subject:"RE\: \[PATCH v2\] powerpc\/64\: Fix build failure with GCC 8.1"

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

2018-05-31 Thread Michael Ellerman

Christophe LEROY  writes:
> Le 31/05/2018 à 07:54, Michael Ellerman a écrit :
>> Christophe LEROY  writes:
>>> Le 29/05/2018 à 11:05, Geert Uytterhoeven a écrit :
 Hi Christophe,
 On Tue, May 29, 2018 at 10:56 AM, Christophe LEROY
  wrote:
> Le 29/05/2018 à 09:47, Geert Uytterhoeven a écrit :
>> On Tue, May 29, 2018 at 8:03 AM, Christophe Leroy
>>> --- a/arch/powerpc/kernel/nvram_64.c
>>> +++ b/arch/powerpc/kernel/nvram_64.c
>>> @@ -1039,7 +1039,7 @@ loff_t __init nvram_create_partition(const char
>>> *name, int sig,
>>>new_part->index = free_part->index;
>>>new_part->header.signature = sig;
>>>new_part->header.length = size;
>>> -   strncpy(new_part->header.name, name, 12);
>>> +   memcpy(new_part->header.name, name, strnlen(name,
>>> sizeof(new_part->header.name)));
>>
>>
>> The comment for nvram_header.lgnth says:
>>
>>/* Terminating null required only for names < 12 chars. */
>>
>> This will not terminate the string with a zero (the struct is
>> allocated with kmalloc).
>> So the original code is correct, the new one isn't.
>
> Right, then I have to first zeroize the destination.

 Using kzalloc() instead of kmalloc() will do.

 Still, papering around these warnings seems to obscure things, IMHO.
 And it increases code size, as you had to add a call to strnlen().
>> 
>> 
>> The right fix is to not try and mirror the on-device structure in the
>> kernel struct. We should just use a proper NULL terminated string, which
>> would avoid the need to explicitly do strncmp(.., .., 12) in the code
>> and be less bug prone in general.
>> 
>> The only place where we should need to worry about the 12 byte buffer is
>> in nvram_write_header().
>> 
>> Anyway that's a bigger change, so I'll take this for now with kzalloc().
>
> Thanks. You take it as is and add the kzalloc() or you expect a v3 from 
> me with the kzalloc()

Sorry that wasn't clear was it. I'll add the kzalloc().

cheers

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

2018-05-30 Thread Christophe LEROY





Le 31/05/2018 à 07:54, Michael Ellerman a écrit :

Christophe LEROY  writes:

Le 29/05/2018 à 11:05, Geert Uytterhoeven a écrit :

Hi Christophe,
On Tue, May 29, 2018 at 10:56 AM, Christophe LEROY
 wrote:

Le 29/05/2018 à 09:47, Geert Uytterhoeven a écrit :

On Tue, May 29, 2018 at 8:03 AM, Christophe Leroy

--- a/arch/powerpc/kernel/nvram_64.c
+++ b/arch/powerpc/kernel/nvram_64.c
@@ -1039,7 +1039,7 @@ loff_t __init nvram_create_partition(const char
*name, int sig,
   new_part->index = free_part->index;
   new_part->header.signature = sig;
   new_part->header.length = size;
-   strncpy(new_part->header.name, name, 12);
+   memcpy(new_part->header.name, name, strnlen(name,
sizeof(new_part->header.name)));



The comment for nvram_header.lgnth says:

   /* Terminating null required only for names < 12 chars. */

This will not terminate the string with a zero (the struct is
allocated with kmalloc).
So the original code is correct, the new one isn't.


Right, then I have to first zeroize the destination.


Using kzalloc() instead of kmalloc() will do.

Still, papering around these warnings seems to obscure things, IMHO.
And it increases code size, as you had to add a call to strnlen().



The right fix is to not try and mirror the on-device structure in the
kernel struct. We should just use a proper NULL terminated string, which
would avoid the need to explicitly do strncmp(.., .., 12) in the code
and be less bug prone in general.

The only place where we should need to worry about the 12 byte buffer is
in nvram_write_header().

Anyway that's a bigger change, so I'll take this for now with kzalloc().


Thanks. You take it as is and add the kzalloc() or you expect a v3 from 
me with the kzalloc()


Christophe

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

2018-05-30 Thread Michael Ellerman

Christophe LEROY  writes:
> Le 29/05/2018 à 11:05, Geert Uytterhoeven a écrit :
>> Hi Christophe,
>> On Tue, May 29, 2018 at 10:56 AM, Christophe LEROY
>>  wrote:
>>> Le 29/05/2018 à 09:47, Geert Uytterhoeven a écrit :
 On Tue, May 29, 2018 at 8:03 AM, Christophe Leroy
> --- a/arch/powerpc/kernel/nvram_64.c
> +++ b/arch/powerpc/kernel/nvram_64.c
> @@ -1039,7 +1039,7 @@ loff_t __init nvram_create_partition(const char
> *name, int sig,
>   new_part->index = free_part->index;
>   new_part->header.signature = sig;
>   new_part->header.length = size;
> -   strncpy(new_part->header.name, name, 12);
> +   memcpy(new_part->header.name, name, strnlen(name,
> sizeof(new_part->header.name)));


 The comment for nvram_header.lgnth says:

   /* Terminating null required only for names < 12 chars. */

 This will not terminate the string with a zero (the struct is
 allocated with kmalloc).
 So the original code is correct, the new one isn't.
>>>
>>> Right, then I have to first zeroize the destination.
>> 
>> Using kzalloc() instead of kmalloc() will do.
>> 
>> Still, papering around these warnings seems to obscure things, IMHO.
>> And it increases code size, as you had to add a call to strnlen().


The right fix is to not try and mirror the on-device structure in the
kernel struct. We should just use a proper NULL terminated string, which
would avoid the need to explicitly do strncmp(.., .., 12) in the code
and be less bug prone in general.

The only place where we should need to worry about the 12 byte buffer is
in nvram_write_header().

Anyway that's a bigger change, so I'll take this for now with kzalloc().

cheers

RE: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

2018-05-29 Thread David Laight

From: Christophe LEROY
> Sent: 29 May 2018 10:37
...
>  -   strncpy(new_part->header.name, name, 12);
>  +   memcpy(new_part->header.name, name, strnlen(name,
>  sizeof(new_part->header.name)));
> >>>
> >>>
> >>> The comment for nvram_header.lgnth says:
> >>>
> >>>   /* Terminating null required only for names < 12 chars. */
> >>>
> >>> This will not terminate the string with a zero (the struct is
> >>> allocated with kmalloc).
> >>> So the original code is correct, the new one isn't.
> >>
> >> Right, then I have to first zeroize the destination.
> >
> > Using kzalloc() instead of kmalloc() will do.
> >
> > Still, papering around these warnings seems to obscure things, IMHO.
> > And it increases code size, as you had to add a call to strnlen().
> 
> Right but then, what is the best solution to elimate that warning ?

Time to add the I_really_mean_strncy() function.

David

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

2018-05-29 Thread Christophe LEROY





Le 29/05/2018 à 11:05, Geert Uytterhoeven a écrit :

Hi Christophe,

On Tue, May 29, 2018 at 10:56 AM, Christophe LEROY
 wrote:

Le 29/05/2018 à 09:47, Geert Uytterhoeven a écrit :

On Tue, May 29, 2018 at 8:03 AM, Christophe Leroy
 wrote:


CC  arch/powerpc/kernel/nvram_64.o
arch/powerpc/kernel/nvram_64.c: In function 'nvram_create_partition':
arch/powerpc/kernel/nvram_64.c:1042:2: error: 'strncpy' specified bound
12 equals destination size [-Werror=stringop-truncation]
strncpy(new_part->header.name, name, 12);
^~~~

CC  arch/powerpc/kernel/trace/ftrace.o
In function 'make_field',
  inlined from 'ps3_repository_read_boot_dat_address' at
arch/powerpc/platforms/ps3/repository.c:900:9:
arch/powerpc/platforms/ps3/repository.c:106:2: error: 'strncpy' output
truncated before terminating nul copying 8 bytes from a string of the same
length [-Werror=stringop-truncation]
strncpy((char *), text, 8);
^~~~

Signed-off-by: Christophe Leroy 



Thanks for your patch!


--- a/arch/powerpc/kernel/nvram_64.c
+++ b/arch/powerpc/kernel/nvram_64.c
@@ -1039,7 +1039,7 @@ loff_t __init nvram_create_partition(const char
*name, int sig,
  new_part->index = free_part->index;
  new_part->header.signature = sig;
  new_part->header.length = size;
-   strncpy(new_part->header.name, name, 12);
+   memcpy(new_part->header.name, name, strnlen(name,
sizeof(new_part->header.name)));



The comment for nvram_header.lgnth says:

  /* Terminating null required only for names < 12 chars. */

This will not terminate the string with a zero (the struct is
allocated with kmalloc).
So the original code is correct, the new one isn't.


Right, then I have to first zeroize the destination.


Using kzalloc() instead of kmalloc() will do.

Still, papering around these warnings seems to obscure things, IMHO.
And it increases code size, as you had to add a call to strnlen().


Right but then, what is the best solution to elimate that warning ?

Would it be better to enclose those two lines in:

#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wstringop-truncation"
...
#pragma GCC diagnostic pop


Christophe




  new_part->header.checksum = nvram_checksum(_part->header);

  rc = nvram_write_header(new_part);
diff --git a/arch/powerpc/platforms/ps3/repository.c
b/arch/powerpc/platforms/ps3/repository.c
index 50dbaf24b1ee..e49c887787c4 100644
--- a/arch/powerpc/platforms/ps3/repository.c
+++ b/arch/powerpc/platforms/ps3/repository.c
@@ -101,9 +101,9 @@ static u64 make_first_field(const char *text, u64
index)

   static u64 make_field(const char *text, u64 index)
   {
-   u64 n;
+   u64 n = 0;

-   strncpy((char *), text, 8);
+   memcpy((char *), text, strnlen(text, sizeof(n)));



This changes behavior: strncpy() fills the remainder of the buffer with
zeroes.  I don't remember the details of the PS3 repository structure,
but given this writes to a fixed size u64 buffer, I'd expect the PS3
hypervisor code to (1) rely on the zero padding, and (2) not need a zero
terminator if there are 8 characters in the buffer, so probably the
original code is correct, and the "fixed" code isn't.


Here I have set n to 0 prior to the copy, so the buffer IS zero padded.


Sorry, I missed that part.

Gr{oetje,eeting}s,

 Geert

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

2018-05-29 Thread Geert Uytterhoeven

Hi Christophe,

On Tue, May 29, 2018 at 10:56 AM, Christophe LEROY
 wrote:
> Le 29/05/2018 à 09:47, Geert Uytterhoeven a écrit :
>> On Tue, May 29, 2018 at 8:03 AM, Christophe Leroy
>>  wrote:
>>>
>>>CC  arch/powerpc/kernel/nvram_64.o
>>> arch/powerpc/kernel/nvram_64.c: In function 'nvram_create_partition':
>>> arch/powerpc/kernel/nvram_64.c:1042:2: error: 'strncpy' specified bound
>>> 12 equals destination size [-Werror=stringop-truncation]
>>>strncpy(new_part->header.name, name, 12);
>>>^~~~
>>>
>>>CC  arch/powerpc/kernel/trace/ftrace.o
>>> In function 'make_field',
>>>  inlined from 'ps3_repository_read_boot_dat_address' at
>>> arch/powerpc/platforms/ps3/repository.c:900:9:
>>> arch/powerpc/platforms/ps3/repository.c:106:2: error: 'strncpy' output
>>> truncated before terminating nul copying 8 bytes from a string of the same
>>> length [-Werror=stringop-truncation]
>>>strncpy((char *), text, 8);
>>>^~~~
>>>
>>> Signed-off-by: Christophe Leroy 
>>
>>
>> Thanks for your patch!
>>
>>> --- a/arch/powerpc/kernel/nvram_64.c
>>> +++ b/arch/powerpc/kernel/nvram_64.c
>>> @@ -1039,7 +1039,7 @@ loff_t __init nvram_create_partition(const char
>>> *name, int sig,
>>>  new_part->index = free_part->index;
>>>  new_part->header.signature = sig;
>>>  new_part->header.length = size;
>>> -   strncpy(new_part->header.name, name, 12);
>>> +   memcpy(new_part->header.name, name, strnlen(name,
>>> sizeof(new_part->header.name)));
>>
>>
>> The comment for nvram_header.lgnth says:
>>
>>  /* Terminating null required only for names < 12 chars. */
>>
>> This will not terminate the string with a zero (the struct is
>> allocated with kmalloc).
>> So the original code is correct, the new one isn't.
>
> Right, then I have to first zeroize the destination.

Using kzalloc() instead of kmalloc() will do.

Still, papering around these warnings seems to obscure things, IMHO.
And it increases code size, as you had to add a call to strnlen().

>>>  new_part->header.checksum = nvram_checksum(_part->header);
>>>
>>>  rc = nvram_write_header(new_part);
>>> diff --git a/arch/powerpc/platforms/ps3/repository.c
>>> b/arch/powerpc/platforms/ps3/repository.c
>>> index 50dbaf24b1ee..e49c887787c4 100644
>>> --- a/arch/powerpc/platforms/ps3/repository.c
>>> +++ b/arch/powerpc/platforms/ps3/repository.c
>>> @@ -101,9 +101,9 @@ static u64 make_first_field(const char *text, u64
>>> index)
>>>
>>>   static u64 make_field(const char *text, u64 index)
>>>   {
>>> -   u64 n;
>>> +   u64 n = 0;
>>>
>>> -   strncpy((char *), text, 8);
>>> +   memcpy((char *), text, strnlen(text, sizeof(n)));
>>
>>
>> This changes behavior: strncpy() fills the remainder of the buffer with
>> zeroes.  I don't remember the details of the PS3 repository structure,
>> but given this writes to a fixed size u64 buffer, I'd expect the PS3
>> hypervisor code to (1) rely on the zero padding, and (2) not need a zero
>> terminator if there are 8 characters in the buffer, so probably the
>> original code is correct, and the "fixed" code isn't.
>
> Here I have set n to 0 prior to the copy, so the buffer IS zero padded.

Sorry, I missed that part.

Gr{oetje,eeting}s,

Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

2018-05-29 Thread Christophe LEROY





Le 29/05/2018 à 09:47, Geert Uytterhoeven a écrit :

Hi Christophe,

CC Geoff

On Tue, May 29, 2018 at 8:03 AM, Christophe Leroy
 wrote:

   CC  arch/powerpc/kernel/nvram_64.o
arch/powerpc/kernel/nvram_64.c: In function 'nvram_create_partition':
arch/powerpc/kernel/nvram_64.c:1042:2: error: 'strncpy' specified bound 12 
equals destination size [-Werror=stringop-truncation]
   strncpy(new_part->header.name, name, 12);
   ^~~~

   CC  arch/powerpc/kernel/trace/ftrace.o
In function 'make_field',
 inlined from 'ps3_repository_read_boot_dat_address' at 
arch/powerpc/platforms/ps3/repository.c:900:9:
arch/powerpc/platforms/ps3/repository.c:106:2: error: 'strncpy' output 
truncated before terminating nul copying 8 bytes from a string of the same 
length [-Werror=stringop-truncation]
   strncpy((char *), text, 8);
   ^~~~

Signed-off-by: Christophe Leroy 


Thanks for your patch!


--- a/arch/powerpc/kernel/nvram_64.c
+++ b/arch/powerpc/kernel/nvram_64.c
@@ -1039,7 +1039,7 @@ loff_t __init nvram_create_partition(const char *name, 
int sig,
 new_part->index = free_part->index;
 new_part->header.signature = sig;
 new_part->header.length = size;
-   strncpy(new_part->header.name, name, 12);
+   memcpy(new_part->header.name, name, strnlen(name, 
sizeof(new_part->header.name)));


The comment for nvram_header.lgnth says:

 /* Terminating null required only for names < 12 chars. */

This will not terminate the string with a zero (the struct is
allocated with kmalloc).
So the original code is correct, the new one isn't.


Right, then I have to first zeroize the destination.




 new_part->header.checksum = nvram_checksum(_part->header);

 rc = nvram_write_header(new_part);
diff --git a/arch/powerpc/platforms/ps3/repository.c 
b/arch/powerpc/platforms/ps3/repository.c
index 50dbaf24b1ee..e49c887787c4 100644
--- a/arch/powerpc/platforms/ps3/repository.c
+++ b/arch/powerpc/platforms/ps3/repository.c
@@ -101,9 +101,9 @@ static u64 make_first_field(const char *text, u64 index)

  static u64 make_field(const char *text, u64 index)
  {
-   u64 n;
+   u64 n = 0;

-   strncpy((char *), text, 8);
+   memcpy((char *), text, strnlen(text, sizeof(n)));


This changes behavior: strncpy() fills the remainder of the buffer with
zeroes.  I don't remember the details of the PS3 repository structure,
but given this writes to a fixed size u64 buffer, I'd expect the PS3
hypervisor code to (1) rely on the zero padding, and (2) not need a zero
terminator if there are 8 characters in the buffer, so probably the
original code is correct, and the "fixed" code isn't.


Here I have set n to 0 prior to the copy, so the buffer IS zero padded.

Christophe



Has this been tested on a PS3?


 return n + index;
  }


Gr{oetje,eeting}s,

 Geert

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

2018-05-29 Thread Geert Uytterhoeven

Hi Christophe,

CC Geoff

On Tue, May 29, 2018 at 8:03 AM, Christophe Leroy
 wrote:
>   CC  arch/powerpc/kernel/nvram_64.o
> arch/powerpc/kernel/nvram_64.c: In function 'nvram_create_partition':
> arch/powerpc/kernel/nvram_64.c:1042:2: error: 'strncpy' specified bound 12 
> equals destination size [-Werror=stringop-truncation]
>   strncpy(new_part->header.name, name, 12);
>   ^~~~
>
>   CC  arch/powerpc/kernel/trace/ftrace.o
> In function 'make_field',
> inlined from 'ps3_repository_read_boot_dat_address' at 
> arch/powerpc/platforms/ps3/repository.c:900:9:
> arch/powerpc/platforms/ps3/repository.c:106:2: error: 'strncpy' output 
> truncated before terminating nul copying 8 bytes from a string of the same 
> length [-Werror=stringop-truncation]
>   strncpy((char *), text, 8);
>   ^~~~
>
> Signed-off-by: Christophe Leroy 

Thanks for your patch!

> --- a/arch/powerpc/kernel/nvram_64.c
> +++ b/arch/powerpc/kernel/nvram_64.c
> @@ -1039,7 +1039,7 @@ loff_t __init nvram_create_partition(const char *name, 
> int sig,
> new_part->index = free_part->index;
> new_part->header.signature = sig;
> new_part->header.length = size;
> -   strncpy(new_part->header.name, name, 12);
> +   memcpy(new_part->header.name, name, strnlen(name, 
> sizeof(new_part->header.name)));

The comment for nvram_header.lgnth says:

/* Terminating null required only for names < 12 chars. */

This will not terminate the string with a zero (the struct is
allocated with kmalloc).
So the original code is correct, the new one isn't.

> new_part->header.checksum = nvram_checksum(_part->header);
>
> rc = nvram_write_header(new_part);
> diff --git a/arch/powerpc/platforms/ps3/repository.c 
> b/arch/powerpc/platforms/ps3/repository.c
> index 50dbaf24b1ee..e49c887787c4 100644
> --- a/arch/powerpc/platforms/ps3/repository.c
> +++ b/arch/powerpc/platforms/ps3/repository.c
> @@ -101,9 +101,9 @@ static u64 make_first_field(const char *text, u64 index)
>
>  static u64 make_field(const char *text, u64 index)
>  {
> -   u64 n;
> +   u64 n = 0;
>
> -   strncpy((char *), text, 8);
> +   memcpy((char *), text, strnlen(text, sizeof(n)));

This changes behavior: strncpy() fills the remainder of the buffer with
zeroes.  I don't remember the details of the PS3 repository structure,
but given this writes to a fixed size u64 buffer, I'd expect the PS3
hypervisor code to (1) rely on the zero padding, and (2) not need a zero
terminator if there are 8 characters in the buffer, so probably the
original code is correct, and the "fixed" code isn't.

Has this been tested on a PS3?

> return n + index;
>  }

Gr{oetje,eeting}s,

Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

RE: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

Re: [PATCH v2] powerpc/64: Fix build failure with GCC 8.1

8 matches

Site Navigation

Mail list logo

Footer information