net/mlx4_core: Avoid impossible mlx4_db_alloc() order value

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

GCC can see that the value range for "order" is capped, but this leads
it to consider that it might be negative, leading to a false positive
warning (with GCC 15 with -Warray-bounds -fdiagnostics-details):

../drivers/net/ethernet/mellanox/mlx4/alloc.c:691:47: error: array subscript -1 is below array bounds of 'long unsigned int *[2]' [-Werror=array-bounds=]
691 | i = find_first_bit(pgdir->bits[o], MLX4_DB_PER_PAGE >> o);
| ~~~~~~~~~~~^~~
'mlx4_alloc_db_from_pgdir': events 1-2
691 | i = find_first_bit(pgdir->bits[o], MLX4_DB_PER_PAGE >> o); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | | | (2) out of array bounds here
| (1) when the condition is evaluated to true In file included from ../drivers/net/ethernet/mellanox/mlx4/mlx4.h:53,
from ../drivers/net/ethernet/mellanox/mlx4/alloc.c:42:
../include/linux/mlx4/device.h:664:33: note: while referencing 'bits'
664 | unsigned long *bits[2];
| ^~~~

Switch the argument to unsigned int, which removes the compiler needing
to consider negative values.

Signed-off-by: Kees Cook <kees@kernel.org>
Link: https://patch.msgid.link/20250210174504.work.075-kees@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Kees Cook and committed by

Jakub Kicinski 1 year ago 4a6f18f2 0025fa45

+4 -4

2 changed files

expand all

drivers

net

ethernet

mellanox

mlx4

alloc.c

include

linux

mlx4

device.h

+3 -3

drivers/net/ethernet/mellanox/mlx4/alloc.c

··· 660 660 } 661 661 662 662 static int mlx4_alloc_db_from_pgdir(struct mlx4_db_pgdir *pgdir, 663 - struct mlx4_db *db, int order) 663 + struct mlx4_db *db, unsigned int order) 664 664 { 665 - int o; 665 + unsigned int o; 666 666 int i; 667 667 668 668 for (o = order; o <= 1; ++o) { ··· 690 690 return 0; 691 691 } 692 692 693 - int mlx4_db_alloc(struct mlx4_dev *dev, struct mlx4_db *db, int order) 693 + int mlx4_db_alloc(struct mlx4_dev *dev, struct mlx4_db *db, unsigned int order) 694 694 { 695 695 struct mlx4_priv *priv = mlx4_priv(dev); 696 696 struct mlx4_db_pgdir *pgdir;

+1 -1

include/linux/mlx4/device.h

··· 1135 1135 int mlx4_buf_write_mtt(struct mlx4_dev *dev, struct mlx4_mtt *mtt, 1136 1136 struct mlx4_buf *buf); 1137 1137 1138 - int mlx4_db_alloc(struct mlx4_dev *dev, struct mlx4_db *db, int order); 1138 + int mlx4_db_alloc(struct mlx4_dev *dev, struct mlx4_db *db, unsigned int order); 1139 1139 void mlx4_db_free(struct mlx4_dev *dev, struct mlx4_db *db); 1140 1140 1141 1141 int mlx4_alloc_hwq_res(struct mlx4_dev *dev, struct mlx4_hwq_resources *wqres,