diff mbox series

[net-next,7/8] wifi: libertas: silence a GCC 12 -Warray-bounds warning

Message ID 20220520194320.2356236-8-kuba@kernel.org (mailing list archive)
State Not Applicable
Delegated to: Kalle Valo
Headers show
Series Fix/silence GCC 12 warnings in drivers/net/wireless/ | expand

Commit Message

Jakub Kicinski May 20, 2022, 7:43 p.m. UTC
This driver does a lot of casting of smaller buffers to
a larger command response struct, GCC 12 does not like that:

drivers/net/wireless/marvell/libertas/cfg.c:1198:63: warning: array subscript ‘struct cmd_ds_802_11_associate_response[0]’ is partly outside array bounds of ‘unsigned char[203]’ [-Warray-bounds]
 1198 |                       "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode),
      |                                                               ^~

Annoyingly it's not clever enough to recognize which fields
are safe to access, so move this warning to W=1 for now.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
CC: kvalo@kernel.org
CC: libertas-dev@lists.infradead.org
CC: linux-wireless@vger.kernel.org
---
 drivers/net/wireless/marvell/libertas/Makefile | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Johannes Berg May 21, 2022, 10:03 p.m. UTC | #1
On Fri, 2022-05-20 at 12:43 -0700, Jakub Kicinski wrote:
> This driver does a lot of casting of smaller buffers to
> a larger command response struct, GCC 12 does not like that:
> 
> drivers/net/wireless/marvell/libertas/cfg.c:1198:63: warning: array subscript ‘struct cmd_ds_802_11_associate_response[0]’ is partly outside array bounds of ‘unsigned char[203]’ [-Warray-bounds]
>  1198 |                       "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode),
>       |                                                               ^~
> 

I had a similar issue in our driver, and I could work around it there
with a simple cast ... here not, but perhaps we should consider
something like the below?

johannes

diff --git a/drivers/net/wireless/marvell/libertas/cfg.c
b/drivers/net/wireless/marvell/libertas/cfg.c
index 4e3de684928b..b0b3f59dabc6 100644
--- a/drivers/net/wireless/marvell/libertas/cfg.c
+++ b/drivers/net/wireless/marvell/libertas/cfg.c
@@ -1053,7 +1053,6 @@ static int lbs_set_authtype(struct lbs_private
*priv,
  */
 #define LBS_ASSOC_MAX_CMD_SIZE                     \
 	(sizeof(struct cmd_ds_802_11_associate)    \
-	 - 512 /* cmd_ds_802_11_associate.iebuf */ \
 	 + LBS_MAX_SSID_TLV_SIZE                   \
 	 + LBS_MAX_CHANNEL_TLV_SIZE                \
 	 + LBS_MAX_CF_PARAM_TLV_SIZE               \
@@ -1130,8 +1129,7 @@ static int lbs_associate(struct lbs_private *priv,
 	if (sme->ie && sme->ie_len)
 		pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len);
 
-	len = (sizeof(*cmd) - sizeof(cmd->iebuf)) +
-		(u16)(pos - (u8 *) &cmd->iebuf);
+	len = sizeof(*cmd) + (u16)(pos - (u8 *) &cmd->iebuf);
 	cmd->hdr.size = cpu_to_le16(len);
 
 	lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd,
diff --git a/drivers/net/wireless/marvell/libertas/host.h
b/drivers/net/wireless/marvell/libertas/host.h
index ceff4b92e7a1..a202b716ad5d 100644
--- a/drivers/net/wireless/marvell/libertas/host.h
+++ b/drivers/net/wireless/marvell/libertas/host.h
@@ -528,7 +528,8 @@ struct cmd_ds_802_11_associate {
 	__le16 listeninterval;
 	__le16 bcnperiod;
 	u8 dtimperiod;
-	u8 iebuf[512];    /* Enough for required and most optional IEs
*/
+	/* 512 permitted - enough for required and most optional IEs */
+	u8 iebuf[];
 } __packed;
 
 struct cmd_ds_802_11_associate_response {
@@ -537,7 +538,8 @@ struct cmd_ds_802_11_associate_response {
 	__le16 capability;
 	__le16 statuscode;
 	__le16 aid;
-	u8 iebuf[512];
+	/* max 512 */
+	u8 iebuf[];
 } __packed;
 
 struct cmd_ds_802_11_set_wep {
Jakub Kicinski May 22, 2022, 4:56 p.m. UTC | #2
On Sun, 22 May 2022 00:03:22 +0200 Johannes Berg wrote:
> I had a similar issue in our driver, and I could work around it there
> with a simple cast ... here not, but perhaps we should consider
> something like the below?

Excellent, LGTM. Would you be willing to submit this officially?
I'll drop patch 7 for now.
diff mbox series

Patch

diff --git a/drivers/net/wireless/marvell/libertas/Makefile b/drivers/net/wireless/marvell/libertas/Makefile
index 41b9b440a542..da4ea5a0812c 100644
--- a/drivers/net/wireless/marvell/libertas/Makefile
+++ b/drivers/net/wireless/marvell/libertas/Makefile
@@ -10,6 +10,11 @@  libertas-y += tx.o
 libertas-y += firmware.o
 libertas-$(CONFIG_LIBERTAS_MESH) += mesh.o
 
+# FIXME: temporarily silence -Warray-bounds on non W=1+ builds
+ifndef KBUILD_EXTRA_WARN
+CFLAGS_cfg.o += -Wno-array-bounds
+endif
+
 usb8xxx-objs += if_usb.o
 libertas_cs-objs += if_cs.o
 libertas_sdio-objs += if_sdio.o