Message ID | 20211215232513.2070158-1-keescook@chromium.org (mailing list archive) |
---|---|
State | Accepted |
Headers | show |
Series | iio: stmpe-adc: Use correctly sized arguments for bit field | expand |
On Wed, 15 Dec 2021 15:25:13 -0800 Kees Cook <keescook@chromium.org> wrote: > The find.h APIs are designed to be used only on unsigned long arguments. > This can technically result in a over-read, but it is harmless in this > case. Regardless, fix it to avoid the warning seen under -Warray-bounds, > which we'd like to enable globally: > > In file included from ./include/linux/bitmap.h:9, > from ./include/linux/cpumask.h:12, > from ./arch/x86/include/asm/cpumask.h:5, > from ./arch/x86/include/asm/msr.h:11, > from ./arch/x86/include/asm/processor.h:22, > from ./arch/x86/include/asm/cpufeature.h:5, > from ./arch/x86/include/asm/thread_info.h:53, > from ./include/linux/thread_info.h:60, > from ./arch/x86/include/asm/preempt.h:7, > from ./include/linux/preempt.h:78, > from ./include/linux/spinlock.h:55, > from ./include/linux/swait.h:7, > from ./include/linux/completion.h:12, > from drivers/iio/adc/stmpe-adc.c:10: > drivers/iio/adc/stmpe-adc.c: In function 'stmpe_adc_probe': > ./include/linux/find.h:98:23: warning: array subscript 'long unsigned int[0]' is partly outside array bounds of 'u32[1]' {aka 'unsigned int[1]'} [-Warray-bounds] > 98 | val = *addr | ~GENMASK(size - 1, offset); > | ^~~~~ > drivers/iio/adc/stmpe-adc.c:258:13: note: while referencing 'norequest_mask' > 258 | u32 norequest_mask = 0; > | ^~~~~~~~~~~~~~ > > Signed-off-by: Kees Cook <keescook@chromium.org> Applied to the togreg branch of iio.git and pushed out as testing to let 0-day have a first poke at it. I took the view this one was trivial, but if anyone else wants to add tags there will be a few days before this goes out in a form I'm not happy to rebase. Thanks, Jonathan > --- > drivers/iio/adc/stmpe-adc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/iio/adc/stmpe-adc.c b/drivers/iio/adc/stmpe-adc.c > index fba659bfdb40..d2d405388499 100644 > --- a/drivers/iio/adc/stmpe-adc.c > +++ b/drivers/iio/adc/stmpe-adc.c > @@ -256,6 +256,7 @@ static int stmpe_adc_probe(struct platform_device *pdev) > struct stmpe_adc *info; > struct device_node *np; > u32 norequest_mask = 0; > + unsigned long bits; > int irq_temp, irq_adc; > int num_chan = 0; > int i = 0; > @@ -309,8 +310,8 @@ static int stmpe_adc_probe(struct platform_device *pdev) > > of_property_read_u32(np, "st,norequest-mask", &norequest_mask); > > - for_each_clear_bit(i, (unsigned long *) &norequest_mask, > - (STMPE_ADC_LAST_NR + 1)) { > + bits = norequest_mask; > + for_each_clear_bit(i, &bits, (STMPE_ADC_LAST_NR + 1)) { > stmpe_adc_voltage_chan(&info->stmpe_adc_iio_channels[num_chan], i); > num_chan++; > }
On Wed, Dec 15, 2021 at 03:25:13PM -0800, Kees Cook wrote: > The find.h APIs are designed to be used only on unsigned long arguments. > This can technically result in a over-read, but it is harmless in this > case. Regardless, fix it to avoid the warning seen under -Warray-bounds, > which we'd like to enable globally: > > In file included from ./include/linux/bitmap.h:9, > from ./include/linux/cpumask.h:12, > from ./arch/x86/include/asm/cpumask.h:5, > from ./arch/x86/include/asm/msr.h:11, > from ./arch/x86/include/asm/processor.h:22, > from ./arch/x86/include/asm/cpufeature.h:5, > from ./arch/x86/include/asm/thread_info.h:53, > from ./include/linux/thread_info.h:60, > from ./arch/x86/include/asm/preempt.h:7, > from ./include/linux/preempt.h:78, > from ./include/linux/spinlock.h:55, > from ./include/linux/swait.h:7, > from ./include/linux/completion.h:12, > from drivers/iio/adc/stmpe-adc.c:10: > drivers/iio/adc/stmpe-adc.c: In function 'stmpe_adc_probe': > ./include/linux/find.h:98:23: warning: array subscript 'long unsigned int[0]' is partly outside array bounds of 'u32[1]' {aka 'unsigned int[1]'} [-Warray-bounds] > 98 | val = *addr | ~GENMASK(size - 1, offset); > | ^~~~~ > drivers/iio/adc/stmpe-adc.c:258:13: note: while referencing 'norequest_mask' > 258 | u32 norequest_mask = 0; > | ^~~~~~~~~~~~~~ > > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > drivers/iio/adc/stmpe-adc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/iio/adc/stmpe-adc.c b/drivers/iio/adc/stmpe-adc.c > index fba659bfdb40..d2d405388499 100644 > --- a/drivers/iio/adc/stmpe-adc.c > +++ b/drivers/iio/adc/stmpe-adc.c > @@ -256,6 +256,7 @@ static int stmpe_adc_probe(struct platform_device *pdev) > struct stmpe_adc *info; > struct device_node *np; > u32 norequest_mask = 0; > + unsigned long bits; > int irq_temp, irq_adc; > int num_chan = 0; > int i = 0; > @@ -309,8 +310,8 @@ static int stmpe_adc_probe(struct platform_device *pdev) > > of_property_read_u32(np, "st,norequest-mask", &norequest_mask); > > - for_each_clear_bit(i, (unsigned long *) &norequest_mask, > - (STMPE_ADC_LAST_NR + 1)) { > + bits = norequest_mask; This would not work on 64-bit BE architecture. It should use bitmap_from_arr32() > + for_each_clear_bit(i, &bits, (STMPE_ADC_LAST_NR + 1)) { > stmpe_adc_voltage_chan(&info->stmpe_adc_iio_channels[num_chan], i); > num_chan++; > } > -- > 2.30.2
From: Yury Norov > Sent: 04 February 2022 04:30 > > On Wed, Dec 15, 2021 at 03:25:13PM -0800, Kees Cook wrote: > > The find.h APIs are designed to be used only on unsigned long arguments. > > This can technically result in a over-read, but it is harmless in this > > case. Regardless, fix it to avoid the warning seen under -Warray-bounds, > > which we'd like to enable globally: > > ... > > > > Signed-off-by: Kees Cook <keescook@chromium.org> > > --- > > drivers/iio/adc/stmpe-adc.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/iio/adc/stmpe-adc.c b/drivers/iio/adc/stmpe-adc.c > > index fba659bfdb40..d2d405388499 100644 > > --- a/drivers/iio/adc/stmpe-adc.c > > +++ b/drivers/iio/adc/stmpe-adc.c > > @@ -256,6 +256,7 @@ static int stmpe_adc_probe(struct platform_device *pdev) > > struct stmpe_adc *info; > > struct device_node *np; > > u32 norequest_mask = 0; > > + unsigned long bits; > > int irq_temp, irq_adc; > > int num_chan = 0; > > int i = 0; > > @@ -309,8 +310,8 @@ static int stmpe_adc_probe(struct platform_device *pdev) > > > > of_property_read_u32(np, "st,norequest-mask", &norequest_mask); > > > > - for_each_clear_bit(i, (unsigned long *) &norequest_mask, > > - (STMPE_ADC_LAST_NR + 1)) { > > + bits = norequest_mask; > > This would not work on 64-bit BE architecture. It should use bitmap_from_arr32() The old version was wrong on 64 bit BE, Kees version is probably ok. But changing norequest_mask to 'unsigned long' is probably neater. OTOH using the bitmap functions on single words is just bloat. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
diff --git a/drivers/iio/adc/stmpe-adc.c b/drivers/iio/adc/stmpe-adc.c index fba659bfdb40..d2d405388499 100644 --- a/drivers/iio/adc/stmpe-adc.c +++ b/drivers/iio/adc/stmpe-adc.c @@ -256,6 +256,7 @@ static int stmpe_adc_probe(struct platform_device *pdev) struct stmpe_adc *info; struct device_node *np; u32 norequest_mask = 0; + unsigned long bits; int irq_temp, irq_adc; int num_chan = 0; int i = 0; @@ -309,8 +310,8 @@ static int stmpe_adc_probe(struct platform_device *pdev) of_property_read_u32(np, "st,norequest-mask", &norequest_mask); - for_each_clear_bit(i, (unsigned long *) &norequest_mask, - (STMPE_ADC_LAST_NR + 1)) { + bits = norequest_mask; + for_each_clear_bit(i, &bits, (STMPE_ADC_LAST_NR + 1)) { stmpe_adc_voltage_chan(&info->stmpe_adc_iio_channels[num_chan], i); num_chan++; }
The find.h APIs are designed to be used only on unsigned long arguments. This can technically result in a over-read, but it is harmless in this case. Regardless, fix it to avoid the warning seen under -Warray-bounds, which we'd like to enable globally: In file included from ./include/linux/bitmap.h:9, from ./include/linux/cpumask.h:12, from ./arch/x86/include/asm/cpumask.h:5, from ./arch/x86/include/asm/msr.h:11, from ./arch/x86/include/asm/processor.h:22, from ./arch/x86/include/asm/cpufeature.h:5, from ./arch/x86/include/asm/thread_info.h:53, from ./include/linux/thread_info.h:60, from ./arch/x86/include/asm/preempt.h:7, from ./include/linux/preempt.h:78, from ./include/linux/spinlock.h:55, from ./include/linux/swait.h:7, from ./include/linux/completion.h:12, from drivers/iio/adc/stmpe-adc.c:10: drivers/iio/adc/stmpe-adc.c: In function 'stmpe_adc_probe': ./include/linux/find.h:98:23: warning: array subscript 'long unsigned int[0]' is partly outside array bounds of 'u32[1]' {aka 'unsigned int[1]'} [-Warray-bounds] 98 | val = *addr | ~GENMASK(size - 1, offset); | ^~~~~ drivers/iio/adc/stmpe-adc.c:258:13: note: while referencing 'norequest_mask' 258 | u32 norequest_mask = 0; | ^~~~~~~~~~~~~~ Signed-off-by: Kees Cook <keescook@chromium.org> --- drivers/iio/adc/stmpe-adc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)