 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADD57C433E0 for ; Mon, 22 Mar 2021 16:07:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 83E1F619B7 for ; Mon, 22 Mar 2021 16:07:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232034AbhCVQGr (ORCPT ); Mon, 22 Mar 2021 12:06:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:53560 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231776AbhCVQFq (ORCPT ); Mon, 22 Mar 2021 12:05:46 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 49D21619CF; Mon, 22 Mar 2021 16:05:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1616429143; bh=ppc9fZupOrjA6hpvzPGCige1HMZi82rKq0OzuPiwp30=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KfNQhB8I6TCilI9rWZIUvrD60VxxXK7zzzf2CzYQVcPCX4dTFC+5vrq57/HXue9eN 7bPBi+K09Uuo8FgLHJN5cLADDDnPtd+D6sEhJhO/VLvKBoLaRa1BESfKHtMpZuvnwh D3Vc4uZU9Dcg74j9eeiZa4qkcbeOz2ZvcezhMcicUmJ4FzCGExiFKR4ER32CvaOaWV akMTcdJNfGrFGH5JvGZ7qns0oNxpRTzGH0qZ76EqyoQfhjLJvxqyHurET1PBvf6svb dBMESSwDo3iJsmPDGBQ1mVtfw03/ahNqDciEznfWOfvZZJNzU8YYxi4I1doMFPdTRo oo8eGNoKcMUqQ== From: Arnd Bergmann To: linux-kernel@vger.kernel.org, Martin Sebor , Jani Nikula , Joonas Lahtinen , Rodrigo Vivi , David Airlie , Daniel Vetter Cc: Arnd Bergmann , x86@kernel.org, Ning Sun , Kalle Valo , Simon Kelley , James Smart , "James E.J. Bottomley" , Anders Larsen , Tejun Heo , Serge Hallyn , Imre Deak , linux-arm-kernel@lists.infradead.org, tboot-devel@lists.sourceforge.net, intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, ath11k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-scsi@vger.kernel.org, cgroups@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Ville_Syrj?= =?utf-8?b?w6Rsw6Q=?= , Manasi Navare , Uma Shankar , Ankit Nautiyal , Gwan-gyeong Mun , Animesh Manna , Sean Paul Subject: [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning Date: Mon, 22 Mar 2021 17:02:49 +0100 Message-Id: <20210322160253.4032422-12-arnd@kernel.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210322160253.4032422-1-arnd@kernel.org> References: <20210322160253.4032422-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Arnd Bergmann gcc-11 warns that intel_dp_check_mst_status() has a local array of fourteen bytes and passes the last four bytes into a function that expects a six-byte array: drivers/gpu/drm/i915/display/intel_dp.c: In function ‘intel_dp_check_mst_status’: drivers/gpu/drm/i915/display/intel_dp.c:4556:22: error: ‘drm_dp_channel_eq_ok’ reading 6 bytes from a region of size 4 [-Werror=stringop-overread] 4556 | !drm_dp_channel_eq_ok(&esi[10], intel_dp->lane_count)) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/i915/display/intel_dp.c:4556:22: note: referencing argument 1 of type ‘const u8 *’ {aka ‘const unsigned char *’} In file included from drivers/gpu/drm/i915/display/intel_dp.c:38: include/drm/drm_dp_helper.h:1459:6: note: in a call to function ‘drm_dp_channel_eq_ok’ 1459 | bool drm_dp_channel_eq_ok(const u8 link_status[DP_LINK_STATUS_SIZE], | ^~~~~~~~~~~~~~~~~~~~ Clearly something is wrong here, but I can't quite figure out what. Changing the array size to 16 bytes avoids the warning, but is probably the wrong solution here. Signed-off-by: Arnd Bergmann --- drivers/gpu/drm/i915/display/intel_dp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 8c12d5375607..830e2515f119 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -65,7 +65,7 @@ #include "intel_vdsc.h" #include "intel_vrr.h" -#define DP_DPRX_ESI_LEN 14 +#define DP_DPRX_ESI_LEN 16 /* DP DSC throughput values used for slice count calculations KPixels/s */ #define DP_DSC_PEAK_PIXEL_RATE 2720000