| Message ID | 41845ad3660ed4375f0c03fd36a67b2e12fafed5.1668548907.git.gustavoars@kernel.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 633a9b6f514c12b3ee42b3a4e647f137aca1e198 |
| Delegated to: | Kalle Valo |
| Headers | show |
| Series | wifi: brcmfmac: common: Replace one-element array with flexible-array member | expand |
On Tue, Nov 15, 2022 at 03:55:34PM -0600, Gustavo A. R. Silva wrote: > Prefer struct_size() over open-coded versions of idiom: > > sizeof(struct-with-flex-array) + sizeof(typeof-flex-array-elements) * count > > where count is the max number of items the flexible array is supposed to > contain. > > In this particular case, in the open-coded version sizeof(typeof-flex-array-elements) > is implicit in _count_ because the type of the flex array data is u8: > > drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h:941: > 941 struct brcmf_dload_data_le { > 942 __le16 flag; > 943 __le16 dload_type; > 944 __le32 len; > 945 __le32 crc; > 946 u8 data[]; > 947 }; > > Link: https://github.com/KSPP/linux/issues/160 > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org>
On 11/16/22 16:23, Kees Cook wrote: > On Tue, Nov 15, 2022 at 03:55:34PM -0600, Gustavo A. R. Silva wrote: >> Prefer struct_size() over open-coded versions of idiom: >> >> sizeof(struct-with-flex-array) + sizeof(typeof-flex-array-elements) * count >> >> where count is the max number of items the flexible array is supposed to >> contain. >> >> In this particular case, in the open-coded version sizeof(typeof-flex-array-elements) >> is implicit in _count_ because the type of the flex array data is u8: >> >> drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h:941: >> 941 struct brcmf_dload_data_le { >> 942 __le16 flag; >> 943 __le16 dload_type; >> 944 __le32 len; >> 945 __le32 crc; >> 946 u8 data[]; >> 947 }; >> >> Link: https://github.com/KSPP/linux/issues/160 >> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > > Reviewed-by: Kees Cook <keescook@chromium.org> > Thanks for the reviews! :) -- Gustavo
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c index 2e836566e218..4a309e5a5707 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c @@ -110,9 +110,9 @@ static int brcmf_c_download(struct brcmf_if *ifp, u16 flag, dload_buf->dload_type = cpu_to_le16(DL_TYPE_CLM); dload_buf->len = cpu_to_le32(len); dload_buf->crc = cpu_to_le32(0); - len = sizeof(*dload_buf) + len; - err = brcmf_fil_iovar_data_set(ifp, "clmload", dload_buf, len); + err = brcmf_fil_iovar_data_set(ifp, "clmload", dload_buf, + struct_size(dload_buf, data, len)); return err; } @@ -139,7 +139,8 @@ static int brcmf_c_process_clm_blob(struct brcmf_if *ifp) return 0; } - chunk_buf = kzalloc(sizeof(*chunk_buf) + MAX_CHUNK_LEN, GFP_KERNEL); + chunk_buf = kzalloc(struct_size(chunk_buf, data, MAX_CHUNK_LEN), + GFP_KERNEL); if (!chunk_buf) { err = -ENOMEM; goto done;
Prefer struct_size() over open-coded versions of idiom: sizeof(struct-with-flex-array) + sizeof(typeof-flex-array-elements) * count where count is the max number of items the flexible array is supposed to contain. In this particular case, in the open-coded version sizeof(typeof-flex-array-elements) is implicit in _count_ because the type of the flex array data is u8: drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h:941: 941 struct brcmf_dload_data_le { 942 __le16 flag; 943 __le16 dload_type; 944 __le32 len; 945 __le32 crc; 946 u8 data[]; 947 }; Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)