From patchwork Tue Nov 15 21:53:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gustavo A. R. Silva" X-Patchwork-Id: 13044237 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5626BC433FE for ; Tue, 15 Nov 2022 21:53:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229823AbiKOVxq (ORCPT ); Tue, 15 Nov 2022 16:53:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42496 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229731AbiKOVxp (ORCPT ); Tue, 15 Nov 2022 16:53:45 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90D4813EB8; Tue, 15 Nov 2022 13:53:44 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DDB54618F5; Tue, 15 Nov 2022 21:53:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90CA0C433C1; Tue, 15 Nov 2022 21:53:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1668549223; bh=1/A6DlUT7AQ50h5Usn7ksWgo6qyQMDQggwXLiYYZZFY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=E77KupNN5UhHHN2DjW4uu0qINjVti3ELuUQkgmn/bJzgSDQoRuBtxopEnk0+7UmYH rpPVPHC7m3IMJ4qgYLkKoYtluj58Exuk5OIsR3HydqsBcoC5xaY7w0u8lvKAIHc4mq BiJMA2qD6bySjYmZMKmzLEpEa7FpA6FG9n6tW/OsrKRXB9w3Q36KlUv90veVoYrSTr fqF9FTNtP/GifzXPEc1qIovlYyzZShmBKh5CYq2MxAhPH4GKtFM4vxzbQWtN4PUl3V kfZ+KAatxyrlA7UbRHRhvJs7TK+iQARjLJ7VLXCQyh61ybvCPwd+N2cpO9l5Ag0ZH9 1YlxwgJKPJ1xA== Date: Tue, 15 Nov 2022 15:53:27 -0600 From: "Gustavo A. R. Silva" To: Hante Meuleman , Franky Lin , Arend van Spriel , Kalle Valo , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: SHA-cyfmac-dev-list@infineon.com, brcm80211-dev-list.pdl@broadcom.com, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org Subject: [PATCH 1/2][next] wifi: brcmfmac: replace one-element array with flexible-array member in struct brcmf_dload_data_le Message-ID: <905f5b68cf93c812360d081caae5b15221db09b6.1668548907.git.gustavoars@kernel.org> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct brcmf_dload_data_le. Important to mention is that doing a build before/after this patch results in no binary output differences. This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy() and help us make progress towards globally enabling -fstrict-flex-arrays=3 [1]. Link: https://github.com/KSPP/linux/issues/230 Link: https://github.com/KSPP/linux/issues/79 Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1] Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kees Cook --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c | 4 ++-- drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c index 22344e68fd59..2e836566e218 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c @@ -110,7 +110,7 @@ static int brcmf_c_download(struct brcmf_if *ifp, u16 flag, dload_buf->dload_type = cpu_to_le16(DL_TYPE_CLM); dload_buf->len = cpu_to_le32(len); dload_buf->crc = cpu_to_le32(0); - len = sizeof(*dload_buf) + len - 1; + len = sizeof(*dload_buf) + len; err = brcmf_fil_iovar_data_set(ifp, "clmload", dload_buf, len); @@ -139,7 +139,7 @@ static int brcmf_c_process_clm_blob(struct brcmf_if *ifp) return 0; } - chunk_buf = kzalloc(sizeof(*chunk_buf) + MAX_CHUNK_LEN - 1, GFP_KERNEL); + chunk_buf = kzalloc(sizeof(*chunk_buf) + MAX_CHUNK_LEN, GFP_KERNEL); if (!chunk_buf) { err = -ENOMEM; goto done; diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h index f518e025d6e4..a69339f72c66 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h @@ -943,7 +943,7 @@ struct brcmf_dload_data_le { __le16 dload_type; __le32 len; __le32 crc; - u8 data[1]; + u8 data[]; }; /** From patchwork Tue Nov 15 21:55:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gustavo A. R. Silva" X-Patchwork-Id: 13044238 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A4C8C433FE for ; Tue, 15 Nov 2022 21:55:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231947AbiKOVzz (ORCPT ); Tue, 15 Nov 2022 16:55:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43598 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231902AbiKOVzv (ORCPT ); Tue, 15 Nov 2022 16:55:51 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29E312C10B; Tue, 15 Nov 2022 13:55:51 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B9A8661A08; Tue, 15 Nov 2022 21:55:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 869EFC433C1; Tue, 15 Nov 2022 21:55:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1668549350; bh=iQK5X8lQkyk5IDtQF7i4ML+XXWtDJaKhb1wsrEPYeKg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=IsTmLPLiQubsT8pjKF4wwwKt6rVvP/OmC9K3DPTAYk942qqAhx3B//gZ0cr++RwTh kVIWgdDqsSlsXOFZA1yJ4xQsD0ixOsSL0VHcxRyvSB7X2fAyzWaqD/FQTZZrLgQSqe v/qizdtnbbp1tbIpjSXmVoOutKSqhFKeIAtQjZc7yXj9VR/pJarIWIXejHujeMxfRA rTz9MWnG7ZCg1eBsYB08owq/tUie28CV7r17ZJJrlpjPp+QCGiPvtoypcLXe8/voSP OKaVpr/3z+M2W+3FUAwZmOIl1bCCbdiL83bEbsg15KsDM1lbUOOjK216Qo2lFHNC2a mtPn1b0XamrBw== Date: Tue, 15 Nov 2022 15:55:34 -0600 From: "Gustavo A. R. Silva" To: Hante Meuleman , Franky Lin , Arend van Spriel , Kalle Valo , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: SHA-cyfmac-dev-list@infineon.com, brcm80211-dev-list.pdl@broadcom.com, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org Subject: [PATCH 2/2][next] wifi: brcmfmac: Use struct_size() in code ralated to struct brcmf_dload_data_le Message-ID: <41845ad3660ed4375f0c03fd36a67b2e12fafed5.1668548907.git.gustavoars@kernel.org> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Prefer struct_size() over open-coded versions of idiom: sizeof(struct-with-flex-array) + sizeof(typeof-flex-array-elements) * count where count is the max number of items the flexible array is supposed to contain. In this particular case, in the open-coded version sizeof(typeof-flex-array-elements) is implicit in _count_ because the type of the flex array data is u8: drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h:941: 941 struct brcmf_dload_data_le { 942 __le16 flag; 943 __le16 dload_type; 944 __le32 len; 945 __le32 crc; 946 u8 data[]; 947 }; Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kees Cook --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c index 2e836566e218..4a309e5a5707 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c @@ -110,9 +110,9 @@ static int brcmf_c_download(struct brcmf_if *ifp, u16 flag, dload_buf->dload_type = cpu_to_le16(DL_TYPE_CLM); dload_buf->len = cpu_to_le32(len); dload_buf->crc = cpu_to_le32(0); - len = sizeof(*dload_buf) + len; - err = brcmf_fil_iovar_data_set(ifp, "clmload", dload_buf, len); + err = brcmf_fil_iovar_data_set(ifp, "clmload", dload_buf, + struct_size(dload_buf, data, len)); return err; } @@ -139,7 +139,8 @@ static int brcmf_c_process_clm_blob(struct brcmf_if *ifp) return 0; } - chunk_buf = kzalloc(sizeof(*chunk_buf) + MAX_CHUNK_LEN, GFP_KERNEL); + chunk_buf = kzalloc(struct_size(chunk_buf, data, MAX_CHUNK_LEN), + GFP_KERNEL); if (!chunk_buf) { err = -ENOMEM; goto done;