Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp641486pxf; Wed, 24 Mar 2021 12:12:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwvi1RyNDy5FalS+8SvdLI0dnNkGnq5HY2rXMk5XdWbmwtoxt1RttXYjUxUtFwnstlVgkJa X-Received: by 2002:a17:906:90c5:: with SMTP id v5mr5393826ejw.466.1616613173645; Wed, 24 Mar 2021 12:12:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616613173; cv=none; d=google.com; s=arc-20160816; b=mWmBjYNlWWh6wiSP/SY1e2UyQ0cblJNl+BqXrXjOlaCxqUy6LV4qk0E1PmiQTmTJR4 TYMNwwGWqxAXUz/kHrvVBYNpUhWiU4Q+UN6h6H6fSwh2yP1BICjJe/J+VTyfGp3PLLnu GNC8VyYNkpCPK9ZRrtofnFH0pEXbIginy1U7tvKVO4TYGe/XXWqP1+QN1f1HBxoTDqu2 GKDL23j3ChGOL1jhWNnGLwObgQVqf+j3FjCBHj/m6/0W46GViLjka+wQWrf6tCcAtE7k BKh1Rcog+AkUys3VIT1LyZgOd+QPT9ogWuSCiktAIxrD+oRuKbhWfn5VWP87E8yCuSD0 wnTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=eqthZoZ24hBKip/rpytb3Jw5ErL/sxzA8WMYUKwyAfg=; b=iodJJW+eieRDZjgcsNpSiWv4Pe94t3LzmZD9wH29OEu68SDLEqMEG+9VAPE3ArxWnH wJLptCzw1UMfnKGHa1jvGUPcfKIi+PAnLyqWtbTXDpXcmw0ErakdNLavE7yyTFZNNXEJ 6dZfAr6+C2fnHQg5PNZbi+MpHrEOA5Sc2W6Li0nVLqO6bb4d2jv8DBaEemfNn2dkV3pO aBzliyxu/chfYqYx9mAKjVXURavBtDFw7bV/oJ7JWe4tjLy8L6wTgrl7JEDs7GWzf73o 3LzMz8YVeqEcBRLxvt4QBla1hGidlhs71+FsD3E7ChK5ftFIH1+xZiAVbCy8M3EOz0bj QReQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=uPYi4SzD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r9si2435411edd.8.2021.03.24.12.12.29; Wed, 24 Mar 2021 12:12:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=uPYi4SzD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237726AbhCXTIh (ORCPT + 99 others); Wed, 24 Mar 2021 15:08:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237773AbhCXTIc (ORCPT ); Wed, 24 Mar 2021 15:08:32 -0400 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 776A5C0613DE for ; Wed, 24 Mar 2021 12:08:32 -0700 (PDT) Received: by mail-ej1-x636.google.com with SMTP id l4so34690169ejc.10 for ; Wed, 24 Mar 2021 12:08:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eqthZoZ24hBKip/rpytb3Jw5ErL/sxzA8WMYUKwyAfg=; b=uPYi4SzDipjalS815p3jLLVPTQE5hGgWicR3QBBRxyKplVZiA81He7VrpFCy7sIE5n 85kmUU3Af3xU689pmoJGzXSvl7aybl6vw8WvgCeTHoPVUN5wQB46+llWYB9Ek/O+zqlq YWlG1eMjw5j/CWTSEn2ZnfMgAED7N59RO4OnV2o17EgmcVUkFXKnNf9WC+X0JNlx+Ffw ip53beNMgDyCFnAdTQdGjo22pWPpTcbuCpcYETFdsUjTjeWh3/yOWzyKyv1vMwZ0EmpQ lFztkPRLKq4E2VTgYlMxP0025WvafUkbUPZoAGVwVyYfAUAPhOnSDJThBU82PpO3nUdI GBMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eqthZoZ24hBKip/rpytb3Jw5ErL/sxzA8WMYUKwyAfg=; b=a1zafoCL/Lt4yR3j+itu8+oP+vIWRxgsdAt77OdXKDEairy+GiohbF3n5oyOTUjR2N 1eV4S0SaFfFhCq+ny4mweQJ8jJ9EN5k6iGR4+Mze50ILHjiyateM7c7XNNVR4akPogUm pjPtJ9u5sL3TmE1tdx+vybJCI1tnuJQZU+5pG0tT+fugfEj3xWjX4Ys9QwkvWlE5Rb3B Hivaq0ZXtuKVz52bS6sh+Zhkj3k+JFKf51JGCQ0Q6PYCxeXUa5AxSpO49kreosirfRb2 rjbkuzaWa9StmYZLeKLeMBxpYusUpGjuNLHckIWxqFDIc2uiApxPC2NhpoRDrjeO/8NY vUVw== X-Gm-Message-State: AOAM5303o9yHx4HpXy3Hvl2QuhwfRwoUHPs3H284gf4Gfjj/sMKM1You 4NepB9xHJRqATvxyswsssl1qCVUxcieuSUXGjEokaA== X-Received: by 2002:a17:906:2ac1:: with SMTP id m1mr5403301eje.472.1616612911208; Wed, 24 Mar 2021 12:08:31 -0700 (PDT) MIME-Version: 1.0 References: <20210324141635.22335-1-rrichter@amd.com> <20210324184257.GV3014244@iweiny-DESK2.sc.intel.com> In-Reply-To: <20210324184257.GV3014244@iweiny-DESK2.sc.intel.com> From: Dan Williams Date: Wed, 24 Mar 2021 12:08:20 -0700 Message-ID: Subject: Re: [PATCH] cxl/mem: Force array size of mem_commands[] to CXL_MEM_COMMAND_ID_MAX To: Ira Weiny Cc: Robert Richter , Alison Schofield , Vishal Verma , Ben Widawsky , linux-cxl@vger.kernel.org, Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 24, 2021 at 11:43 AM Ira Weiny wrote: > > On Wed, Mar 24, 2021 at 03:16:35PM +0100, Robert Richter wrote: > > Typically the mem_commands[] array is in sync with 'enum { CXL_CMDS }'. > > Current code works well. > > > > However, the array size of mem_commands[] may not strictly be the same > > as CXL_MEM_COMMAND_ID_MAX. E.g. if a new CXL_CMD() is added that is > > guarded by #ifdefs, the array could be shorter. This could lead then > > further to an out-of-bounds array access in cxl_validate_cmd_from_user(). > > > > Fix this by forcing the array size to CXL_MEM_COMMAND_ID_MAX. This > > also adds range checks for array items in mem_commands[] at compile > > time. > > Can't we use ARRAY_SIZE? An ARRAY_SIZE() check in cxl_validate_cmd_from_user() would work too, but it wouldn't give the compiler protection that Robert mentions for going the other way where mem_commands tries to add an entry that is out of bounds relative to CXL_CMDS.