From: Kees Cook <keescook@chromium.org>
Date: Mon, 7 Feb 2022 22:12:31 -0800
Subject: [PATCH] scsi: ibmvscsis: Silence -Warray-bounds warning
Git-commit: 03e4383c7ce36ac400489c8fe84724470a8251e9
Patch-mainline: v5.18-rc1
References: jsc#PED-1559
Instead of doing a cast to storage that is too small, add a union for the
high 64 bits. Silences the warnings under -Warray-bounds:
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c: In function 'ibmvscsis_send_messages':
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1934:44: error: array subscript 'struct viosrp_crq[0]' is partly outside array bounds of 'u64[1]' {aka 'long long unsigned int[1]'} [-Werror=array-bounds]
1934 | crq->valid = VALID_CMD_RESP_EL;
| ^~
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c:1875:13: note: while referencing 'msg_hi'
1875 | u64 msg_hi = 0;
| ^~~~~~
There is no change to the resulting binary instructions.
Link: https://lore.kernel.org/lkml/20220125142430.75c3160e@canb.auug.org.au
Link: https://lore.kernel.org/r/20220208061231.3429486-1-keescook@chromium.org
Cc: Michael Cyr <mikecyr@linux.ibm.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Tyrel Datwyler <tyreld@linux.ibm.com>
Cc: linux-scsi@vger.kernel.org
Cc: target-devel@vger.kernel.org
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Hannes Reinecke <hare@suse.com>
---
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 9 +++------
include/scsi/viosrp.h | 17 +++++++++++------
2 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
index 61f06f6885a5..80238e6a3c98 100644
--- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
+++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
@@ -1872,11 +1872,8 @@ static void srp_snd_msg_failed(struct scsi_info *vscsi, long rc)
*/
static void ibmvscsis_send_messages(struct scsi_info *vscsi)
{
- u64 msg_hi = 0;
- /* note do not attempt to access the IU_data_ptr with this pointer
- * it is not valid
- */
- struct viosrp_crq *crq = (struct viosrp_crq *)&msg_hi;
+ struct viosrp_crq empty_crq = { };
+ struct viosrp_crq *crq = &empty_crq;
struct ibmvscsis_cmd *cmd, *nxt;
long rc = ADAPT_SUCCESS;
bool retry = false;
@@ -1940,7 +1937,7 @@ static void ibmvscsis_send_messages(struct scsi_info *vscsi)
crq->IU_length = cpu_to_be16(cmd->rsp.len);
rc = h_send_crq(vscsi->dma_dev->unit_address,
- be64_to_cpu(msg_hi),
+ be64_to_cpu(crq->high),
be64_to_cpu(cmd->rsp.tag));
dev_dbg(&vscsi->dev, "send_messages: cmd %p, tag 0x%llx, rc %ld\n",
diff --git a/include/scsi/viosrp.h b/include/scsi/viosrp.h
index c978133c83e3..6c5559d2b285 100644
--- a/include/scsi/viosrp.h
+++ b/include/scsi/viosrp.h
@@ -70,12 +70,17 @@ enum viosrp_crq_status {
};
struct viosrp_crq {
- u8 valid; /* used by RPA */
- u8 format; /* SCSI vs out-of-band */
- u8 reserved;
- u8 status; /* non-scsi failure? (e.g. DMA failure) */
- __be16 timeout; /* in seconds */
- __be16 IU_length; /* in bytes */
+ union {
+ __be64 high; /* High 64 bits */
+ struct {
+ u8 valid; /* used by RPA */
+ u8 format; /* SCSI vs out-of-band */
+ u8 reserved;
+ u8 status; /* non-scsi failure? (e.g. DMA failure) */
+ __be16 timeout; /* in seconds */
+ __be16 IU_length; /* in bytes */
+ };
+ };
__be64 IU_data_ptr; /* the TCE for transferring data */
};
--
2.35.3