| Message ID | ZVz8fLtrYTz+YSjn@work (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | aaa03fdb56c781db4a4831dd5d6ec8817918c726 |
| Headers | show |
| Series | [next] powerpc/crypto: Avoid -Wstringop-overflow warnings | expand |
On Tue, Nov 21, 2023 at 12:52:44PM -0600, Gustavo A. R. Silva wrote: > The compiler doesn't know that `32` is an offset into the Hash table: > > 56 struct Hash_ctx { > 57 u8 H[16]; /* subkey */ > 58 u8 Htable[256]; /* Xi, Hash table(offset 32) */ > 59 }; > > So, it legitimately complains about a potential out-of-bounds issue > if `256 bytes` are accessed in `htable` (this implies going > `32 bytes` beyond the boundaries of `Htable`): > > arch/powerpc/crypto/aes-gcm-p10-glue.c: In function 'gcmp10_init': > arch/powerpc/crypto/aes-gcm-p10-glue.c:120:9: error: 'gcm_init_htable' accessing 256 bytes in a region of size 224 [-Werror=stringop-overflow=] > 120 | gcm_init_htable(hash->Htable+32, hash->H); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > arch/powerpc/crypto/aes-gcm-p10-glue.c:120:9: note: referencing argument 1 of type 'unsigned char[256]' > arch/powerpc/crypto/aes-gcm-p10-glue.c:120:9: note: referencing argument 2 of type 'unsigned char[16]' > arch/powerpc/crypto/aes-gcm-p10-glue.c:40:17: note: in a call to function 'gcm_init_htable' > 40 | asmlinkage void gcm_init_htable(unsigned char htable[256], unsigned char Xi[16]); > | ^~~~~~~~~~~~~~~ > > Address this by avoiding specifying the size of `htable` in the function > prototype; and just for consistency, do the same for parameter `Xi`. > > Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> > Closes: https://lore.kernel.org/linux-next/20231121131903.68a37932@canb.auug.org.au/ > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > --- > arch/powerpc/crypto/aes-gcm-p10-glue.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Patch applied. Thanks.
diff --git a/arch/powerpc/crypto/aes-gcm-p10-glue.c b/arch/powerpc/crypto/aes-gcm-p10-glue.c index 4b6e899895e7..f62ee54076c0 100644 --- a/arch/powerpc/crypto/aes-gcm-p10-glue.c +++ b/arch/powerpc/crypto/aes-gcm-p10-glue.c @@ -37,7 +37,7 @@ asmlinkage void aes_p10_gcm_encrypt(u8 *in, u8 *out, size_t len, void *rkey, u8 *iv, void *Xi); asmlinkage void aes_p10_gcm_decrypt(u8 *in, u8 *out, size_t len, void *rkey, u8 *iv, void *Xi); -asmlinkage void gcm_init_htable(unsigned char htable[256], unsigned char Xi[16]); +asmlinkage void gcm_init_htable(unsigned char htable[], unsigned char Xi[]); asmlinkage void gcm_ghash_p10(unsigned char *Xi, unsigned char *Htable, unsigned char *aad, unsigned int alen);
The compiler doesn't know that `32` is an offset into the Hash table: 56 struct Hash_ctx { 57 u8 H[16]; /* subkey */ 58 u8 Htable[256]; /* Xi, Hash table(offset 32) */ 59 }; So, it legitimately complains about a potential out-of-bounds issue if `256 bytes` are accessed in `htable` (this implies going `32 bytes` beyond the boundaries of `Htable`): arch/powerpc/crypto/aes-gcm-p10-glue.c: In function 'gcmp10_init': arch/powerpc/crypto/aes-gcm-p10-glue.c:120:9: error: 'gcm_init_htable' accessing 256 bytes in a region of size 224 [-Werror=stringop-overflow=] 120 | gcm_init_htable(hash->Htable+32, hash->H); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/powerpc/crypto/aes-gcm-p10-glue.c:120:9: note: referencing argument 1 of type 'unsigned char[256]' arch/powerpc/crypto/aes-gcm-p10-glue.c:120:9: note: referencing argument 2 of type 'unsigned char[16]' arch/powerpc/crypto/aes-gcm-p10-glue.c:40:17: note: in a call to function 'gcm_init_htable' 40 | asmlinkage void gcm_init_htable(unsigned char htable[256], unsigned char Xi[16]); | ^~~~~~~~~~~~~~~ Address this by avoiding specifying the size of `htable` in the function prototype; and just for consistency, do the same for parameter `Xi`. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Closes: https://lore.kernel.org/linux-next/20231121131903.68a37932@canb.auug.org.au/ Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- arch/powerpc/crypto/aes-gcm-p10-glue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)