Jeff Johnson writes:
> On 10/29/2024 6:22 AM, Aleksei Vetrov wrote:
>> The channels array in the cfg80211_scan_request has a __counted_by
>> attribute attached to it, which points to the n_channels variable. This
>> attribute is used in bounds checking, and if it is not set before the
>> array is
Alper Nebi Yasak wrote:
> Replace one-element array with a flexible-array member in `struct
> mwifiex_ie_types_wildcard_ssid_params` to fix the following warning
> on a MT8173 Chromebook (mt8173-elm-hana):
>
> [ 356.775250] [ cut here ]
> [ 356.784543] memcpy: detected
"Gustavo A. R. Silva" wrote:
> Replace one-element array with a flexible-array member in
> `struct host_cmd_ds_802_11_scan_ext`.
>
> With this, fix the following warning:
>
> elo 16 17:51:58 surfacebook kernel: [ cut here ]
> elo 16 17:51:58 surfacebook kernel: memcpy: d
Dmitry Antipov writes:
> Although not reproduced in practice, these two cases may be
> considered by UBSAN as off-by-one errors. So fix them in the
> same way as in commit a26a5107bc52 ("wifi: cfg80211: fix UBSAN
> noise in cfg80211_wext_siwscan()").
>
> Fixes: 807f8a8c3004 ("cfg80211/nl80211: ad
> [-Wflex-array-member-not-at-end]
> drivers/net/wireless/ath/ath12k/dp.h:1499:24: warning: structure containing a
> flexible array member is not at the end of another structure
> [-Wflex-array-member-not-at-end]
>
> Signed-off-by: Gustavo A. R. Silva
> Signed-off-b
cture containing a
> flexible array member is not at the end of another structure
> [-Wflex-array-member-not-at-end]
>
> Signed-off-by: Gustavo A. R. Silva
> Acked-by: Jeff Johnson
> Signed-off-by: Kalle Valo
Patch applied to ath-next branch of ath.git, thanks.
820a
> [-Wflex-array-member-not-at-end]
> drivers/net/wireless/ath/ath12k/dp.h:1499:24: warning: structure containing a
> flexible array member is not at the end of another structure
> [-Wflex-array-member-not-at-end]
>
> Signed-off-by: Gustavo A. R. Silva
> Signed-off-by: K
Jeff Johnson writes:
> On 8/9/2024 9:20 AM, Gustavo A. R. Silva wrote:
>
>> -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
>> getting ready to enable it, globally.
>>
>> Move the conflicting declaration to the end of the structure. Notice
>> that `struct ieee80211_chanctx_co
"Gustavo A. R. Silva" wrote:
> -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> getting ready to enable it, globally.
>
> So, in order to avoid ending up with a flexible-array member in the
> middle of multiple other structs, we use the `__struct_group()`
> helper to create
"Gustavo A. R. Silva" wrote:
> Commit 5c4250092fad ("wifi: mwl8k: Avoid -Wflex-array-member-not-at-end
> warnings") introduced tagged `struct mwl8k_cmd_pkt_hdr`. We want to
> ensure that when new members need to be added to the flexible structure,
> they are always included within this tagged str
"Gustavo A. R. Silva" wrote:
> -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> getting ready to enable it, globally.
>
> So, in order to avoid ending up with a flexible-array member in the
> middle of multiple other structs, we use the `__struct_group()`
> helper to create
Erick Archer wrote:
> It is preferred to use sizeof(*pointer) instead of sizeof(type)
> due to the type of the variable can change and one needs not
> change the former (unlike the latter). This patch has no effect
> on runtime behavior.
>
> At the same time remove some redundant NULL initializa
Kenton Groombridge writes:
> req->n_channels must be set before req->channels[] can be used.
>
> This patch fixes one of the issues encountered in [1].
>
> [ 83.964252] [ cut here ]
> [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4
> [ 83.9
Erick Archer wrote:
> It is preferred to use sizeof(*pointer) instead of sizeof(type)
> due to the type of the variable can change and one needs not
> change the former (unlike the latter). This patch has no effect
> on runtime behavior.
>
> At the same time remove some redundant NULL initializa
Kees Cook writes:
>> >> > I was just walking through our patch tracker and noticed that I don't
>> >> > see this patch include in -next yet (as of next-20240429). Is there a
>> >> > flush of the ath-next queue planned soon? Or did I miss some change?
>> >>
>> >> Yeah, wireless-next was pulled la
Kees Cook writes:
> On Mon, Apr 29, 2024 at 08:25:56PM +0300, Kalle Valo wrote:
>
>> Kees Cook writes:
>>
>> > On Thu, Apr 04, 2024 at 10:12:28AM +, Kalle Valo wrote:
>> >
>> >> "Gustavo A. R. Silva" wrote:
>> >>
Kees Cook writes:
> On Thu, Apr 04, 2024 at 10:12:28AM +0000, Kalle Valo wrote:
>
>> "Gustavo A. R. Silva" wrote:
>>
>> > Prepare for the coming implementation by GCC and Clang of the
>> > __counted_by attribute. Flexible array members annotated
t the end of another structure
> [-Wflex-array-member-not-at-end]
>
> Link: https://github.com/KSPP/linux/issues/202
> Signed-off-by: Gustavo A. R. Silva
> Reviewed-by: Jeff Johnson
> Signed-off-by: Kalle Valo
Patch applied to ath-next branch of ath.git, thanks.
cbb0697e0ded
s not at the end of another structure
> [-Wflex-array-member-not-at-end]
>
> Link: https://github.com/KSPP/linux/issues/202
> Signed-off-by: Gustavo A. R. Silva
> Reviewed-by: Jeff Johnson
> Signed-off-by: Kalle Valo
Patch applied to ath-next branch of ath.git, thanks.
34c34c2
wo members does address the warning though.
>
> Fixes: fb5f6a0e8063b ("mac80211: Use memset_after() to clear tx status")
> Link: https://lore.kernel.org/lkml/20230623152443.2296825-1-a...@kernel.org/
> Signed-off-by: Arnd Bergmann
> Reviewed-by: Kees Cook
> Acked-by
"Gustavo A. R. Silva" wrote:
> -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
> ready to enable it globally.
>
> There is currently an object (`header`), at the beginning of multiple
> structures, that contains a flexible structure (`struct mwl8k_cmd_pkt`),
> for example:
"Gustavo A. R. Silva" wrote:
> -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
> ready to enable it globally.
>
> Remove unused flexible-array members in multiple structures, and fix
> a hundred -Wflex-array-member-not-at-end warnings[1] in
> drivers/wireless/ti/
>
> Link
"Gustavo A. R. Silva" wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
> array indexing) and CONFIG_FORTIFY_SOURCE (
"Gustavo A. R. Silva" writes:
> Prepare for the coming implementation by GCC and Clang of the
> __counted_by attribute. Flexible array members annotated with
> __counted_by can have their accesses bounds-checked at run-time
> via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE
"Gustavo A. R. Silva" wrote:
> Fix boot crash on Raspberry Pi by moving the update to `event->datalen`
> before data is copied into flexible-array member `data` via `memcpy()`.
>
> Flexible-array member `data` was annotated with `__counted_by(datalen)`
> in commit 62d19b358088 ("wifi: brcmfmac:
"Gustavo A. R. Silva" wrote:
> Fix boot crash on Raspberry Pi by moving the update to `event->datalen`
> before data is copied into flexible-array member `data` via `memcpy()`.
>
> Flexible-array member `data` was annotated with `__counted_by(datalen)`
> in commit 62d19b358088 ("wifi: brcmfmac:
;
> Link: https://github.com/KSPP/linux/issues/51 [1]
> Cc: Brian Norris
> Cc: Kalle Valo
> Cc: Dmitry Antipov
> Cc: Johannes Berg
> Cc: zuoqilin
> Cc: Ruan Jinjie
> Cc: Thomas Gleixner
> Cc: Christophe JAILLET
> Cc: Gustavo A. R. Silva
> Cc: linux-wirel..
~~~^~
>
> Fixes: e3eac9f32ec0 ("wifi: cfg80211: Annotate struct cfg80211_scan_request
> with __counted_by")
> Cc: Arend van Spriel
> Cc: Franky Lin
> Cc: Hante Meuleman
> Cc: Kalle Valo
> Cc: Chi-hsien Lin
> Cc:
Arend Van Spriel writes:
> On 2/2/2024 10:58 AM, Arend Van Spriel wrote:
>
>> On 2/1/2024 11:04 AM, Kalle Valo wrote:
>>> Kees Cook wrote:
>>>
>>>> After commit e3eac9f32ec0 ("wifi: cfg80211: Annotate struct
>>>> cfg80211_scan_request
~~~^~
>
> Fixes: e3eac9f32ec0 ("wifi: cfg80211: Annotate struct cfg80211_scan_request
> with __counted_by")
> Cc: Arend van Spriel
> Cc: Franky Lin
> Cc: Hante Meuleman
> Cc: Kalle Valo
> Cc: Chi-hsien Lin
> Cc:
Erick Archer wrote:
> As noted in the "Deprecated Interfaces, Language Features, Attributes,
> and Conventions" documentation [1], size calculations (especially
> multiplication) should not be performed in memory allocator (or similar)
> function arguments due to the risk of them overflowing. Thi
ng the wrap-around sanitizers in the future.
>
> Link: https://git.kernel.org/linus/68df3755e383e6fecf2354a67b08f92f18536594
> [1]
> Link: https://github.com/KSPP/linux/issues/26 [2]
> Link: https://github.com/KSPP/linux/issues/27 [3]
> Link: https://github.com/KSPP/linux/issues/344 [
ing the wrap-around sanitizers in the future.
>
> Link: https://git.kernel.org/linus/68df3755e383e6fecf2354a67b08f92f18536594
> [1]
> Link: https://github.com/KSPP/linux/issues/26 [2]
> Link: https://github.com/KSPP/linux/issues/27 [3]
> Link: https://github.com/KSPP/linux/issues/344 [4]
&g
ing the wrap-around sanitizers in the future.
>
> Link: https://git.kernel.org/linus/68df3755e383e6fecf2354a67b08f92f18536594
> [1]
> Link: https://github.com/KSPP/linux/issues/26 [2]
> Link: https://github.com/KSPP/linux/issues/27 [3]
> Link: https://github.com/KSPP/linux/issues/344 [4]
>
"Gustavo A. R. Silva" wrote:
> Transform zero-length arrays `rate`, `adm_stat` and `msdu_cnt` into
> proper flexible-array members in anonymous union in `struct
> mt7996_mcu_all_sta_info_event` via the DECLARE_FLEX_ARRAY()
> helper; and fix multiple -Warray-bounds warnings:
>
> drivers/net/wirel
"Gustavo A. R. Silva" wrote:
> Transform zero-length arrays `rate`, `adm_stat` and `msdu_cnt` into
> proper flexible-array members in anonymous union in `struct
> mt7996_mcu_all_sta_info_event` via the DECLARE_FLEX_ARRAY()
> helper; and fix multiple -Warray-bounds warnings:
>
> drivers/net/wirel
"Gustavo A. R. Silva" wrote:
> Transform zero-length arrays `adm_stat` and `msdu_cnt` into proper
> flexible-array members in anonymous union in `struct
> mt7996_mcu_all_sta_info_event` via the DECLARE_FLEX_ARRAY()
> helper; and fix multiple -Warray-bounds warnings:
>
> drivers/net/wireless/medi
Kees Cook writes:
> On Thu, Nov 16, 2023 at 02:57:24PM -0600, Gustavo A. R. Silva wrote:
>
>> Transform zero-length arrays `adm_stat` and `msdu_cnt` into proper
>> flexible-array members in anonymous union in `struct
>> mt7996_mcu_all_sta_info_event` via the DECLARE_FLEX_ARRAY()
>> helper; and fi
Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> Based on the deliberate `sizeof(dest) ... - 1` pattern we can see that
> both dump_info->dev_human_readable and d
Kees Cook writes:
> On Thu, Oct 19, 2023 at 05:44:59PM +, Justin Stitt wrote:
>> strncpy() is deprecated for use on NUL-terminated destination strings
>> [1] and as such we should prefer more robust and less ambiguous string
>> interfaces.
>>
>> Based on the deliberate `sizeof(dest) ... - 1`
"Gustavo A. R. Silva" writes:
>> wireless-next has taken my patch [1] that is identical to yours.
>
> Great!
>
> I had mine ready on Oct 31, but I was waiting for the merge window to close
> before sending it.
BTW we keep wireless-next open also during merge windows. So no need to
hold up wirele
Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> `extra` is clearly supposed to be NUL-terminated which is evident by the
> manual NUL-byte assignment as well as
Justin Stitt wrote:
> Let's move away from using strncpy and instead favor a less ambiguous
> and more robust interface.
>
> For ifp->ndev->name, we expect ifp->ndev->name to be NUL-terminated based
> on its use in format strings within core.c:
> 67 | char *brcmf_ifname(struct brcmf_if *if
Kees Cook writes:
> On Thu, Oct 26, 2023 at 11:19:18PM +, Justin Stitt wrote:
>
>> strncpy() is deprecated for use on NUL-terminated destination strings
>> [1] and as such we should prefer more robust and less ambiguous string
>> interfaces.
>>
>> `extra` is clearly supposed to be NUL-termin
Jonathan Corbet writes:
> Steven Rostedt writes:
>
>> On Thu, 26 Oct 2023 07:39:44 -0400
>> James Bottomley wrote:
>>
>>> While it's nice in theory to have everything documented, it's not much
>>> use if no one can actually find the information ...
>>
>> Does kerneldoc provide an automated inde
Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect priv->firmware_id to be NUL-terminated based on its usage
> with seq_printf() and strlen() in atmel.c:
Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect fw_version strings to be NUL-terminated based on other similar
> assignments:
>
> wireless/broadcom/br
Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> We expect wl->chip.fw_ver_str to be NUL-terminated based on its usage
> with DRIVER_STATE_PRINT_STR() in debugfs.
Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> wl->chip.phy_fw_ver_str is obviously intended to be NUL-terminated by
> the deliberate comment telling us as much
Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> Based on other assignments of similar fw_version fields we can see that
> NUL-termination is required but not NUL
Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> `extra` is intended to be NUL-terminated which is evident by the manual
> assignment of a NUL-byte as well as its
precated.html#strncpy-on-nul-terminated-strings
> [1]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt
> Signed-off-by: Kalle Valo
Patch applied to ath-next branch of ath.git, thanks.
40990961d983 wifi: ath6kl: rep
/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt
> Signed-off-by: Kalle Valo
Patch applied to ath-next branch of ath.git, thanks.
24709752bfe8 wifi: ath5k: replace deprecated strncpy with strscpy
--
https://patchwork.kernel.org/project/linux-w
Franky Lin writes:
> Hi Justin,
>
> On Mon, Oct 16, 2023 at 3:14 PM Justin Stitt wrote:
>>
>> strncpy() is deprecated for use on NUL-terminated destination strings
>> [1] and as such we should prefer more robust and less ambiguous string
>> interfaces.
>>
>> This patch replaces multiple strncpy
(for strcpy/memcpy-family
> functions).
>
> Add __counted_by for struct p54_cal_database.
>
> Cc: Christian Lamparter
> Cc: Kalle Valo
> Cc: "Gustavo A. R. Silva"
> Cc: linux-wirel...@vger.kernel.org
> Cc: linux-hardening@vger.kernel.org
> Suggested-by: J
"Gustavo A. R. Silva" wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
> array indexing) and CONFIG_FORTIFY_SOURCE (
"Gustavo A. R. Silva" wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
> array indexing) and CONFIG_FORTIFY_SOURCE (
Kees Cook writes:
>> > Should this be considered a v2 of:
>> > https://lore.kernel.org/linux-hardening/94848cc3-6f5c-46d7-8cc7-98a4f1086...@embeddedor.com/
>> >
>> > ?
>>
>> Oops... sorry, I forgot I had reviewed this patch of yours.
>>
>> >
>> > Yours is more complete since it includes the s
Kees Cook writes:
> On Fri, Sep 15, 2023 at 01:06:12PM -0700, Kees Cook wrote:
>> Prepare for the coming implementation by GCC and Clang of the __counted_by
>> attribute. Flexible array members annotated with __counted_by can have
>> their accesses bounds-checked at run-time checking via CONFIG_U
RTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct wcn36xx_hal_ind_msg.
>
> [1]
> https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>
> Cc: Loic Poulain
> Cc: Kalle Valo
RTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct libipw_txb.
>
> [1]
> https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>
> Cc: Stanislav Yakovlev
> Cc: Kalle Valo
> C
RTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct brcmf_fw_request.
>
> [1]
> https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>
> Cc: Arend van Spriel
> Cc: Franky Lin
RTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct brcmf_gscan_config.
>
> [1]
> https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>
> Cc: Arend van Spriel
> Cc: Franky Lin
63 matches
Mail list logo
