Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace 1-element arrays in drivers/scsi/bfa/bfa_fc.h #209

Closed
GustavoARSilva opened this issue Sep 23, 2022 · 1 comment
Closed

Replace 1-element arrays in drivers/scsi/bfa/bfa_fc.h #209

GustavoARSilva opened this issue Sep 23, 2022 · 1 comment
Assignees
@GustavoARSilva
Labels
1-element array arg in memcpy() [Idiom] fake flexible array [PATCH] Accepted A submitted patch has been accepted upstream [PATCH] Exists A patch exists to address the issue [Refactor] 1-element array Conversion away from one-element array

Comments

@GustavoARSilva
Copy link
Collaborator

GustavoARSilva commented Sep 23, 2022
edited
Loading

Replace one-element arrays with flexible-array members in drivers/scsi/bfa/bfa_fc.h:

1545 /*                                                
1546  * FDMI attribute      
1547  */                               
1548 struct fdmi_attr_s {                           
1549         __be16        type;                                    
1550         __be16        len;                                         
1551         u8         value[1];     
1552 };

Audit (at least) all these places where the flex arrays are being used:

diff -u -p ./drivers/scsi/bfa/bfa_fcs_lport.c /tmp/nothing/drivers/scsi/bfa/bfa_fcs_lport.c
--- ./drivers/scsi/bfa/bfa_fcs_lport.c
+++ /tmp/nothing/drivers/scsi/bfa/bfa_fcs_lport.c
@@ -1938,7 +1938,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_NODENAME);
        templen = sizeof(wwn_t);
-       memcpy(attr->value, &bfa_fcs_lport_get_nwwn(port), templen);
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
        count++;
@@ -1951,7 +1950,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_MANUFACTURER);
        templen = (u16) strlen(fcs_hba_attr->manufacturer);
-       memcpy(attr->value, fcs_hba_attr->manufacturer, templen);
        templen = fc_roundup(templen, sizeof(u32));
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
@@ -1965,7 +1963,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_SERIALNUM);
        templen = (u16) strlen(fcs_hba_attr->serial_num);
-       memcpy(attr->value, fcs_hba_attr->serial_num, templen);
        templen = fc_roundup(templen, sizeof(u32));
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
@@ -1979,7 +1976,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_MODEL);
        templen = (u16) strlen(fcs_hba_attr->model);
-       memcpy(attr->value, fcs_hba_attr->model, templen);
        templen = fc_roundup(templen, sizeof(u32));
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
@@ -1993,7 +1989,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_MODEL_DESC);
        templen = (u16) strlen(fcs_hba_attr->model_desc);
-       memcpy(attr->value, fcs_hba_attr->model_desc, templen);
        templen = fc_roundup(templen, sizeof(u32));
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
@@ -2008,7 +2003,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_HW_VERSION);
                templen = (u16) strlen(fcs_hba_attr->hw_version);
-               memcpy(attr->value, fcs_hba_attr->hw_version, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2023,7 +2017,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_DRIVER_VERSION);
        templen = (u16) strlen(fcs_hba_attr->driver_version);
-       memcpy(attr->value, fcs_hba_attr->driver_version, templen);
        templen = fc_roundup(templen, sizeof(u32));
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
@@ -2038,7 +2031,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_ROM_VERSION);
                templen = (u16) strlen(fcs_hba_attr->option_rom_ver);
-               memcpy(attr->value, fcs_hba_attr->option_rom_ver, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2050,7 +2042,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_FW_VERSION);
        templen = (u16) strlen(fcs_hba_attr->fw_version);
-       memcpy(attr->value, fcs_hba_attr->fw_version, templen);
        templen = fc_roundup(templen, sizeof(u32));
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
@@ -2065,7 +2056,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_OS_NAME);
                templen = (u16) strlen(fcs_hba_attr->os_name);
-               memcpy(attr->value, fcs_hba_attr->os_name, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2080,7 +2070,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_MAX_CT);
        templen = sizeof(fcs_hba_attr->max_ct_pyld);
-       memcpy(attr->value, &fcs_hba_attr->max_ct_pyld, templen);
        templen = fc_roundup(templen, sizeof(u32));
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
@@ -2094,7 +2083,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_NODE_SYM_NAME);
                templen = sizeof(fcs_hba_attr->node_sym_name);
-               memcpy(attr->value, &fcs_hba_attr->node_sym_name, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2105,7 +2093,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_VENDOR_ID);
                templen = sizeof(fcs_hba_attr->vendor_info);
-               memcpy(attr->value, &fcs_hba_attr->vendor_info, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2116,7 +2103,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_NUM_PORTS);
                templen = sizeof(fcs_hba_attr->num_ports);
-               memcpy(attr->value, &fcs_hba_attr->num_ports, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2127,7 +2113,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_FABRIC_NAME);
                templen = sizeof(fcs_hba_attr->fabric_name);
-               memcpy(attr->value, &fcs_hba_attr->fabric_name, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2138,7 +2123,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_BIOS_VER);
                templen = sizeof(fcs_hba_attr->bios_ver);
-               memcpy(attr->value, &fcs_hba_attr->bios_ver, templen);
                templen = fc_roundup(attr->len, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2270,7 +2254,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_FC4_TYPES);
        templen = sizeof(fcs_port_attr.supp_fc4_types);
-       memcpy(attr->value, fcs_port_attr.supp_fc4_types, templen);
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
        ++count;
@@ -2284,7 +2267,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_SUPP_SPEED);
        templen = sizeof(fcs_port_attr.supp_speed);
-       memcpy(attr->value, &fcs_port_attr.supp_speed, templen);
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
        ++count;
@@ -2298,7 +2280,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_SPEED);
        templen = sizeof(fcs_port_attr.curr_speed);
-       memcpy(attr->value, &fcs_port_attr.curr_speed, templen);
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
        ++count;
@@ -2311,7 +2292,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
        attr = (struct fdmi_attr_s *) curr_ptr;
        attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_FRAME_SIZE);
        templen = sizeof(fcs_port_attr.max_frm_size);
-       memcpy(attr->value, &fcs_port_attr.max_frm_size, templen);
        curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
        len += templen;
        ++count;
@@ -2325,7 +2305,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_DEV_NAME);
                templen = (u16) strlen(fcs_port_attr.os_device_name);
-               memcpy(attr->value, fcs_port_attr.os_device_name, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2340,7 +2319,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_HOST_NAME);
                templen = (u16) strlen(fcs_port_attr.host_name);
-               memcpy(attr->value, fcs_port_attr.host_name, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2353,7 +2331,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_NODE_NAME);
                templen = sizeof(fcs_port_attr.node_name);
-               memcpy(attr->value, &fcs_port_attr.node_name, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2364,7 +2341,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_NAME);
                templen = sizeof(fcs_port_attr.port_name);
-               memcpy(attr->value, &fcs_port_attr.port_name, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(attr->len) + templen;
                len += templen;
@@ -2377,7 +2353,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                        attr->type =
                                cpu_to_be16(FDMI_PORT_ATTRIB_PORT_SYM_NAME);
                        templen = sizeof(fcs_port_attr.port_sym_name);
-                       memcpy(attr->value,
                                &fcs_port_attr.port_sym_name, templen);
                        templen = fc_roundup(templen, sizeof(u32));
                        curr_ptr += sizeof(attr->type) +
@@ -2391,7 +2366,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_TYPE);
                templen = sizeof(fcs_port_attr.port_type);
-               memcpy(attr->value, &fcs_port_attr.port_type, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2402,7 +2376,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_SUPP_COS);
                templen = sizeof(fcs_port_attr.scos);
-               memcpy(attr->value, &fcs_port_attr.scos, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2413,7 +2386,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_FAB_NAME);
                templen = sizeof(fcs_port_attr.port_fabric_name);
-               memcpy(attr->value, &fcs_port_attr.port_fabric_name, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2424,7 +2396,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_FC4_TYPE);
                templen = sizeof(fcs_port_attr.port_act_fc4_type);
-               memcpy(attr->value, fcs_port_attr.port_act_fc4_type,
                                templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
@@ -2436,7 +2407,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_STATE);
                templen = sizeof(fcs_port_attr.port_state);
-               memcpy(attr->value, &fcs_port_attr.port_state, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@@ -2447,7 +2417,6 @@ bfa_fcs_lport_fdmi_build_portattr_block(
                attr = (struct fdmi_attr_s *) curr_ptr;
                attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_NUM_RPRT);
                templen = sizeof(fcs_port_attr.num_ports);
-               memcpy(attr->value, &fcs_port_attr.num_ports, templen);
                templen = fc_roundup(templen, sizeof(u32));
                curr_ptr += sizeof(attr->type) + sizeof(templen) + templen;
                len += templen;
@GustavoARSilva GustavoARSilva self-assigned this Sep 23, 2022
@GustavoARSilva GustavoARSilva added 1-element array arg in memcpy() [PATCH] Exists A patch exists to address the issue labels Nov 15, 2022
intel-lab-lkp pushed a commit to intel-lab-lkp/linux that referenced this issue Nov 15, 2022
@GustavoARSilva @intel-lab-lkp
scsi: bfa: Replace one-element array with flexible-array member
8e88c3f 
One-element arrays are deprecated, and we are replacing them with flexible
array members instead. So, replace one-element array with flexible-array
member in struct fdmi_attr_s.

Important to mention is that doing a build before/after this patch results
in no binary output differences.

This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines
on memcpy() and help us make progress towards globally enabling
-fstrict-flex-arrays=3 [1].

Link: KSPP#209
Link: KSPP#79
Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
@GustavoARSilva
Copy link
Collaborator Author

https://lore.kernel.org/linux-hardening/Y3P1rEEBq7HzJygq@work/

roxell pushed a commit to roxell/linux that referenced this issue Nov 18, 2022
@GustavoARSilva @martinkpetersen
scsi: bfa: Replace one-element array with flexible-array member
c4c5fa3 
One-element arrays are deprecated, and we are replacing them with flexible
array members instead. So, replace one-element array with flexible-array
member in struct fdmi_attr_s.

Important to mention is that doing a build before/after this patch results
in no binary output differences.

This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines
on memcpy() and help us make progress towards globally enabling
-fstrict-flex-arrays=3 [1].

Link: KSPP#209
Link: KSPP#79
Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/Y3P1rEEBq7HzJygq@work
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
@GustavoARSilva GustavoARSilva added the [PATCH] Accepted A submitted patch has been accepted upstream label Feb 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GustavoARSilva GustavoARSilva

Labels
1-element array arg in memcpy() [Idiom] fake flexible array [PATCH] Accepted A submitted patch has been accepted upstream [PATCH] Exists A patch exists to address the issue [Refactor] 1-element array Conversion away from one-element array
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GustavoARSilva