drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-)
From: Arnd Bergmann <arnd@arndb.de>
idt_scan_mws() puts a large fixed-size array on the stack and copies
it into a smaller dynamically allocated array at the end. On 32-bit
targets, the fixed size can easily exceed the warning limit for
possible stack overflow:
drivers/ntb/hw/idt/ntb_hw_idt.c:1041:27: error: stack frame size (1032) exceeds limit (1024) in 'idt_scan_mws' [-Werror,-Wframe-larger-than]
Change it to instead just always use dynamic allocation for the
array from the start. It's too big for the stack, but not actually
all that much for a permanent allocation.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/all/202205111109.PiKTruEj-lkp@intel.com/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
A number of users have reported this in the past, but I couldn't
find any other patch for it so far.
---
drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/drivers/ntb/hw/idt/ntb_hw_idt.c b/drivers/ntb/hw/idt/ntb_hw_idt.c
index 544d8a4d2af5..f27df8d7f3b9 100644
--- a/drivers/ntb/hw/idt/ntb_hw_idt.c
+++ b/drivers/ntb/hw/idt/ntb_hw_idt.c
@@ -1041,7 +1041,7 @@ static inline char *idt_get_mw_name(enum idt_mw_type mw_type)
static struct idt_mw_cfg *idt_scan_mws(struct idt_ntb_dev *ndev, int port,
unsigned char *mw_cnt)
{
- struct idt_mw_cfg mws[IDT_MAX_NR_MWS], *ret_mws;
+ struct idt_mw_cfg *mws;
const struct idt_ntb_bar *bars;
enum idt_mw_type mw_type;
unsigned char widx, bidx, en_cnt;
@@ -1049,6 +1049,11 @@ static struct idt_mw_cfg *idt_scan_mws(struct idt_ntb_dev *ndev, int port,
int aprt_size;
u32 data;
+ mws = devm_kcalloc(&ndev->ntb.pdev->dev, IDT_MAX_NR_MWS,
+ sizeof(*mws), GFP_KERNEL);
+ if (!mws)
+ return ERR_PTR(-ENOMEM);
+
/* Retrieve the array of the BARs registers */
bars = portdata_tbl[port].bars;
@@ -1103,16 +1108,7 @@ static struct idt_mw_cfg *idt_scan_mws(struct idt_ntb_dev *ndev, int port,
}
}
- /* Allocate memory for memory window descriptors */
- ret_mws = devm_kcalloc(&ndev->ntb.pdev->dev, *mw_cnt, sizeof(*ret_mws),
- GFP_KERNEL);
- if (!ret_mws)
- return ERR_PTR(-ENOMEM);
-
- /* Copy the info of detected memory windows */
- memcpy(ret_mws, mws, (*mw_cnt)*sizeof(*ret_mws));
-
- return ret_mws;
+ return mws;
}
/*
--
2.39.5
On 2/21/25 1:57 AM, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
>
> idt_scan_mws() puts a large fixed-size array on the stack and copies
> it into a smaller dynamically allocated array at the end. On 32-bit
> targets, the fixed size can easily exceed the warning limit for
> possible stack overflow:
>
> drivers/ntb/hw/idt/ntb_hw_idt.c:1041:27: error: stack frame size (1032) exceeds limit (1024) in 'idt_scan_mws' [-Werror,-Wframe-larger-than]
>
> Change it to instead just always use dynamic allocation for the
> array from the start. It's too big for the stack, but not actually
> all that much for a permanent allocation.
>
> Reported-by: kernel test robot <lkp@intel.com>
> Closes: https://lore.kernel.org/all/202205111109.PiKTruEj-lkp@intel.com/
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
LGTM. Old code didn't make sense to declare on stack, allocate later and memcpy.
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
> ---
> A number of users have reported this in the past, but I couldn't
> find any other patch for it so far.
> ---
> drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +++++++-----------
> 1 file changed, 7 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/ntb/hw/idt/ntb_hw_idt.c b/drivers/ntb/hw/idt/ntb_hw_idt.c
> index 544d8a4d2af5..f27df8d7f3b9 100644
> --- a/drivers/ntb/hw/idt/ntb_hw_idt.c
> +++ b/drivers/ntb/hw/idt/ntb_hw_idt.c
> @@ -1041,7 +1041,7 @@ static inline char *idt_get_mw_name(enum idt_mw_type mw_type)
> static struct idt_mw_cfg *idt_scan_mws(struct idt_ntb_dev *ndev, int port,
> unsigned char *mw_cnt)
> {
> - struct idt_mw_cfg mws[IDT_MAX_NR_MWS], *ret_mws;
> + struct idt_mw_cfg *mws;
> const struct idt_ntb_bar *bars;
> enum idt_mw_type mw_type;
> unsigned char widx, bidx, en_cnt;
> @@ -1049,6 +1049,11 @@ static struct idt_mw_cfg *idt_scan_mws(struct idt_ntb_dev *ndev, int port,
> int aprt_size;
> u32 data;
>
> + mws = devm_kcalloc(&ndev->ntb.pdev->dev, IDT_MAX_NR_MWS,
> + sizeof(*mws), GFP_KERNEL);
> + if (!mws)
> + return ERR_PTR(-ENOMEM);
> +
> /* Retrieve the array of the BARs registers */
> bars = portdata_tbl[port].bars;
>
> @@ -1103,16 +1108,7 @@ static struct idt_mw_cfg *idt_scan_mws(struct idt_ntb_dev *ndev, int port,
> }
> }
>
> - /* Allocate memory for memory window descriptors */
> - ret_mws = devm_kcalloc(&ndev->ntb.pdev->dev, *mw_cnt, sizeof(*ret_mws),
> - GFP_KERNEL);
> - if (!ret_mws)
> - return ERR_PTR(-ENOMEM);
> -
> - /* Copy the info of detected memory windows */
> - memcpy(ret_mws, mws, (*mw_cnt)*sizeof(*ret_mws));
> -
> - return ret_mws;
> + return mws;
> }
>
> /*
On 2/21/25 17:57, Arnd Bergmann wrote: > From: Arnd Bergmann <arnd@arndb.de> > > idt_scan_mws() puts a large fixed-size array on the stack and copies > it into a smaller dynamically allocated array at the end. On 32-bit > targets, the fixed size can easily exceed the warning limit for > possible stack overflow: > > drivers/ntb/hw/idt/ntb_hw_idt.c:1041:27: error: stack frame size (1032) exceeds limit (1024) in 'idt_scan_mws' [-Werror,-Wframe-larger-than] > > Change it to instead just always use dynamic allocation for the > array from the start. It's too big for the stack, but not actually > all that much for a permanent allocation. > > Reported-by: kernel test robot <lkp@intel.com> > Closes: https://lore.kernel.org/all/202205111109.PiKTruEj-lkp@intel.com/ > Signed-off-by: Arnd Bergmann <arnd@arndb.de> Looks good to me. Reviewed-by: Damien Le Moal <dlemoal@kernel.org> -- Damien Le Moal Western Digital Research
© 2016 - 2025 Red Hat, Inc.