Hi Nathan and Kees,
On 2/27/24 17:00, Kees Cook wrote:
On Tue, Feb 27, 2024 at 05:47:44PM +0100, Daniel Lezcano wrote:
Ok my misunderstanding was I thought sizeof() was calling _bdos under the
hood, so when calling sizeof(flex_array), it was returning the computed size
inferring from the __coun
On Tue, Feb 27, 2024 at 04:57:31PM -0800, Doug Anderson wrote:
> Hi,
>
> On Mon, Jan 8, 2024 at 4:54 PM Doug Anderson wrote:
> >
> > Hi,
> >
> > On Thu, Dec 7, 2023 at 5:03 PM Douglas Anderson
> > wrote:
> > >
> > > When testing hard lockup handling on my sc7180-trogdor-lazor device
> > > with p
On Wed, Feb 28, 2024 at 08:41:07AM +, Lukasz Luba wrote:
> Hi Nathan and Kees,
>
> On 2/27/24 17:00, Kees Cook wrote:
> > On Tue, Feb 27, 2024 at 05:47:44PM +0100, Daniel Lezcano wrote:
> > > Ok my misunderstanding was I thought sizeof() was calling _bdos under the
> > > hood, so when calling
On Wed, Feb 28, 2024 at 09:56:51AM -0700, Nathan Chancellor wrote:
> On Wed, Feb 28, 2024 at 08:41:07AM +, Lukasz Luba wrote:
> > Hi Nathan and Kees,
> >
> > On 2/27/24 17:00, Kees Cook wrote:
> > > On Tue, Feb 27, 2024 at 05:47:44PM +0100, Daniel Lezcano wrote:
> > > > Ok my misunderstanding
No need to rewrite the value, instead use 'else' branch.
This will also help further refactoring the code later on.
Signed-off-by: Andy Shevchenko
---
drivers/iio/industrialio-core.c | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/iio/industrialio-core.c b/dr
Introduce two helper macros to calculate the size of the structure
with trailing aligned data and to retrieve the pointer to that data.
Signed-off-by: Andy Shevchenko
---
include/linux/overflow.h | 27 ++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/incl
Added new macros to overflow.h and reuse it in IIO. For the sake of examples
a few more places were updated (requested by Kees). In case maintainers are
okay,
tags will be appreciated.
v4:
- dropped applied patches
- refactored macros and code to make them simpler (Jonathan)
- moved (renamed) mac
In iio_device_alloc() when size of the private data is 0,
the private pointer is calculated to behind the valid data.
NULLify it for good.
Fixes: 6d4ebd565d15 ("iio: core: wrap IIO device into an iio_dev_opaque object")
Signed-off-by: Andy Shevchenko
---
drivers/iio/industrialio-core.c | 8 +
The check_shl_overflow() uses u64 type that is defined in types.h.
Instead of including that header, just switch to use POD type
directly.
Signed-off-by: Andy Shevchenko
---
include/linux/overflow.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/overflow.h b/in
We have two new helpers struct_size_with_data() and struct_data_pointer()
that we can utilize in __spi_alloc_controller(). Do it so.
Signed-off-by: Andy Shevchenko
---
drivers/spi/spi.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.
We have two new helpers struct_size_with_data() and struct_data_pointer()
that we can utilize in d40_hw_detect_init(). Do it so.
Signed-off-by: Andy Shevchenko
---
drivers/dma/ste_dma40.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/dma/ste_dma40.c b/d
We have two new helpers struct_size_with_data() and struct_data_pointer()
that we can utilize in alloc_netdev_mqs() and netdev_priv(). Do it so.
Signed-off-by: Andy Shevchenko
---
include/linux/netdevice.h | 3 ++-
net/core/dev.c| 10 +-
2 files changed, 7 insertions(+), 6 d
We have two new helpers struct_size_with_data() and struct_data_pointer()
that we can utilize in iio_device_alloc(). Do it so.
Signed-off-by: Andy Shevchenko
Reviewed-by: Nuno Sa
---
drivers/iio/industrialio-core.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers
On Wed, Feb 28, 2024 at 2:49 PM Andy Shevchenko
wrote:
>
> No need to rewrite the value, instead use 'else' branch.
> This will also help further refactoring the code later on.
>
> Signed-off-by: Andy Shevchenko
> ---
> drivers/iio/industrialio-core.c | 9 -
> 1 file changed, 4 insertion
On Wed, Feb 28, 2024 at 10:41:36PM +0200, Andy Shevchenko wrote:
> We have two new helpers struct_size_with_data() and struct_data_pointer()
> that we can utilize in __spi_alloc_controller(). Do it so.
Acked-by: Mark Brown
signature.asc
Description: PGP signature
On Wed, Feb 28, 2024 at 2:50 PM Andy Shevchenko
wrote:
>
> In iio_device_alloc() when size of the private data is 0,
> the private pointer is calculated to behind the valid data.
> NULLify it for good.
>
> Fixes: 6d4ebd565d15 ("iio: core: wrap IIO device into an iio_dev_opaque
> object")
> Signed
On Wed, Feb 28, 2024 at 02:57:36PM -0600, David Lechner wrote:
> On Wed, Feb 28, 2024 at 2:49 PM Andy Shevchenko
> wrote:
...
> > - alloc_size = sizeof(struct iio_dev_opaque);
> > - if (sizeof_priv) {
> > - alloc_size = ALIGN(alloc_size, IIO_DMA_MINALIGN);
> > -
On Wed, Feb 28, 2024 at 10:41:31PM +0200, Andy Shevchenko wrote:
> The check_shl_overflow() uses u64 type that is defined in types.h.
> Instead of including that header, just switch to use POD type
> directly.
>
> Signed-off-by: Andy Shevchenko
Acked-by: Kees Cook
--
Kees Cook
On Wed, Feb 28, 2024 at 03:06:42PM -0600, David Lechner wrote:
> On Wed, Feb 28, 2024 at 2:50 PM Andy Shevchenko
> wrote:
...
> > - indio_dev->priv = (char *)iio_dev_opaque +
> > - ALIGN(sizeof(struct iio_dev_opaque), IIO_DMA_MINALIGN);
> > +
> > + if (sizeof_priv)
> >
On Wed, Feb 28, 2024 at 10:41:32PM +0200, Andy Shevchenko wrote:
> Introduce two helper macros to calculate the size of the structure
> with trailing aligned data and to retrieve the pointer to that data.
>
> Signed-off-by: Andy Shevchenko
> ---
> include/linux/overflow.h | 27 ++
On Wed, Feb 28, 2024 at 10:41:37PM +0200, Andy Shevchenko wrote:
> We have two new helpers struct_size_with_data() and struct_data_pointer()
> that we can utilize in alloc_netdev_mqs() and netdev_priv(). Do it so.
>
> Signed-off-by: Andy Shevchenko
> ---
> include/linux/netdevice.h | 3 ++-
> n
On Wed, Feb 28, 2024 at 01:37:36PM -0800, Kees Cook wrote:
> On Wed, Feb 28, 2024 at 10:41:32PM +0200, Andy Shevchenko wrote:
...
> > +#define struct_data_pointer(p, a) PTR_ALIGN((void *)((p) + 1), (a))
>
> I'm not super excited about propagating the "p + 1" code pattern to find
> things after
On Wed, Feb 28, 2024 at 01:46:10PM -0800, Kees Cook wrote:
> On Wed, Feb 28, 2024 at 10:41:37PM +0200, Andy Shevchenko wrote:
...
> > static inline void *netdev_priv(const struct net_device *dev)
> > {
> > - return (char *)dev + ALIGN(sizeof(struct net_device), NETDEV_ALIGN);
> > + return s
On Wed, 28 Feb 2024 13:46:10 -0800 Kees Cook wrote:
> I really don't like hiding these trailing allocations from the compiler.
> Why can't something like this be done (totally untested):
>
>
> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> index 118c40258d07..dae6df4fb177 10
This series contains multiple replacements of strncpy throughout the
scsi subsystem.
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces. The details of each replacement will be in their respective
Really, there's no bug with the current code. Let's just ditch strncpy()
all together.
We can just copy the const strings instead of reserving room on the
stack.
Link:
https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
[1]
Link: https://manpages.deb
The replacement in mpt3sas_base.c is a trivial one because desc is
already zero-initialized meaning there is no functional change here.
For mpt3sas_transport.c, we know edev is zero-initialized as well while
manufacture_reply comes from dma_alloc_coherent(). No functional change
here either.
For
We expect slowpath_params.name to be NUL-terminated based on its future
usage with other string APIs:
| static int qed_slowpath_start(struct qed_dev *cdev,
| struct qed_slowpath_params *params)
...
| strscpy(drv_version.name, params->name,
|
Replace 3 instances of strncpy in ql4_mbx.c
No bugs exist in the current implementation as some care was taken to
ensure the write length was decreased by one to leave some space for a
NUL-byte. However, instead of using strncpy(dest, src, LEN-1) we can opt
for strscpy(dest, src, sizeof(dest)) whi
Depending on the state of @compatible, we are going to do different
things with our @to buffer.
When @compatible is true we want a NUL-term'd and NUL-padded destination
buffer. Conversely, if @compatible is false we just want a space-padded
destination buffer (no NUL-term required).
As per:
/**
@p1 is assigned to @setup_buffer and then we manually assign a NUL-byte
at the first index. This renders the following strlen() call useless.
Moreover, we don't need to reassign p1 to setup_buffer for any reason --
neither do we need to manually set a NUL-byte at the end. strscpy()
resolves all thi
buffer->driver_version is sized 32:
| struct bmic_host_wellness_driver_version {
| ...
| chardriver_version[32];
... the source string "Linux " + DRIVER_VERISON is sized at 16. There's
really no bug in the existing code since the buffers are sized
appropriately with gr
On Wed, Feb 28, 2024 at 02:41:48PM -0800, Jakub Kicinski wrote:
> On Wed, 28 Feb 2024 13:46:10 -0800 Kees Cook wrote:
> > I really don't like hiding these trailing allocations from the compiler.
> > Why can't something like this be done (totally untested):
> >
> >
> > diff --git a/include/linux/n
On Wed, Feb 28, 2024 at 10:59:01PM +, Justin Stitt wrote:
> Really, there's no bug with the current code. Let's just ditch strncpy()
> all together.
>
> We can just copy the const strings instead of reserving room on the
> stack.
>
> Link:
> https://www.kernel.org/doc/html/latest/process/dep
On Wed, Feb 28, 2024 at 10:59:02PM +, Justin Stitt wrote:
> The replacement in mpt3sas_base.c is a trivial one because desc is
> already zero-initialized meaning there is no functional change here.
>
> For mpt3sas_transport.c, we know edev is zero-initialized as well while
> manufacture_reply
On Wed, Feb 28, 2024 at 10:59:03PM +, Justin Stitt wrote:
> We expect slowpath_params.name to be NUL-terminated based on its future
> usage with other string APIs:
>
> | static int qed_slowpath_start(struct qed_dev *cdev,
> | struct qed_slowpath_params *pa
On Wed, Feb 28, 2024 at 10:59:04PM +, Justin Stitt wrote:
> Replace 3 instances of strncpy in ql4_mbx.c
>
> No bugs exist in the current implementation as some care was taken to
> ensure the write length was decreased by one to leave some space for a
> NUL-byte. However, instead of using strnc
On Wed, Feb 28, 2024 at 10:59:00PM +, Justin Stitt wrote:
> This series contains multiple replacements of strncpy throughout the
> scsi subsystem.
>
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
On 2/28/24 18:01, Kees Cook wrote:
On Wed, Feb 28, 2024 at 02:41:48PM -0800, Jakub Kicinski wrote:
On Wed, 28 Feb 2024 13:46:10 -0800 Kees Cook wrote:
I really don't like hiding these trailing allocations from the compiler.
Why can't something like this be done (totally untested):
diff --g
On Wed, 28 Feb 2024 16:01:49 -0800 Kees Cook wrote:
> So, I found several cases where struct net_device is included in the
> middle of another structure, which makes my proposal more awkward. But I
> also don't understand why it's in the _middle_. Shouldn't it always be
> at the beginning (with pri
On Wed, 28 Feb 2024 18:49:25 -0600 Gustavo A. R. Silva wrote:
> struct net_device {
> struct_group_tagged(net_device_hdr, hdr,
> ...
> u32 priv_size;
> );
> u8 priv_data[] __counted_by(priv_size)
> __aligned(NET
On 2/28/24 18:57, Jakub Kicinski wrote:
On Wed, 28 Feb 2024 18:49:25 -0600 Gustavo A. R. Silva wrote:
struct net_device {
struct_group_tagged(net_device_hdr, hdr,
...
u32 priv_size;
);
u8 priv_dat
On Wed, 28 Feb 2024 19:03:12 -0600 Gustavo A. R. Silva wrote:
> On 2/28/24 18:57, Jakub Kicinski wrote:
> > On Wed, 28 Feb 2024 18:49:25 -0600 Gustavo A. R. Silva wrote:
> >> struct net_device {
> >>struct_group_tagged(net_device_hdr, hdr,
> >>...
> >>u32
On 2/28/24 19:15, Jakub Kicinski wrote:
On Wed, 28 Feb 2024 19:03:12 -0600 Gustavo A. R. Silva wrote:
On 2/28/24 18:57, Jakub Kicinski wrote:
On Wed, 28 Feb 2024 18:49:25 -0600 Gustavo A. R. Silva wrote:
struct net_device {
struct_group_tagged(net_device_hdr, hdr,
..
On Thu, Feb 22, 2024 at 04:49:26PM -0700, Tycho Andersen wrote:
> On Thu, Feb 22, 2024 at 01:00:40PM -0800, Kees Cook wrote:
> > > This does bring up some interesting questions. From off-list
> > > discussions with Tobin, I believe he is not particularly interested in
> > > maintaining this script
On Thu, Feb 29, 2024 at 03:40:13PM +1100, Tobin Harding wrote:
> On Thu, Feb 22, 2024 at 04:49:26PM -0700, Tycho Andersen wrote:
> > On Thu, Feb 22, 2024 at 01:00:40PM -0800, Kees Cook wrote:
> > > > This does bring up some interesting questions. From off-list
> > > > discussions with Tobin, I beli
When inserting an SD7.0 card to Realtek card reader, the card reader
unplugs itself and morph into a NVMe device. The slot Link down on hot
unplugged can cause the following error:
pcieport :00:1c.0: pciehp: Slot(8): Link Down
BUG: unable to handle page fault for address: b24d403e5010
PGD
On Thu, Feb 29, 2024 at 02:22:00PM +0800, Kai-Heng Feng wrote:
> When inserting an SD7.0 card to Realtek card reader, the card reader
> unplugs itself and morph into a NVMe device. The slot Link down on hot
> unplugged can cause the following error:
>
> pcieport :00:1c.0: pciehp: Slot(8): Link
On 2/28/24 17:48, Kees Cook wrote:
On Wed, Feb 28, 2024 at 09:56:51AM -0700, Nathan Chancellor wrote:
On Wed, Feb 28, 2024 at 08:41:07AM +, Lukasz Luba wrote:
Hi Nathan and Kees,
On 2/27/24 17:00, Kees Cook wrote:
On Tue, Feb 27, 2024 at 05:47:44PM +0100, Daniel Lezcano wrote:
Ok my m
> When inserting an SD7.0 card to Realtek card reader, the card reader
> unplugs itself and morph into a NVMe device. The slot Link down on hot
> unplugged can cause the following error:
>
> pcieport :00:1c.0: pciehp: Slot(8): Link Down
> BUG: unable to handle page fault for address: b24d4
50 matches
Mail list logo
