Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4644459ybl; Wed, 22 Jan 2020 01:56:52 -0800 (PST) X-Google-Smtp-Source: APXvYqzHSmjUU4E1sn4P4QNrXNjMX7DaxU3ywtFiWOQ2TelQEvMVhzBMPWFyRhDe75SOruMpqh5a X-Received: by 2002:a05:6808:4c2:: with SMTP id a2mr5908116oie.118.1579687011692; Wed, 22 Jan 2020 01:56:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579687011; cv=none; d=google.com; s=arc-20160816; b=kYIWmZ8P2x0NnO5QpBLbfnN/wwBwPM4mRb/Il/mG/+o+Ahy8p0QQ4+PuoV7LVKzre2 d5bxnbN3I0YILlRm/Fs1mYxhqZGzAlwnM8pIHewUzKk41MH25XcDRTU0+z+13sZhAzsd /xMcwTT5WyUtwGM/O3ngaCsd0HVjS2UscFzFxLLvzqwvKKKhTeAezK4kWSLe4bD57sn5 7AJTNdXOjrqGM9xu+vYNE0cInKHHJ5x5h/PesF2affZRgnpt6HmziP/fknfOcNV6coOV RrFGghrrwsGM07fTQtAYTDaUKzAILUl7e5J6QleWH6VQdzJH3WfRgJJbJXZvioiuCG9f 54FA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=meQ/w/UmMuuxORpRWdeYQRfXF8sAhcCJiVON4rLYvt8=; b=wV4vLXQ53eJjDAXVIqcsr5FxS6hBYSywPJtOlh6+RkmcG+pSQBS1ftLSX0n4ssXRzQ yOuZAJ398KdzCxmWSHSJjQ8PN7Ic8Z0INRFzkM1FUJvKJG1BQbl06O7ez7m1B2TJGOqC EFxXJwLAR09JFeGRFQlYVC51n43hHV9A1yYk5Uv+oqDKm5zzIVaKYmioicUAatSWTyhL 3SlF4z8Mrz837pIgdZMU/uCWu6KpRwK24PETWTMCCalCd9rHAjH0eH5i3bCv8/OxG8Dt EbCY8SgbTopSR2jGxMimP8aSi+bK+2TfjpFuDJ1WDhE0mfQ0760aKAgUai4lBYGo+1tp TSSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZNvAXD6Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s5si20475954oic.116.2020.01.22.01.56.39; Wed, 22 Jan 2020 01:56:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZNvAXD6Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729522AbgAVJcd (ORCPT + 99 others); Wed, 22 Jan 2020 04:32:33 -0500 Received: from mail.kernel.org ([198.145.29.99]:45434 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730126AbgAVJcb (ORCPT ); Wed, 22 Jan 2020 04:32:31 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BDEBD24672; Wed, 22 Jan 2020 09:32:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579685550; bh=oF1Vd0LhvbDGRClAC3BFqvWOM1Wrvqh27WydgE6GlvU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZNvAXD6Zjlohn8bapG4ByVhAafI/slWN4LXQG7ribtg8VQFhPD2O+BNoetIKsjsBn V1vt3Vv3M8MWQcKXrz6eTb8ZAEikY5Hrl9Fe/xYgAsAsz/KgIuLYTX40OnCIjm0Yyl KaRjPhdD/V4gN6iptuTy5AwLjR7t+yPC07AkB0rU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Arnd Bergmann , "Martin K. Petersen" , Sasha Levin Subject: [PATCH 4.4 59/76] scsi: fnic: fix invalid stack access Date: Wed, 22 Jan 2020 10:29:15 +0100 Message-Id: <20200122092759.957956924@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200122092751.587775548@linuxfoundation.org> References: <20200122092751.587775548@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Arnd Bergmann [ Upstream commit 42ec15ceaea74b5f7a621fc6686cbf69ca66c4cf ] gcc -O3 warns that some local variables are not properly initialized: drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_hang_notify': drivers/scsi/fnic/vnic_dev.c:511:16: error: 'a0' is used uninitialized in this function [-Werror=uninitialized] vdev->args[0] = *a0; ~~~~~~~~~~~~~~^~~~~ drivers/scsi/fnic/vnic_dev.c:691:6: note: 'a0' was declared here u64 a0, a1; ^~ drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized] vdev->args[1] = *a1; ~~~~~~~~~~~~~~^~~~~ drivers/scsi/fnic/vnic_dev.c:691:10: note: 'a1' was declared here u64 a0, a1; ^~ drivers/scsi/fnic/vnic_dev.c: In function 'fnic_dev_mac_addr': drivers/scsi/fnic/vnic_dev.c:512:16: error: 'a1' is used uninitialized in this function [-Werror=uninitialized] vdev->args[1] = *a1; ~~~~~~~~~~~~~~^~~~~ drivers/scsi/fnic/vnic_dev.c:698:10: note: 'a1' was declared here u64 a0, a1; ^~ Apparently the code relies on the local variables occupying adjacent memory locations in the same order, but this is of course not guaranteed. Use an array of two u64 variables where needed to make it work correctly. I suspect there is also an endianness bug here, but have not digged in deep enough to be sure. Fixes: 5df6d737dd4b ("[SCSI] fnic: Add new Cisco PCI-Express FCoE HBA") Fixes: mmtom ("init/Kconfig: enable -O3 for all arches") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200107201602.4096790-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin --- drivers/scsi/fnic/vnic_dev.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/fnic/vnic_dev.c b/drivers/scsi/fnic/vnic_dev.c index ba69d6112fa1..c5b89a003d2a 100644 --- a/drivers/scsi/fnic/vnic_dev.c +++ b/drivers/scsi/fnic/vnic_dev.c @@ -445,26 +445,26 @@ int vnic_dev_soft_reset_done(struct vnic_dev *vdev, int *done) int vnic_dev_hang_notify(struct vnic_dev *vdev) { - u64 a0, a1; + u64 a0 = 0, a1 = 0; int wait = 1000; return vnic_dev_cmd(vdev, CMD_HANG_NOTIFY, &a0, &a1, wait); } int vnic_dev_mac_addr(struct vnic_dev *vdev, u8 *mac_addr) { - u64 a0, a1; + u64 a[2] = {}; int wait = 1000; int err, i; for (i = 0; i < ETH_ALEN; i++) mac_addr[i] = 0; - err = vnic_dev_cmd(vdev, CMD_MAC_ADDR, &a0, &a1, wait); + err = vnic_dev_cmd(vdev, CMD_MAC_ADDR, &a[0], &a[1], wait); if (err) return err; for (i = 0; i < ETH_ALEN; i++) - mac_addr[i] = ((u8 *)&a0)[i]; + mac_addr[i] = ((u8 *)&a)[i]; return 0; } @@ -489,30 +489,30 @@ void vnic_dev_packet_filter(struct vnic_dev *vdev, int directed, int multicast, void vnic_dev_add_addr(struct vnic_dev *vdev, u8 *addr) { - u64 a0 = 0, a1 = 0; + u64 a[2] = {}; int wait = 1000; int err; int i; for (i = 0; i < ETH_ALEN; i++) - ((u8 *)&a0)[i] = addr[i]; + ((u8 *)&a)[i] = addr[i]; - err = vnic_dev_cmd(vdev, CMD_ADDR_ADD, &a0, &a1, wait); + err = vnic_dev_cmd(vdev, CMD_ADDR_ADD, &a[0], &a[1], wait); if (err) pr_err("Can't add addr [%pM], %d\n", addr, err); } void vnic_dev_del_addr(struct vnic_dev *vdev, u8 *addr) { - u64 a0 = 0, a1 = 0; + u64 a[2] = {}; int wait = 1000; int err; int i; for (i = 0; i < ETH_ALEN; i++) - ((u8 *)&a0)[i] = addr[i]; + ((u8 *)&a)[i] = addr[i]; - err = vnic_dev_cmd(vdev, CMD_ADDR_DEL, &a0, &a1, wait); + err = vnic_dev_cmd(vdev, CMD_ADDR_DEL, &a[0], &a[1], wait); if (err) pr_err("Can't del addr [%pM], %d\n", addr, err); } -- 2.20.1