Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4642921ybl; Wed, 22 Jan 2020 01:54:30 -0800 (PST) X-Google-Smtp-Source: APXvYqy4tL78vGCnRoxrnAlZunvOEqcextF7TwN8TQKzGbCSNZVBZsuHlSP6fnml1SXsUvlZCj+t X-Received: by 2002:a9d:6398:: with SMTP id w24mr6657172otk.15.1579686870568; Wed, 22 Jan 2020 01:54:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579686870; cv=none; d=google.com; s=arc-20160816; b=elF7dmr0RHeWrfaoZ0latR/IGXzOA/cFTn3zT4k+ht5QyRlVUanzVbehOBuvxUM9y1 hiSlKTGKAKbf7hSvAJFo1wVTS51FWtBFlCpq2qYjjUBDGLe0opX0zCC9LRGnv54+6dCW Lssl9HhSDu2VEDOWvDXqMZ0G13nifdQQDFCnb9TZmcCYevgMGaCYxgXenDyD0YcCyy2M cSIG0dUjzx8i+mXYrse2OmmbFGlqc1Wor1vlRPNbkgl0yUKyIaIpvcWeh9YGPmm4WQ6E Sl3yBzSofdgHUrEY9NkSwEnx0nGzOAMLz0QTYjdy5uiONqEgcYSjWNOZ13s18lnudcMD gtQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=meQ/w/UmMuuxORpRWdeYQRfXF8sAhcCJiVON4rLYvt8=; b=H9aY8jYjqJHch/fpQaeYnXdrSwRyyCVRMwaSwWjv0tXqXQLzQBujSPaHlsupc4p8Cn smrGRXVl6SHmD9Jos16UbPzTadHH2s1O94S1VX9GX4l2o1Lc0XBhZHjnspxr0E1f7dPu V+llqA3TuWdvQxbnMmegEmVEOGtnSxl7U/wlKpMbutGIMWiCAsGlwFXCNnfpISs3zwsh l/0SEUftpHJpIsONaZyArSH2iUOj2fxnYwI0LrpJO5KkVe6B1FlfboOrc0ro9coUI+Mp iKck5HVwc3AWka9Rp48gLKmFdCL3yb4RG5HcjxEtUCRQWGQZXQV/P7Y9HrIObQjpE0m4 upHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pu2zCkQP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p5si22552574oto.116.2020.01.22.01.54.19; Wed, 22 Jan 2020 01:54:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pu2zCkQP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729334AbgAVJwe (ORCPT + 99 others); Wed, 22 Jan 2020 04:52:34 -0500 Received: from mail.kernel.org ([198.145.29.99]:51756 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731698AbgAVJgS (ORCPT ); Wed, 22 Jan 2020 04:36:18 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F06A024673; Wed, 22 Jan 2020 09:36:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579685777; bh=oF1Vd0LhvbDGRClAC3BFqvWOM1Wrvqh27WydgE6GlvU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pu2zCkQPxoFJknbOV6v32SX19NzvGl586ATwdzWY2orTEftU65Kt048V7sIo4CuHN AvJrVCgeLHwJhw66p4f9Tis/NELXnGSPwf1ybxeCSTU7SOY/TX5ImE/k342qFUAqJB N1TpwZM3mSJ5xV94rIw5rD/O1V0EI6O1u2nzAP+s= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Arnd Bergmann , "Martin K. Petersen" , Sasha Levin Subject: [PATCH 4.9 75/97] scsi: fnic: fix invalid stack access Date: Wed, 22 Jan 2020 10:29:19 +0100 Message-Id: <20200122092808.403724759@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200122092755.678349497@linuxfoundation.org> References: <20200122092755.678349497@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Arnd Bergmann [ Upstream commit 42ec15ceaea74b5f7a621fc6686cbf69ca66c4cf ] gcc -O3 warns that some local variables are not properly initialized: drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_hang_notify': drivers/scsi/fnic/vnic_dev.c:511:16: error: 'a0' is used uninitialized in this function [-Werror=uninitialized] vdev->args[0] = *a0; ~~~~~~~~~~~~~~^~~~~ drivers/scsi/fnic/vnic_dev.c:691:6: note: 'a0' was declared here u64 a0, a1; ^~ drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized] vdev->args[1] = *a1; ~~~~~~~~~~~~~~^~~~~ drivers/scsi/fnic/vnic_dev.c:691:10: note: 'a1' was declared here u64 a0, a1; ^~ drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_mac_addr': drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized] vdev->args[1] = *a1; ~~~~~~~~~~~~~~^~~~~ drivers/scsi/fnic/vnic_dev.c:698:10: note: 'a1' was declared here u64 a0, a1; ^~ Apparently the code relies on the local variables occupying adjacent memory locations in the same order, but this is of course not guaranteed. Use an array of two u64 variables where needed to make it work correctly. I suspect there is also an endianness bug here, but have not digged in deep enough to be sure. Fixes: 5df6d737dd4b ("[SCSI] fnic: Add new Cisco PCI-Express FCoE HBA") Fixes: mmtom ("init/Kconfig: enable -O3 for all arches") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200107201602.4096790-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin --- drivers/scsi/fnic/vnic_dev.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/fnic/vnic_dev.c b/drivers/scsi/fnic/vnic_dev.c index ba69d6112fa1..c5b89a003d2a 100644 --- a/drivers/scsi/fnic/vnic_dev.c +++ b/drivers/scsi/fnic/vnic_dev.c @@ -445,26 +445,26 @@ int vnic_dev_soft_reset_done(struct vnic_dev *vdev, int *done) int vnic_dev_hang_notify(struct vnic_dev *vdev) { - u64 a0, a1; + u64 a0 = 0, a1 = 0; int wait = 1000; return vnic_dev_cmd(vdev, CMD_HANG_NOTIFY, &a0, &a1, wait); } int vnic_dev_mac_addr(struct vnic_dev *vdev, u8 *mac_addr) { - u64 a0, a1; + u64 a[2] = {}; int wait = 1000; int err, i; for (i = 0; i < ETH_ALEN; i++) mac_addr[i] = 0; - err = vnic_dev_cmd(vdev, CMD_MAC_ADDR, &a0, &a1, wait); + err = vnic_dev_cmd(vdev, CMD_MAC_ADDR, &a[0], &a[1], wait); if (err) return err; for (i = 0; i < ETH_ALEN; i++) - mac_addr[i] = ((u8 *)&a0)[i]; + mac_addr[i] = ((u8 *)&a)[i]; return 0; } @@ -489,30 +489,30 @@ void vnic_dev_packet_filter(struct vnic_dev *vdev, int directed, int multicast, void vnic_dev_add_addr(struct vnic_dev *vdev, u8 *addr) { - u64 a0 = 0, a1 = 0; + u64 a[2] = {}; int wait = 1000; int err; int i; for (i = 0; i < ETH_ALEN; i++) - ((u8 *)&a0)[i] = addr[i]; + ((u8 *)&a)[i] = addr[i]; - err = vnic_dev_cmd(vdev, CMD_ADDR_ADD, &a0, &a1, wait); + err = vnic_dev_cmd(vdev, CMD_ADDR_ADD, &a[0], &a[1], wait); if (err) pr_err("Can't add addr [%pM], %d\n", addr, err); } void vnic_dev_del_addr(struct vnic_dev *vdev, u8 *addr) { - u64 a0 = 0, a1 = 0; + u64 a[2] = {}; int wait = 1000; int err; int i; for (i = 0; i < ETH_ALEN; i++) - ((u8 *)&a0)[i] = addr[i]; + ((u8 *)&a)[i] = addr[i]; - err = vnic_dev_cmd(vdev, CMD_ADDR_DEL, &a0, &a1, wait); + err = vnic_dev_cmd(vdev, CMD_ADDR_DEL, &a[0], &a[1], wait); if (err) pr_err("Can't del addr [%pM], %d\n", addr, err); } -- 2.20.1