From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
To: Hante Meuleman <hante.meuleman@broadcom.com>,
Franky Lin <franky.lin@broadcom.com>,
Arend van Spriel <aspriel@gmail.com>,
Kalle Valo <kvalo@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>
Cc: SHA-cyfmac-dev-list@infineon.com,
brcm80211-dev-list.pdl@broadcom.com, netdev@vger.kernel.org,
linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
linux-hardening@vger.kernel.org
Subject: [PATCH 2/2][next] wifi: brcmfmac: Use struct_size() in code ralated to struct brcmf_dload_data_le
Date: Tue, 15 Nov 2022 15:55:34 -0600 [thread overview]
Message-ID: <41845ad3660ed4375f0c03fd36a67b2e12fafed5.1668548907.git.gustavoars@kernel.org> (raw)
In-Reply-To: <cover.1668548907.git.gustavoars@kernel.org>
Prefer struct_size() over open-coded versions of idiom:
sizeof(struct-with-flex-array) + sizeof(typeof-flex-array-elements) * count
where count is the max number of items the flexible array is supposed to
contain.
In this particular case, in the open-coded version sizeof(typeof-flex-array-elements)
is implicit in _count_ because the type of the flex array data is u8:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h:941:
941 struct brcmf_dload_data_le {
942 __le16 flag;
943 __le16 dload_type;
944 __le32 len;
945 __le32 crc;
946 u8 data[];
947 };
Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
index 2e836566e218..4a309e5a5707 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
@@ -110,9 +110,9 @@ static int brcmf_c_download(struct brcmf_if *ifp, u16 flag,
dload_buf->dload_type = cpu_to_le16(DL_TYPE_CLM);
dload_buf->len = cpu_to_le32(len);
dload_buf->crc = cpu_to_le32(0);
- len = sizeof(*dload_buf) + len;
- err = brcmf_fil_iovar_data_set(ifp, "clmload", dload_buf, len);
+ err = brcmf_fil_iovar_data_set(ifp, "clmload", dload_buf,
+ struct_size(dload_buf, data, len));
return err;
}
@@ -139,7 +139,8 @@ static int brcmf_c_process_clm_blob(struct brcmf_if *ifp)
return 0;
}
- chunk_buf = kzalloc(sizeof(*chunk_buf) + MAX_CHUNK_LEN, GFP_KERNEL);
+ chunk_buf = kzalloc(struct_size(chunk_buf, data, MAX_CHUNK_LEN),
+ GFP_KERNEL);
if (!chunk_buf) {
err = -ENOMEM;
goto done;
--
2.34.1
next prev parent reply other threads:[~2022-11-15 21:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-15 21:52 [PATCH 0/2][next] wifi: brcmfmac: common: Replace one-element array with flexible-array member Gustavo A. R. Silva
2022-11-15 21:53 ` [PATCH 1/2][next] wifi: brcmfmac: replace one-element array with flexible-array member in struct brcmf_dload_data_le Gustavo A. R. Silva
2022-11-16 22:23 ` Kees Cook
2022-11-22 10:14 ` Kalle Valo
2022-11-15 21:55 ` Gustavo A. R. Silva [this message]
2022-11-16 22:23 ` [PATCH 2/2][next] wifi: brcmfmac: Use struct_size() in code ralated to " Kees Cook
2022-11-17 1:06 ` Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41845ad3660ed4375f0c03fd36a67b2e12fafed5.1668548907.git.gustavoars@kernel.org \
--to=gustavoars@kernel.org \
--cc=SHA-cyfmac-dev-list@infineon.com \
--cc=aspriel@gmail.com \
--cc=brcm80211-dev-list.pdl@broadcom.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=franky.lin@broadcom.com \
--cc=hante.meuleman@broadcom.com \
--cc=kuba@kernel.org \
--cc=kvalo@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.