From patchwork Tue Apr 2 03:04:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guoqing Jiang X-Patchwork-Id: 1918625 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V7t8S3Kdrz1yZ4 for ; Tue, 2 Apr 2024 14:07:04 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rrUUD-0000L3-1o; Tue, 02 Apr 2024 03:06:57 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rrUUB-0000KS-UK for kernel-team@lists.ubuntu.com; Tue, 02 Apr 2024 03:06:55 +0000 Received: from localhost.localdomain (1.general.gjiang.uk.vpn [10.172.198.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id D0C383F2C4 for ; Tue, 2 Apr 2024 03:06:54 +0000 (UTC) From: Guoqing Jiang To: kernel-team@lists.ubuntu.com Subject: [SRU][F/J/M][PATCH 1/1] hv: hyperv.h: Replace one-element array with flexible-array member Date: Tue, 2 Apr 2024 11:04:45 +0800 Message-Id: <20240402030445.48780-2-guoqing.jiang@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240402030445.48780-1-guoqing.jiang@canonical.com> References: <20240402030445.48780-1-guoqing.jiang@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Saurabh Sengar BugLink: https://bugs.launchpad.net/bugs/2058477 One-element and zero-length arrays are deprecated. Replace one-element array in struct vmtransfer_page_packet_header with flexible-array member. This change fixes below warning: [ 2.593788] ================================================================================ [ 2.593908] UBSAN: array-index-out-of-bounds in drivers/net/hyperv/netvsc.c:1445:41 [ 2.593989] index 1 is out of range for type 'vmtransfer_page_range [1]' [ 2.594049] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.5.0-rc4-next-20230803+ #1 [ 2.594114] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 04/20/2023 [ 2.594121] Call Trace: [ 2.594126] [ 2.594133] dump_stack_lvl+0x4c/0x70 [ 2.594154] dump_stack+0x14/0x20 [ 2.594162] __ubsan_handle_out_of_bounds+0xa6/0xf0 [ 2.594224] netvsc_poll+0xc01/0xc90 [hv_netvsc] [ 2.594258] __napi_poll+0x30/0x1e0 [ 2.594320] net_rx_action+0x194/0x2f0 [ 2.594333] __do_softirq+0xde/0x31e [ 2.594345] __irq_exit_rcu+0x6b/0x90 [ 2.594357] irq_exit_rcu+0x12/0x20 [ 2.594366] sysvec_hyperv_callback+0x84/0x90 [ 2.594376] [ 2.594379] [ 2.594383] asm_sysvec_hyperv_callback+0x1f/0x30 [ 2.594394] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 2.594452] Code: 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 05 35 3f 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 2.594459] RSP: 0018:ffffb841c00d3e88 EFLAGS: 00000256 [ 2.594469] RAX: ffff9d18c326f4a0 RBX: ffff9d18c031df40 RCX: 4000000000000000 [ 2.594475] RDX: 0000000000000001 RSI: 0000000000000082 RDI: 00000000000268dc [ 2.594481] RBP: ffffb841c00d3e90 R08: 00000066a171109b R09: 00000000d33d2600 [ 2.594486] R10: 000000009a41bf00 R11: 0000000000000000 R12: 0000000000000001 [ 2.594491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2.594501] ? ct_kernel_exit.constprop.0+0x7d/0x90 [ 2.594513] ? default_idle+0xd/0x20 [ 2.594523] arch_cpu_idle+0xd/0x20 [ 2.594532] default_idle_call+0x30/0xe0 [ 2.594542] do_idle+0x200/0x240 [ 2.594553] ? complete+0x71/0x80 [ 2.594613] cpu_startup_entry+0x24/0x30 [ 2.594624] start_secondary+0x12d/0x160 [ 2.594634] secondary_startup_64_no_verify+0x17e/0x18b [ 2.594649] [ 2.594656] ================================================================================ With this change the structure size is reduced by 8 bytes, below is the pahole output. struct vmtransfer_page_packet_header { struct vmpacket_descriptor d; /* 0 16 */ u16 xfer_pageset_id; /* 16 2 */ u8 sender_owns_set; /* 18 1 */ u8 reserved; /* 19 1 */ u32 range_cnt; /* 20 4 */ struct vmtransfer_page_range ranges[]; /* 24 0 */ /* size: 24, cachelines: 1, members: 6 */ /* last cacheline: 24 bytes */ }; The validation code in the netvsc driver is affected by changing the struct size, but the effects have been examined and have been determined to be appropriate. Signed-off-by: Saurabh Sengar Reviewed-by: Michael Kelley Signed-off-by: Wei Liu Link: https://lore.kernel.org/r/1692160478-18469-1-git-send-email-ssengar@linux.microsoft.com (cherry picked from commit bb9b0e46b84c19d3dd7d453a2da71a0fdc172b31) Signed-off-by: Guoqing Jiang --- include/linux/hyperv.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index 3ac3974b3c78..5c66640ea8db 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -348,7 +348,7 @@ struct vmtransfer_page_packet_header { u8 sender_owns_set; u8 reserved; u32 range_cnt; - struct vmtransfer_page_range ranges[1]; + struct vmtransfer_page_range ranges[]; } __packed; struct vmgpadl_packet_header {