From patchwork Mon Feb 13 10:10:46 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arnd Bergmann <arnd@kernel.org>
X-Patchwork-Id: 56157
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2266410wrn;
        Mon, 13 Feb 2023 02:18:38 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set94U5jzTm0qYfY9usVW2I1JGLDRE1/FJudViHaz8KchuA6in4VVORD/iJUxM/VeuDd8mJRe
X-Received: by 2002:a50:cd9d:0:b0:4ab:16a8:bc64 with SMTP id
 p29-20020a50cd9d000000b004ab16a8bc64mr16063640edi.24.1676283518825;
        Mon, 13 Feb 2023 02:18:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1676283518; cv=none;
        d=google.com; s=arc-20160816;
        b=LGXzKb1U6BqRWHkZiR7bLR2bPn/opD0Uz+oYZWPAiivMK1qZ2DB8yw/lFhm+XRStzL
         pCW1eQVN0b33tBvw3MRH8eiNig3Zf4kBB6MVD0ph4ll2G6/i83MG3+hLKElpk58TuhrF
         Alf9EYHJsJqAbui9MWZbv3nf/MnDVKAvqkvjP3v7jXU32YNwrqaS+RPpzMen3drAX9jn
         FdbyZMOf4s1s2cIwM9ZCtoOhzRDvXUs6DO19VmGIyCETBlQaA5EMEXVwu4Sx+sbQyjG4
         Pepsz0vtOsxULwm09Y6ts5JEzlMRAgymBuQgV4e7CmAUbJdfVx0AzmQKVStASOZnq6t8
         a0EA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=LAfpOiNnUXimC0+fw11oNVMcUghmS/QLLBeT3okAkNY=;
        b=Vn2OuSVVrgF/Iodw/5qM5a5G2pr9G/EUxSNoGJzNMEgygWT2unjQpaDb06yFW4ClkL
         fMmXBwb/UQBKAnpjeNI4sbExvW1a2RPh790+B8txfgXae6EGUVyzCPbSEakrJYpFHZx4
         kBbwJO5BKZBB2z4p8XLh+oOL4D/XwqZXvBuTSLcGscbCfH8GDN/zQySVtAdcE+B/SWRV
         aHYD6kSAKe/KQ3jO7l0Ui5yruI4X+t4IEL+7lVrMVc1TVMXjdpJ1NLVf1mTCv6N0Wcio
         8vxKx3lFOQGVhr8jZsDlR13+TytS/NwTihpUF7tOiGHR3oelhH6KYlBYfVTzs7fheRRu
         EZKg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vFEH8VQx;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 c23-20020aa7d617000000b004acb2de7514si8373356edr.84.2023.02.13.02.18.15;
        Mon, 13 Feb 2023 02:18:38 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=vFEH8VQx;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230089AbjBMKMZ (ORCPT <rfc822;tebrre53rla2o@gmail.com>
        + 99 others); Mon, 13 Feb 2023 05:12:25 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46860 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230413AbjBMKLx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 13 Feb 2023 05:11:53 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org
 [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD3FCEB50;
        Mon, 13 Feb 2023 02:11:50 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 4AC2260F6F;
        Mon, 13 Feb 2023 10:11:50 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C393C433EF;
        Mon, 13 Feb 2023 10:11:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1676283109;
        bh=KmxhvE36dKCr6usX/7ZPMiQfVhwCpu/l1nVcDSJNzVg=;
        h=From:To:Cc:Subject:Date:From;
        b=vFEH8VQx0gwz8O6w32Y7mPqoUOef5EXwTgpKcvPr/sSWKOkoItCNqUtz06UnpPy+h
         tWRE20WNoxM0IdmZtgBwuulPFLcPrDfh2yljc9z2iuD8mCAwEFCPF5FJJISJK0RLvh
         otZwqHIWi6KlQVw5hFBgAz/7lQ1nrAK2QJiZ5DGyXpJR0qsNOiJsM5WjKtJ1jdl3VV
         Qx5koUPoVnWhOUEwmdf9okt2s0y3ql7DyijE+2bk03kZJ7lfAlAMrtX2ZC1SYDpZFi
         boRgntwJwHIi39k2ilOj+00YIxJqwNOeJUyVoYVqRu6U4SXeTBJQLW+Minp2INbr95
         hGnYdQ4p9i08A==
From: Arnd Bergmann <arnd@kernel.org>
To: Brian King <brking@us.ibm.com>,
        "James E.J. Bottomley" <jejb@linux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Arnd Bergmann <arnd@arndb.de>, Kees Cook <keescook@chromium.org>,
        Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Tom Rix <trix@redhat.com>,
        Damien Le Moal <damien.lemoal@opensource.wdc.com>,
        linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
        llvm@lists.linux.dev
Subject: [PATCH] scsi: ipr: work around fortify-string warning
Date: Mon, 13 Feb 2023 11:10:46 +0100
Message-Id: <20230213101143.3821483-1-arnd@kernel.org>
X-Mailer: git-send-email 2.39.1
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1757710667005737272?=
X-GMAIL-MSGID: =?utf-8?q?1757710667005737272?=

From: Arnd Bergmann <arnd@arndb.de>

The ipr_log_vpd_compact() function triggers a fortified memcpy() warning
about a potential string overflow with all versions of clang:

In file included from drivers/scsi/ipr.c:43:
In file included from include/linux/string.h:254:
include/linux/fortify-string.h:520:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
                        __write_overflow_field(p_size_field, size);
                        ^
include/linux/fortify-string.h:520:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
2 errors generated.

I don't see anything actually wrong with the function, but this is the
only instance I can reproduce of the fortification going wrong in the
kernel at the moment, so the easiest solution may be to rewrite the
function into something that does not trigger the warning.

Instead of having a combined buffer for vendor/device/serial strings,
use three separate local variables and just truncate the whitespace
individually.

Fixes: 8cf093e275d0 ("[SCSI] ipr: Improved dual adapter errors")
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
I did not try to bisect which commit introduced this behavior into
the fortified memcpy(), the Fixes: commit is the one that introduced
the ipr_log_vpd_compact() function but this predates the fortified
string helpers.
---
 drivers/scsi/ipr.c | 38 ++++++++++++++++++--------------------
 1 file changed, 18 insertions(+), 20 deletions(-)

diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c
index 198d3f20d682..490fd81e7cfd 100644
--- a/drivers/scsi/ipr.c
+++ b/drivers/scsi/ipr.c
@@ -1516,23 +1516,19 @@ static void ipr_process_ccn(struct ipr_cmnd *ipr_cmd)
 }
 
 /**
- * strip_and_pad_whitespace - Strip and pad trailing whitespace.
- * @i:		index into buffer
- * @buf:		string to modify
+ * strip_whitespace - Strip and pad trailing whitespace.
+ * @i:		size of buffer
+ * @buf:	string to modify
  *
- * This function will strip all trailing whitespace, pad the end
- * of the string with a single space, and NULL terminate the string.
+ * This function will strip all trailing whitespace and
+ * NUL terminate the string.
  *
- * Return value:
- * 	new length of string
  **/
-static int strip_and_pad_whitespace(int i, char *buf)
+static void strip_whitespace(int i, char *buf)
 {
 	while (i && buf[i] == ' ')
 		i--;
-	buf[i+1] = ' ';
-	buf[i+2] = '\0';
-	return i + 2;
+	buf[i+1] = '\0';
 }
 
 /**
@@ -1547,19 +1543,21 @@ static int strip_and_pad_whitespace(int i, char *buf)
 static void ipr_log_vpd_compact(char *prefix, struct ipr_hostrcb *hostrcb,
 				struct ipr_vpd *vpd)
 {
-	char buffer[IPR_VENDOR_ID_LEN + IPR_PROD_ID_LEN + IPR_SERIAL_NUM_LEN + 3];
-	int i = 0;
+	char vendor_id[IPR_VENDOR_ID_LEN + 1];
+	char product_id[IPR_PROD_ID_LEN + 1];
+	char sn[IPR_SERIAL_NUM_LEN + 1];
 
-	memcpy(buffer, vpd->vpids.vendor_id, IPR_VENDOR_ID_LEN);
-	i = strip_and_pad_whitespace(IPR_VENDOR_ID_LEN - 1, buffer);
+	memcpy(vendor_id, vpd->vpids.vendor_id, IPR_VENDOR_ID_LEN);
+	strip_whitespace(IPR_VENDOR_ID_LEN, vendor_id);
 
-	memcpy(&buffer[i], vpd->vpids.product_id, IPR_PROD_ID_LEN);
-	i = strip_and_pad_whitespace(i + IPR_PROD_ID_LEN - 1, buffer);
+	memcpy(product_id, vpd->vpids.product_id, IPR_PROD_ID_LEN);
+	strip_whitespace(IPR_PROD_ID_LEN, product_id);
 
-	memcpy(&buffer[i], vpd->sn, IPR_SERIAL_NUM_LEN);
-	buffer[IPR_SERIAL_NUM_LEN + i] = '\0';
+	memcpy(sn, vpd->sn, IPR_SERIAL_NUM_LEN);
+	strip_whitespace(IPR_SERIAL_NUM_LEN, sn);
 
-	ipr_hcam_err(hostrcb, "%s VPID/SN: %s\n", prefix, buffer);
+	ipr_hcam_err(hostrcb, "%s VPID/SN: %s %s %s\n", prefix,
+		     vendor_id, product_id, sn);
 }
 
 /**