From: Eric Biggers ebiggers@google.com
Fix a silly bug where an array was used outside of its scope.
Fixes: 2051da858534 ("arm64/crc-t10dif: expose CRC-T10DIF function through lib") Cc: stable@vger.kernel.org Reported-by: David Binderman dcb314@hotmail.com Closes: https://lore.kernel.org/r/AS8PR02MB102170568EAE7FFDF93C8D1ED9CA62@AS8PR02MB1... Signed-off-by: Eric Biggers ebiggers@google.com --- arch/arm64/lib/crc-t10dif-glue.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/arch/arm64/lib/crc-t10dif-glue.c b/arch/arm64/lib/crc-t10dif-glue.c index a007d0c5f3fed..bacd18f231688 100644 --- a/arch/arm64/lib/crc-t10dif-glue.c +++ b/arch/arm64/lib/crc-t10dif-glue.c @@ -43,13 +43,11 @@ u16 crc_t10dif_arch(u16 crc, const u8 *data, size_t length)
kernel_neon_begin(); crc_t10dif_pmull_p8(crc, data, length, buf); kernel_neon_end();
- crc = 0; - data = buf; - length = sizeof(buf); + return crc_t10dif_generic(0, buf, sizeof(buf)); } } return crc_t10dif_generic(crc, data, length); } EXPORT_SYMBOL(crc_t10dif_arch);
base-commit: 1e26c5e28ca5821a824e90dd359556f5e9e7b89f
Hello there Eric,
Fix a silly bug where an array was used outside of its scope.
I am surprised your C compiler doesn't find this bug. gcc 14.2 onwards should be able to, but clang not.
I will make an enhancement request in clang.
Regards
David Binderman
Fixes: 2051da858534 ("arm64/crc-t10dif: expose CRC-T10DIF function through lib") Cc: stable@vger.kernel.org Reported-by: David Binderman dcb314@hotmail.com Closes: https://lore.kernel.org/r/AS8PR02MB102170568EAE7FFDF93C8D1ED9CA62@AS8PR02MB1... Signed-off-by: Eric Biggers ebiggers@google.com --- arch/arm64/lib/crc-t10dif-glue.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/arch/arm64/lib/crc-t10dif-glue.c b/arch/arm64/lib/crc-t10dif-glue.c index a007d0c5f3fed..bacd18f231688 100644 --- a/arch/arm64/lib/crc-t10dif-glue.c +++ b/arch/arm64/lib/crc-t10dif-glue.c @@ -43,13 +43,11 @@ u16 crc_t10dif_arch(u16 crc, const u8 *data, size_t length) kernel_neon_begin(); crc_t10dif_pmull_p8(crc, data, length, buf); kernel_neon_end(); - crc = 0; - data = buf; - length = sizeof(buf); + return crc_t10dif_generic(0, buf, sizeof(buf)); } } return crc_t10dif_generic(crc, data, length); } EXPORT_SYMBOL(crc_t10dif_arch);
base-commit: 1e26c5e28ca5821a824e90dd359556f5e9e7b89f -- 2.49.0
On Thu, Mar 27, 2025 at 07:58:51AM +0000, David Binderman wrote:
Hello there Eric,
Fix a silly bug where an array was used outside of its scope.
I am surprised your C compiler doesn't find this bug. gcc 14.2 onwards should be able to, but clang not.
I will make an enhancement request in clang.
Regards
David Binderman
Neither gcc 14.2.0 nor clang 19.1.7 found it, unfortunately. And the code still passed crc_kunit (even when run with have_pmull disabled so that the code is reached).
- Eric
On Wed, 26 Mar 2025 at 21:09, Eric Biggers ebiggers@kernel.org wrote:
From: Eric Biggers ebiggers@google.com
Fix a silly bug where an array was used outside of its scope.
Yeah - mea culpa.
And the fact that we exit with a tail call means buf[] may be deallocated by the time crc_t10dif_generic() refers to it - I'm surprised this didn't already break in testing, but I suppose no tail call is issued for other reasons.
On Thu, 27 Mar 2025 at 09:15, Ard Biesheuvel ardb@kernel.org wrote:
On Wed, 26 Mar 2025 at 21:09, Eric Biggers ebiggers@kernel.org wrote:
From: Eric Biggers ebiggers@google.com
Fix a silly bug where an array was used outside of its scope.
Yeah - mea culpa.
Ehmm - tua culpa, actually :-)
On Thu, Mar 27, 2025 at 09:28:51AM +0100, Ard Biesheuvel wrote:
On Thu, 27 Mar 2025 at 09:15, Ard Biesheuvel ardb@kernel.org wrote:
On Wed, 26 Mar 2025 at 21:09, Eric Biggers ebiggers@kernel.org wrote:
From: Eric Biggers ebiggers@google.com
Fix a silly bug where an array was used outside of its scope.
Yeah - mea culpa.
Ehmm - tua culpa, actually :-)
Yep, your original code was correct and I messed it up.
- Eric
On Wed, Mar 26, 2025 at 01:09:18PM -0700, Eric Biggers wrote:
From: Eric Biggers ebiggers@google.com
Fix a silly bug where an array was used outside of its scope.
Fixes: 2051da858534 ("arm64/crc-t10dif: expose CRC-T10DIF function through lib") Cc: stable@vger.kernel.org Reported-by: David Binderman dcb314@hotmail.com Closes: https://lore.kernel.org/r/AS8PR02MB102170568EAE7FFDF93C8D1ED9CA62@AS8PR02MB1... Signed-off-by: Eric Biggers ebiggers@google.com
arch/arm64/lib/crc-t10dif-glue.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
Applied to https://web.git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?...
- Eric
linux-stable-mirror@lists.linaro.org
-
Ard Biesheuvel -
David Binderman -
Eric Biggers