# git rev-parse -q --verify a73bbfba991f8bb5d1814affcf1f7642ca0cdd35^{commit} a73bbfba991f8bb5d1814affcf1f7642ca0cdd35 already have revision, skipping fetch # git checkout -q -f -B kisskb a73bbfba991f8bb5d1814affcf1f7642ca0cdd35 # git clean -qxdf # < git log -1 # commit a73bbfba991f8bb5d1814affcf1f7642ca0cdd35 # Author: Gustavo A. R. Silva # Date: Wed Mar 10 19:40:43 2021 -0600 # # media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() # # Rename struct sms_msg_data4 to sms_msg_data5 and increase the size of # its msg_data array from 4 to 5 elements. Notice that at some point # the 5th element of msg_data is being accessed in function # smscore_load_firmware_family2(): # # 1006 trigger_msg->msg_data[4] = 4; /* Task ID */ # # Also, there is no need for the object _trigger_msg_ of type struct # sms_msg_data *, when _msg_ can be used, directly. Notice that msg_data # in struct sms_msg_data is a one-element array, which causes multiple # out-of-bounds warnings when accessing beyond its first element # in function smscore_load_firmware_family2(): # # 992 struct sms_msg_data *trigger_msg = # 993 (struct sms_msg_data *) msg; # 994 # 995 pr_debug("sending MSG_SMS_SWDOWNLOAD_TRIGGER_REQ\n"); # 996 SMS_INIT_MSG(&msg->x_msg_header, # 997 MSG_SMS_SWDOWNLOAD_TRIGGER_REQ, # 998 sizeof(struct sms_msg_hdr) + # 999 sizeof(u32) * 5); # 1000 # 1001 trigger_msg->msg_data[0] = firmware->start_address; # 1002 /* Entry point */ # 1003 trigger_msg->msg_data[1] = 6; /* Priority */ # 1004 trigger_msg->msg_data[2] = 0x200; /* Stack size */ # 1005 trigger_msg->msg_data[3] = 0; /* Parameter */ # 1006 trigger_msg->msg_data[4] = 4; /* Task ID */ # # even when enough dynamic memory is allocated for _msg_: # # 929 /* PAGE_SIZE buffer shall be enough and dma aligned */ # 930 msg = kmalloc(PAGE_SIZE, GFP_KERNEL | coredev->gfp_buf_flags); # # but as _msg_ is casted to (struct sms_msg_data *): # # 992 struct sms_msg_data *trigger_msg = # 993 (struct sms_msg_data *) msg; # # the out-of-bounds warnings are actually valid and should be addressed. # # Fix this by declaring object _msg_ of type struct sms_msg_data5 *, # which contains a 5-elements array, instead of just 4. And use # _msg_ directly, instead of creating object trigger_msg. # # This helps with the ongoing efforts to enable -Warray-bounds by fixing # the following warnings: # # CC [M] drivers/media/common/siano/smscoreapi.o # drivers/media/common/siano/smscoreapi.c: In function ‘smscore_load_firmware_family2’: # drivers/media/common/siano/smscoreapi.c:1003:24: warning: array subscript 1 is above array bounds of ‘u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds] # 1003 | trigger_msg->msg_data[1] = 6; /* Priority */ # | ~~~~~~~~~~~~~~~~~~~~~^~~ # In file included from drivers/media/common/siano/smscoreapi.c:12: # drivers/media/common/siano/smscoreapi.h:619:6: note: while referencing ‘msg_data’ # 619 | u32 msg_data[1]; # | ^~~~~~~~ # drivers/media/common/siano/smscoreapi.c:1004:24: warning: array subscript 2 is above array bounds of ‘u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds] # 1004 | trigger_msg->msg_data[2] = 0x200; /* Stack size */ # | ~~~~~~~~~~~~~~~~~~~~~^~~ # In file included from drivers/media/common/siano/smscoreapi.c:12: # drivers/media/common/siano/smscoreapi.h:619:6: note: while referencing ‘msg_data’ # 619 | u32 msg_data[1]; # | ^~~~~~~~ # drivers/media/common/siano/smscoreapi.c:1005:24: warning: array subscript 3 is above array bounds of ‘u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds] # 1005 | trigger_msg->msg_data[3] = 0; /* Parameter */ # | ~~~~~~~~~~~~~~~~~~~~~^~~ # In file included from drivers/media/common/siano/smscoreapi.c:12: # drivers/media/common/siano/smscoreapi.h:619:6: note: while referencing ‘msg_data’ # 619 | u32 msg_data[1]; # | ^~~~~~~~ # drivers/media/common/siano/smscoreapi.c:1006:24: warning: array subscript 4 is above array bounds of ‘u32[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds] # 1006 | trigger_msg->msg_data[4] = 4; /* Task ID */ # | ~~~~~~~~~~~~~~~~~~~~~^~~ # In file included from drivers/media/common/siano/smscoreapi.c:12: # drivers/media/common/siano/smscoreapi.h:619:6: note: while referencing ‘msg_data’ # 619 | u32 msg_data[1]; # | ^~~~~~~~ # # Fixes: 018b0c6f8acb ("[media] siano: make load firmware logic to work with newer firmwares") # Co-developed-by: Kees Cook # Signed-off-by: Kees Cook # Signed-off-by: Gustavo A. R. Silva # < /opt/cross/kisskb/br-xtensa-full-2016.08-613-ge98b4dd/bin/xtensa-linux-gcc --version # < /opt/cross/kisskb/br-xtensa-full-2016.08-613-ge98b4dd/bin/xtensa-linux-ld --version # < git log --format=%s --max-count=1 a73bbfba991f8bb5d1814affcf1f7642ca0cdd35 # < make -s -j 24 ARCH=xtensa O=/kisskb/build/gustavoars_xtensa-allmodconfig_xtensa CROSS_COMPILE=/opt/cross/kisskb/br-xtensa-full-2016.08-613-ge98b4dd/bin/xtensa-linux- allmodconfig # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # Added to kconfig CONFIG_SAMPLES=n # < make -s -j 24 ARCH=xtensa O=/kisskb/build/gustavoars_xtensa-allmodconfig_xtensa CROSS_COMPILE=/opt/cross/kisskb/br-xtensa-full-2016.08-613-ge98b4dd/bin/xtensa-linux- help # make -s -j 24 ARCH=xtensa O=/kisskb/build/gustavoars_xtensa-allmodconfig_xtensa CROSS_COMPILE=/opt/cross/kisskb/br-xtensa-full-2016.08-613-ge98b4dd/bin/xtensa-linux- olddefconfig # make -s -j 24 ARCH=xtensa O=/kisskb/build/gustavoars_xtensa-allmodconfig_xtensa CROSS_COMPILE=/opt/cross/kisskb/br-xtensa-full-2016.08-613-ge98b4dd/bin/xtensa-linux- In file included from /kisskb/src/arch/xtensa/include/asm/atomic.h:19:0, from /kisskb/src/include/linux/atomic.h:7, from /kisskb/src/include/linux/page_counter.h:5, from /kisskb/src/mm/memcontrol.c:28: /kisskb/src/mm/memcontrol.c: In function 'memcg_reparent_objcgs': /kisskb/src/arch/xtensa/include/asm/cmpxchg.h:173:3: warning: value computed is not used [-Wunused-value] ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) ^ /kisskb/src/mm/memcontrol.c:334:2: note: in expansion of macro 'xchg' xchg(&objcg->memcg, parent); ^ /kisskb/src/arch/xtensa/include/asm/cmpxchg.h:173:3: warning: value computed is not used [-Wunused-value] ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) ^ /kisskb/src/mm/memcontrol.c:341:3: note: in expansion of macro 'xchg' xchg(&iter->memcg, parent); ^ In file included from /kisskb/src/arch/xtensa/include/asm/atomic.h:19:0, from /kisskb/src/include/linux/atomic.h:7, from /kisskb/src/include/asm-generic/bitops/atomic.h:5, from /kisskb/src/arch/xtensa/include/asm/bitops.h:192, from /kisskb/src/include/linux/bitops.h:32, from /kisskb/src/include/linux/kernel.h:12, from /kisskb/src/include/linux/list.h:9, from /kisskb/src/include/linux/wait.h:7, from /kisskb/src/include/linux/wait_bit.h:8, from /kisskb/src/include/linux/fs.h:6, from /kisskb/src/fs/ocfs2/file.c:11: /kisskb/src/fs/ocfs2/file.c: In function 'ocfs2_file_write_iter': /kisskb/src/arch/xtensa/include/asm/cmpxchg.h:173:3: warning: value computed is not used [-Wunused-value] ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) ^ /kisskb/src/fs/ocfs2/file.c:2423:3: note: in expansion of macro 'xchg' xchg(&iocb->ki_complete, saved_ki_complete); ^ /kisskb/src/drivers/input/joystick/analog.c:160:2: warning: #warning Precise timer not defined for this architecture. [-Wcpp] #warning Precise timer not defined for this architecture. ^ /kisskb/src/drivers/gpu/drm/rockchip/cdn-dp-core.c:1124:12: warning: 'cdn_dp_resume' defined but not used [-Wunused-function] static int cdn_dp_resume(struct device *dev) ^ In file included from /kisskb/src/arch/xtensa/include/asm/atomic.h:19:0, from /kisskb/src/include/linux/atomic.h:7, from /kisskb/src/include/asm-generic/bitops/atomic.h:5, from /kisskb/src/arch/xtensa/include/asm/bitops.h:192, from /kisskb/src/include/linux/bitops.h:32, from /kisskb/src/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c:11: /kisskb/src/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c: In function 'ixgbevf_xdp_setup': /kisskb/src/arch/xtensa/include/asm/cmpxchg.h:173:3: warning: value computed is not used [-Wunused-value] ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) ^ /kisskb/src/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c:4446:4: note: in expansion of macro 'xchg' xchg(&adapter->rx_ring[i]->xdp_prog, adapter->xdp_prog); ^ WARNING: modpost: lib/find_bit_benchmark.o(.text.unlikely+0x0): Section mismatch in reference from the (unknown reference) (unknown) to the variable .init.data:bitmap2 The function (unknown)() references the variable __initdata bitmap2. This is often because (unknown) lacks a __initdata annotation or the annotation of bitmap2 is wrong. WARNING: modpost: lib/test_bitmap.o(.text.unlikely+0x58): Section mismatch in reference from the function bitmap_equal() to the variable .init.rodata:clump_exp The function bitmap_equal() references the variable __initconst clump_exp. This is often because bitmap_equal lacks a __initconst annotation or the annotation of clump_exp is wrong. WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x3570): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_legacy_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x3588): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_legacy_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x35a0): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_legacy_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x35b8): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_legacy_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x35d0): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_legacy_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x35e8): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_legacy_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x3600): Section mismatch in reference from the variable qed_mfw_legacy_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_legacy_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x3618): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_ext_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x3630): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_ext_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x3648): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_ext_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x3660): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_ext_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x3678): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_ext_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x3690): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_ext_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x36a8): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_ext_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x36c0): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_ext_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qed/qed.o(.data+0x36d8): Section mismatch in reference from the variable qed_mfw_ext_maps to the variable .init.rodata:qed_mfw_legacy_bb_100g The variable qed_mfw_ext_maps references the variable __initconst qed_mfw_legacy_bb_100g If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x13c): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000 The variable qede_forced_speed_maps references the variable __initconst qede_forced_speed_100000 If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x154): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000 The variable qede_forced_speed_maps references the variable __initconst qede_forced_speed_100000 If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x16c): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000 The variable qede_forced_speed_maps references the variable __initconst qede_forced_speed_100000 If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x184): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000 The variable qede_forced_speed_maps references the variable __initconst qede_forced_speed_100000 If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x19c): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000 The variable qede_forced_speed_maps references the variable __initconst qede_forced_speed_100000 If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x1b4): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000 The variable qede_forced_speed_maps references the variable __initconst qede_forced_speed_100000 If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console WARNING: modpost: drivers/net/ethernet/qlogic/qede/qede.o(.data+0x1cc): Section mismatch in reference from the variable qede_forced_speed_maps to the variable .init.rodata:qede_forced_speed_100000 The variable qede_forced_speed_maps references the variable __initconst qede_forced_speed_100000 If the reference is valid then annotate the variable with __init* or __refdata (see linux/init.h) or name the variable: *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console Completed OK # rm -rf /kisskb/build/gustavoars_xtensa-allmodconfig_xtensa # Build took: 0:19:54.275003