| Message ID | 1461601157-27478-1-git-send-email-raj.khem@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
Hi, On Mon, Apr 25, 2016 at 09:19:17AM -0700, Khem Raj wrote: > gcc-6 correctly warns about a out of bounds access > > arch/powerpc/kernel/ptrace.c:407:24: warning: index 32 denotes an offset greater than size of 'u64[32][1] {aka long long unsigned int[32][1]}' [-Warray-bounds] > offsetof(struct thread_fp_state, fpr[32][0])); > ^ > > check the end of array instead of beginning of next element to fix this > > Signed-off-by: Khem Raj <raj.khem@gmail.com> > Cc: Kees Cook <keescook@chromium.org> > Cc: Michael Ellerman <mpe@ellerman.id.au> > Cc: Segher Boessenkool <segher@kernel.crashing.org> This patch fixes PPC kernel build failure with GCC 6.1. Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi> Thanks, A. > --- > Changes from v1 to v2: > - Check for fpr[32] instead of fpr[31][1] > > arch/powerpc/kernel/ptrace.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c > index 30a03c0..060b140 100644 > --- a/arch/powerpc/kernel/ptrace.c > +++ b/arch/powerpc/kernel/ptrace.c > @@ -377,7 +377,7 @@ static int fpr_get(struct task_struct *target, const struct user_regset *regset, > > #else > BUILD_BUG_ON(offsetof(struct thread_fp_state, fpscr) != > - offsetof(struct thread_fp_state, fpr[32][0])); > + offsetof(struct thread_fp_state, fpr[32])); > > return user_regset_copyout(&pos, &count, &kbuf, &ubuf, > &target->thread.fp_state, 0, -1); > @@ -405,7 +405,7 @@ static int fpr_set(struct task_struct *target, const struct user_regset *regset, > return 0; > #else > BUILD_BUG_ON(offsetof(struct thread_fp_state, fpscr) != > - offsetof(struct thread_fp_state, fpr[32][0])); > + offsetof(struct thread_fp_state, fpr[32])); > > return user_regset_copyin(&pos, &count, &kbuf, &ubuf, > &target->thread.fp_state, 0, -1); > -- > 2.8.0 > > _______________________________________________ > Linuxppc-dev mailing list > Linuxppc-dev@lists.ozlabs.org > https://lists.ozlabs.org/listinfo/linuxppc-dev
On Wed, May 11, 2016 at 10:51 AM, Aaro Koskinen <aaro.koskinen@iki.fi> wrote: > Hi, > > On Mon, Apr 25, 2016 at 09:19:17AM -0700, Khem Raj wrote: >> gcc-6 correctly warns about a out of bounds access >> >> arch/powerpc/kernel/ptrace.c:407:24: warning: index 32 denotes an offset greater than size of 'u64[32][1] {aka long long unsigned int[32][1]}' [-Warray-bounds] >> offsetof(struct thread_fp_state, fpr[32][0])); >> ^ >> >> check the end of array instead of beginning of next element to fix this >> >> Signed-off-by: Khem Raj <raj.khem@gmail.com> >> Cc: Kees Cook <keescook@chromium.org> >> Cc: Michael Ellerman <mpe@ellerman.id.au> >> Cc: Segher Boessenkool <segher@kernel.crashing.org> > > This patch fixes PPC kernel build failure with GCC 6.1. > > Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi> I question the usefulness of this BUG_BUILD_ON() to be honest, but I'd like to see _a_ fix go in for it for 4.7-rc3 or so to fix the GCC 6.1 build breakage. So, consider that an: Acked-by: Olof Johansson <olof@lixom.net> -Olof
On Mon, 2016-25-04 at 16:19:17 UTC, Khem Raj wrote: > gcc-6 correctly warns about a out of bounds access > > arch/powerpc/kernel/ptrace.c:407:24: warning: index 32 denotes an offset greater than size of 'u64[32][1] {aka long long unsigned int[32][1]}' [-Warray-bounds] > offsetof(struct thread_fp_state, fpr[32][0])); > ^ > > check the end of array instead of beginning of next element to fix this > > Signed-off-by: Khem Raj <raj.khem@gmail.com> > Cc: Kees Cook <keescook@chromium.org> > Cc: Michael Ellerman <mpe@ellerman.id.au> > Cc: Segher Boessenkool <segher@kernel.crashing.org> > Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi> > Acked-by: Olof Johansson <olof@lixom.net> Applied to powerpc fixes, thanks. https://git.kernel.org/powerpc/c/1e407ee3b21f981140491d5b8a cheers
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c index 30a03c0..060b140 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c @@ -377,7 +377,7 @@ static int fpr_get(struct task_struct *target, const struct user_regset *regset, #else BUILD_BUG_ON(offsetof(struct thread_fp_state, fpscr) != - offsetof(struct thread_fp_state, fpr[32][0])); + offsetof(struct thread_fp_state, fpr[32])); return user_regset_copyout(&pos, &count, &kbuf, &ubuf, &target->thread.fp_state, 0, -1); @@ -405,7 +405,7 @@ static int fpr_set(struct task_struct *target, const struct user_regset *regset, return 0; #else BUILD_BUG_ON(offsetof(struct thread_fp_state, fpscr) != - offsetof(struct thread_fp_state, fpr[32][0])); + offsetof(struct thread_fp_state, fpr[32])); return user_regset_copyin(&pos, &count, &kbuf, &ubuf, &target->thread.fp_state, 0, -1);
gcc-6 correctly warns about a out of bounds access arch/powerpc/kernel/ptrace.c:407:24: warning: index 32 denotes an offset greater than size of 'u64[32][1] {aka long long unsigned int[32][1]}' [-Warray-bounds] offsetof(struct thread_fp_state, fpr[32][0])); ^ check the end of array instead of beginning of next element to fix this Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Kees Cook <keescook@chromium.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Segher Boessenkool <segher@kernel.crashing.org> --- Changes from v1 to v2: - Check for fpr[32] instead of fpr[31][1] arch/powerpc/kernel/ptrace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)