From patchwork Tue Feb 7 16:57:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gustavo A. R. Silva" X-Patchwork-Id: 13131859 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D5CAC636CC for ; Tue, 7 Feb 2023 16:57:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231405AbjBGQ5U (ORCPT ); Tue, 7 Feb 2023 11:57:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230344AbjBGQ5U (ORCPT ); Tue, 7 Feb 2023 11:57:20 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 034793A594; Tue, 7 Feb 2023 08:57:19 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B44F7B81A01; Tue, 7 Feb 2023 16:57:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 03C78C433EF; Tue, 7 Feb 2023 16:57:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1675789036; bh=MNtjrR3i9zJVMbXrA2OM0kVsyK6vBzmxrxtfk069rf4=; h=Date:From:To:Cc:Subject:From; b=Ffwz5mg+uOZwkbqk3CdPXkwZ9FrLo9uSsNsNsQw5kweSC29zByMBR7kj4y9ueasMc jRK5le8mzpZz7Edq+RS1FjPxmELIf+LJrw6uQueXrTWqcChbuB3lwdBxirpX3xuPwt 8a6E8Ogxb1IIkG2nkAF3mLxbNg3cb0eM6HmSn32YmeUTnjyrY7OI4Xs77BXyfZYSGX MX7uuhhUpgKNFStumGa+0gZQ95FRrhOGdj76UJxXEMw+XtLu+EjcWv4LJK2AcKXoJa 1X/eBUoosJnhIHkk5u7N4HRU4LRO618snZyFBz26qfYuBlTezr1rEoD07bspuuhlfJ oXqEH0duQFRdw== Date: Tue, 7 Feb 2023 10:57:29 -0600 From: "Gustavo A. R. Silva" To: Don Brace , "James E.J. Bottomley" , "Martin K. Petersen" Cc: storagedev@microchip.com, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org, Kees Cook Subject: [PATCH v2][next] scsi: smartpqi: Replace one-element array with flexible-array member Message-ID: MIME-Version: 1.0 Content-Disposition: inline Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct report_log_lun_list. This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy(). Link: https://github.com/KSPP/linux/issues/79 Link: https://github.com/KSPP/linux/issues/204 Signed-off-by: Gustavo A. R. Silva --- Changes in v2: In v1 we thought that the original code was allocating one too-many entries for the list. However, Don Brance commented that the allocation was actually intentional[1]. So, I added a code comment with his feedback. Link: https://lore.kernel.org/linux-hardening/16e6c434-44af-2efb-d4bc-a253e93e5590@embeddedor.com/ [1] v1: Link: https://lore.kernel.org/linux-hardening/c80c0979933e0c05e80d95792ef167a28640a14b.1663816572.git.gustavoars@kernel.org/ drivers/scsi/smartpqi/smartpqi.h | 2 +- drivers/scsi/smartpqi/smartpqi_init.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/smartpqi/smartpqi.h b/drivers/scsi/smartpqi/smartpqi.h index af27bb0f3133..228838eb3686 100644 --- a/drivers/scsi/smartpqi/smartpqi.h +++ b/drivers/scsi/smartpqi/smartpqi.h @@ -954,7 +954,7 @@ struct report_log_lun { struct report_log_lun_list { struct report_lun_header header; - struct report_log_lun lun_entries[1]; + struct report_log_lun lun_entries[]; }; struct report_phys_lun_8byte_wwid { diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c index d0446d4d4465..af8f1a8e9f8f 100644 --- a/drivers/scsi/smartpqi/smartpqi_init.c +++ b/drivers/scsi/smartpqi/smartpqi_init.c @@ -1277,6 +1277,10 @@ static int pqi_get_device_lists(struct pqi_ctrl_info *ctrl_info, logdev_data_length = sizeof(struct report_lun_header) + logdev_list_length; + /* + * Notice that we take on an extra list entry (struct report_log_lun) + * that is all zeros for the controller itself. + */ internal_logdev_list = kmalloc(logdev_data_length + sizeof(struct report_log_lun), GFP_KERNEL); if (!internal_logdev_list) {