Message ID | 20220520194320.2356236-8-kuba@kernel.org (mailing list archive) |
---|---|
State | Not Applicable |
Delegated to: | Kalle Valo |
Headers | show |
Series | Fix/silence GCC 12 warnings in drivers/net/wireless/ | expand |
On Fri, 2022-05-20 at 12:43 -0700, Jakub Kicinski wrote: > This driver does a lot of casting of smaller buffers to > a larger command response struct, GCC 12 does not like that: > > drivers/net/wireless/marvell/libertas/cfg.c:1198:63: warning: array subscript ‘struct cmd_ds_802_11_associate_response[0]’ is partly outside array bounds of ‘unsigned char[203]’ [-Warray-bounds] > 1198 | "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode), > | ^~ > I had a similar issue in our driver, and I could work around it there with a simple cast ... here not, but perhaps we should consider something like the below? johannes diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c index 4e3de684928b..b0b3f59dabc6 100644 --- a/drivers/net/wireless/marvell/libertas/cfg.c +++ b/drivers/net/wireless/marvell/libertas/cfg.c @@ -1053,7 +1053,6 @@ static int lbs_set_authtype(struct lbs_private *priv, */ #define LBS_ASSOC_MAX_CMD_SIZE \ (sizeof(struct cmd_ds_802_11_associate) \ - - 512 /* cmd_ds_802_11_associate.iebuf */ \ + LBS_MAX_SSID_TLV_SIZE \ + LBS_MAX_CHANNEL_TLV_SIZE \ + LBS_MAX_CF_PARAM_TLV_SIZE \ @@ -1130,8 +1129,7 @@ static int lbs_associate(struct lbs_private *priv, if (sme->ie && sme->ie_len) pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len); - len = (sizeof(*cmd) - sizeof(cmd->iebuf)) + - (u16)(pos - (u8 *) &cmd->iebuf); + len = sizeof(*cmd) + (u16)(pos - (u8 *) &cmd->iebuf); cmd->hdr.size = cpu_to_le16(len); lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd, diff --git a/drivers/net/wireless/marvell/libertas/host.h b/drivers/net/wireless/marvell/libertas/host.h index ceff4b92e7a1..a202b716ad5d 100644 --- a/drivers/net/wireless/marvell/libertas/host.h +++ b/drivers/net/wireless/marvell/libertas/host.h @@ -528,7 +528,8 @@ struct cmd_ds_802_11_associate { __le16 listeninterval; __le16 bcnperiod; u8 dtimperiod; - u8 iebuf[512]; /* Enough for required and most optional IEs */ + /* 512 permitted - enough for required and most optional IEs */ + u8 iebuf[]; } __packed; struct cmd_ds_802_11_associate_response { @@ -537,7 +538,8 @@ struct cmd_ds_802_11_associate_response { __le16 capability; __le16 statuscode; __le16 aid; - u8 iebuf[512]; + /* max 512 */ + u8 iebuf[]; } __packed; struct cmd_ds_802_11_set_wep {
On Sun, 22 May 2022 00:03:22 +0200 Johannes Berg wrote: > I had a similar issue in our driver, and I could work around it there > with a simple cast ... here not, but perhaps we should consider > something like the below? Excellent, LGTM. Would you be willing to submit this officially? I'll drop patch 7 for now.
diff --git a/drivers/net/wireless/marvell/libertas/Makefile b/drivers/net/wireless/marvell/libertas/Makefile index 41b9b440a542..da4ea5a0812c 100644 --- a/drivers/net/wireless/marvell/libertas/Makefile +++ b/drivers/net/wireless/marvell/libertas/Makefile @@ -10,6 +10,11 @@ libertas-y += tx.o libertas-y += firmware.o libertas-$(CONFIG_LIBERTAS_MESH) += mesh.o +# FIXME: temporarily silence -Warray-bounds on non W=1+ builds +ifndef KBUILD_EXTRA_WARN +CFLAGS_cfg.o += -Wno-array-bounds +endif + usb8xxx-objs += if_usb.o libertas_cs-objs += if_cs.o libertas_sdio-objs += if_sdio.o
This driver does a lot of casting of smaller buffers to a larger command response struct, GCC 12 does not like that: drivers/net/wireless/marvell/libertas/cfg.c:1198:63: warning: array subscript ‘struct cmd_ds_802_11_associate_response[0]’ is partly outside array bounds of ‘unsigned char[203]’ [-Warray-bounds] 1198 | "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode), | ^~ Annoyingly it's not clever enough to recognize which fields are safe to access, so move this warning to W=1 for now. Signed-off-by: Jakub Kicinski <kuba@kernel.org> --- CC: kvalo@kernel.org CC: libertas-dev@lists.infradead.org CC: linux-wireless@vger.kernel.org --- drivers/net/wireless/marvell/libertas/Makefile | 5 +++++ 1 file changed, 5 insertions(+)