Instead of doing a cast to storage that is too small, add a union for
the high 64 bits. Silences the warnings under -Warray-bounds:
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_send_messages':
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1934:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds]
1934 | crq->valid = VALID_CMD_RESP_EL;
| ^~
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi'
1875 | u64 msg_hi = 0;
| ^~~~~~
There is no change to the resulting binary instructions.
Reported-by: Stephen Rothwell <[email protected]>
Link: https://lore.kernel.org/lkml/[email protected]
Cc: Michael Cyr <[email protected]>
Cc: "James E.J. Bottomley" <[email protected]>
Cc: "Martin K. Petersen" <[email protected]>
Cc: Tyrel Datwyler <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Kees Cook <[email protected]>
---
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 9 +++------
include/scsi/viosrp.h | 17 +++++++++++------
2 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
index 61f06f6885a5..80238e6a3c98 100644
--- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
+++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
@@ -1872,11 +1872,8 @@ static void srp_snd_msg_failed(struct scsi_info *vscsi, long rc)
*/
static void ibmvscsis_send_messages(struct scsi_info *vscsi)
{
- u64 msg_hi = 0;
- /* note do not attempt to access the IU_data_ptr with this pointer
- * it is not valid
- */
- struct viosrp_crq *crq = (struct viosrp_crq *)&msg_hi;
+ struct viosrp_crq empty_crq = { };
+ struct viosrp_crq *crq = &empty_crq;
struct ibmvscsis_cmd *cmd, *nxt;
long rc = ADAPT_SUCCESS;
bool retry = false;
@@ -1940,7 +1937,7 @@ static void ibmvscsis_send_messages(struct scsi_info *vscsi)
crq->IU_length = cpu_to_be16(cmd->rsp.len);
rc = h_send_crq(vscsi->dma_dev->unit_address,
- be64_to_cpu(msg_hi),
+ be64_to_cpu(crq->high),
be64_to_cpu(cmd->rsp.tag));
dev_dbg(&vscsi->dev, "send_messages: cmd %p, tag 0x%llx, rc %ld\n",
diff --git a/include/scsi/viosrp.h b/include/scsi/viosrp.h
index c978133c83e3..6c5559d2b285 100644
--- a/include/scsi/viosrp.h
+++ b/include/scsi/viosrp.h
@@ -70,12 +70,17 @@ enum viosrp_crq_status {
};
struct viosrp_crq {
- u8 valid; /* used by RPA */
- u8 format; /* SCSI vs out-of-band */
- u8 reserved;
- u8 status; /* non-scsi failure? (e.g. DMA failure) */
- __be16 timeout; /* in seconds */
- __be16 IU_length; /* in bytes */
+ union {
+ __be64 high; /* High 64 bits */
+ struct {
+ u8 valid; /* used by RPA */
+ u8 format; /* SCSI vs out-of-band */
+ u8 reserved;
+ u8 status; /* non-scsi failure? (e.g. DMA failure) */
+ __be16 timeout; /* in seconds */
+ __be16 IU_length; /* in bytes */
+ };
+ };
__be64 IU_data_ptr; /* the TCE for transferring data */
};
--
2.30.2
On 2/7/22 10:12 PM, Kees Cook wrote:
> Instead of doing a cast to storage that is too small, add a union for
> the high 64 bits. Silences the warnings under -Warray-bounds:
>
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_send_messages':
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1934:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds]
> 1934 | crq->valid = VALID_CMD_RESP_EL;
> | ^~
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi'
> 1875 | u64 msg_hi = 0;
> | ^~~~~~
>
> There is no change to the resulting binary instructions.
>
> Reported-by: Stephen Rothwell <[email protected]>
> Link: https://lore.kernel.org/lkml/[email protected]
> Cc: Michael Cyr <[email protected]>
> Cc: "James E.J. Bottomley" <[email protected]>
> Cc: "Martin K. Petersen" <[email protected]>
> Cc: Tyrel Datwyler <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Signed-off-by: Kees Cook <[email protected]>
> ---
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 9 +++------
Reviewed-by: Tyrel Datwyler <[email protected]>
Kees,
> Instead of doing a cast to storage that is too small, add a union for
> the high 64 bits. Silences the warnings under -Warray-bounds:
Applied to 5.18/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
On Mon, 7 Feb 2022 22:12:31 -0800, Kees Cook wrote:
> Instead of doing a cast to storage that is too small, add a union for
> the high 64 bits. Silences the warnings under -Warray-bounds:
>
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_send_messages':
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1934:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds]
> 1934 | crq->valid = VALID_CMD_RESP_EL;
> | ^~
> drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi'
> 1875 | u64 msg_hi = 0;
> | ^~~~~~
>
> [...]
Applied to 5.18/scsi-queue, thanks!
[1/1] scsi: ibmvscsis: Silence -Warray-bounds warning
https://git.kernel.org/mkp/scsi/c/03e4383c7ce3
--
Martin K. Petersen Oracle Linux Engineering