[PATCH v2 0/4][next] scsi: megaraid_sas: Replace one-element arrays with flexible-array members

[PATCH v2 0/4][next] scsi: megaraid_sas: Replace one-element arrays with flexible-array members

[Gustavo A. R. Silva]

Hi!

This series aims to replace one-element arrays with flexible-array
members.

This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://en.wikipedia.org/wiki/Flexible_array_member
Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109

Thanks

Changes in v2:
 - Revert changes in struct MR_FW_RAID_MAP_ALL.

Gustavo A. R. Silva (4):
  scsi: megaraid_sas: Replace one-element array with flexible-array
    member in MR_FW_RAID_MAP
  scsi: megaraid_sas: Replace one-element array with flexible-array
    member in MR_FW_RAID_MAP_DYNAMIC
  scsi: megaraid_sas: Replace one-element array with flexible-array
    member in MR_DRV_RAID_MAP
  scsi: megaraid_sas: Replace one-element array with flexible-array
    member in MR_PD_CFG_SEQ_NUM_SYNC

 drivers/scsi/megaraid/megaraid_sas_base.c   | 20 ++++++++++----------
 drivers/scsi/megaraid/megaraid_sas_fp.c     | 12 ++++++------
 drivers/scsi/megaraid/megaraid_sas_fusion.c |  2 +-
 drivers/scsi/megaraid/megaraid_sas_fusion.h |  8 ++++----
 4 files changed, 21 insertions(+), 21 deletions(-)

-- 
2.27.0

[PATCH v2 1/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP

[Gustavo A. R. Silva]

There is a regular need in the kernel to provide a way to declare having
a dynamically sized set of trailing elements in a structure. Kernel code
should always use “flexible array members”[1] for these cases. The older
style of one-element or zero-length arrays should no longer be used[2].

Refactor the code according to the use of a flexible-array member in struct
MR_FW_RAID_MAP instead of one-element array, and use the struct_size()
helper.

This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().

[1] https://en.wikipedia.org/wiki/Flexible_array_member
[2] https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays

Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
Changes in v2:
 - Revert changes in struct MR_FW_RAID_MAP_ALL.
 - Update Subject line and changelog text.

 drivers/scsi/megaraid/megaraid_sas_base.c   | 6 +++---
 drivers/scsi/megaraid/megaraid_sas_fp.c     | 6 +++---
 drivers/scsi/megaraid/megaraid_sas_fusion.h | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index ec10b2497310..d072f9caeb4a 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -5147,9 +5147,9 @@ static void megasas_update_ext_vd_details(struct megasas_instance *instance)
 		fusion->current_map_sz = ventura_map_sz;
 		fusion->max_map_sz = ventura_map_sz;
 	} else {
-		fusion->old_map_sz =  sizeof(struct MR_FW_RAID_MAP) +
-					(sizeof(struct MR_LD_SPAN_MAP) *
-					(instance->fw_supported_vd_count - 1));
+		fusion->old_map_sz =
+			struct_size((struct MR_FW_RAID_MAP *)0, ldSpanMap,
+				    instance->fw_supported_vd_count);
 		fusion->new_map_sz =  sizeof(struct MR_FW_RAID_MAP_EXT);
 
 		fusion->max_map_sz =
diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
index 83f69c33b01a..da1cad1ee123 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fp.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
@@ -326,9 +326,9 @@ u8 MR_ValidateMapInfo(struct megasas_instance *instance, u64 map_id)
 	else if (instance->supportmax256vd)
 		expected_size = sizeof(struct MR_FW_RAID_MAP_EXT);
 	else
-		expected_size =
-			(sizeof(struct MR_FW_RAID_MAP) - sizeof(struct MR_LD_SPAN_MAP) +
-			(sizeof(struct MR_LD_SPAN_MAP) * le16_to_cpu(pDrvRaidMap->ldCount)));
+		expected_size = struct_size((struct MR_FW_RAID_MAP *)0,
+					    ldSpanMap,
+					    le16_to_cpu(pDrvRaidMap->ldCount));
 
 	if (le32_to_cpu(pDrvRaidMap->totalSize) != expected_size) {
 		dev_dbg(&instance->pdev->dev, "megasas: map info structure size 0x%x",
diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
index ce84f811e5e1..a47139ef9ee2 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
@@ -942,7 +942,7 @@ struct MR_FW_RAID_MAP {
 	u8                  reserved2[7];
 	struct MR_ARRAY_INFO       arMapInfo[MAX_RAIDMAP_ARRAYS];
 	struct MR_DEV_HANDLE_INFO  devHndlInfo[MAX_RAIDMAP_PHYSICAL_DEVICES];
-	struct MR_LD_SPAN_MAP      ldSpanMap[1];
+	struct MR_LD_SPAN_MAP      ldSpanMap[];
 };
 
 struct IO_REQUEST_INFO {
-- 
2.27.0

[PATCH v2 2/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP_DYNAMIC

[Gustavo A. R. Silva]

Replace one-element array with a flexible-array member in struct
MR_FW_RAID_MAP_DYNAMIC.

This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://en.wikipedia.org/wiki/Flexible_array_member
Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
Changes in v2:
 - None.

 drivers/scsi/megaraid/megaraid_sas_fusion.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
index a47139ef9ee2..9adb8b30f422 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
@@ -1053,7 +1053,7 @@ struct MR_FW_RAID_MAP_DYNAMIC {
 	struct MR_RAID_MAP_DESC_TABLE
 			raid_map_desc_table[RAID_MAP_DESC_TYPE_COUNT];
 	/* Variable Size buffer containing all data */
-	u32 raid_map_desc_data[1];
+	u32 raid_map_desc_data[];
 }; /* Dynamicaly sized RAID MAp structure */
 
 #define IEEE_SGE_FLAGS_ADDR_MASK            (0x03)
-- 
2.27.0

[PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP

[Gustavo A. R. Silva]

Replace one-element array with a flexible-array member in struct
MR_DRV_RAID_MAP and use the flex_array_size() helper.

This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://en.wikipedia.org/wiki/Flexible_array_member
Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
Changes in v2:
 - None.

 drivers/scsi/megaraid/megaraid_sas_fp.c     | 6 +++---
 drivers/scsi/megaraid/megaraid_sas_fusion.h | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
index da1cad1ee123..9cb36ef96c2c 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fp.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
@@ -229,8 +229,8 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
 					le32_to_cpu(desc_table->raid_map_desc_offset));
 				memcpy(pDrvRaidMap->ldSpanMap,
 				       fw_map_dyn->ld_span_map,
-				       sizeof(struct MR_LD_SPAN_MAP) *
-				       le32_to_cpu(desc_table->raid_map_desc_elements));
+				       flex_array_size(pDrvRaidMap, ldSpanMap,
+				       le32_to_cpu(desc_table->raid_map_desc_elements)));
 			break;
 			default:
 				dev_dbg(&instance->pdev->dev, "wrong number of desctableElements %d\n",
@@ -254,7 +254,7 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
 			pDrvRaidMap->ldTgtIdToLd[i] =
 				(u16)fw_map_ext->ldTgtIdToLd[i];
 		memcpy(pDrvRaidMap->ldSpanMap, fw_map_ext->ldSpanMap,
-		       sizeof(struct MR_LD_SPAN_MAP) * ld_count);
+		       flex_array_size(pDrvRaidMap, ldSpanMap, ld_count));
 		memcpy(pDrvRaidMap->arMapInfo, fw_map_ext->arMapInfo,
 		       sizeof(struct MR_ARRAY_INFO) * MAX_API_ARRAYS_EXT);
 		memcpy(pDrvRaidMap->devHndlInfo, fw_map_ext->devHndlInfo,
diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
index 9adb8b30f422..5fe2f7a6eebe 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
@@ -1182,7 +1182,7 @@ struct MR_DRV_RAID_MAP {
 		devHndlInfo[MAX_RAIDMAP_PHYSICAL_DEVICES_DYN];
 	u16 ldTgtIdToLd[MAX_LOGICAL_DRIVES_DYN];
 	struct MR_ARRAY_INFO arMapInfo[MAX_API_ARRAYS_DYN];
-	struct MR_LD_SPAN_MAP      ldSpanMap[1];
+	struct MR_LD_SPAN_MAP      ldSpanMap[];
 
 };
 
-- 
2.27.0

[PATCH v2 4/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_PD_CFG_SEQ_NUM_SYNC

[Gustavo A. R. Silva]

Replace one-element array with a flexible-array member in struct
MR_PD_CFG_SEQ_NUM_SYNC and use the struct_size() helper.

This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://en.wikipedia.org/wiki/Flexible_array_member
Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
Changes in v2:
 - None.

 drivers/scsi/megaraid/megaraid_sas_base.c   | 14 +++++++-------
 drivers/scsi/megaraid/megaraid_sas_fusion.c |  2 +-
 drivers/scsi/megaraid/megaraid_sas_fusion.h |  2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index d072f9caeb4a..a4131dd510e3 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -5782,10 +5782,10 @@ megasas_setup_jbod_map(struct megasas_instance *instance)
 {
 	int i;
 	struct fusion_context *fusion = instance->ctrl_context;
-	u32 pd_seq_map_sz;
+	size_t pd_seq_map_sz;
 
-	pd_seq_map_sz = sizeof(struct MR_PD_CFG_SEQ_NUM_SYNC) +
-		(sizeof(struct MR_PD_CFG_SEQ) * (MAX_PHYSICAL_DEVICES - 1));
+	pd_seq_map_sz = struct_size((struct MR_PD_CFG_SEQ_NUM_SYNC *)0, seq,
+				    MAX_PHYSICAL_DEVICES);
 
 	instance->use_seqnum_jbod_fp =
 		instance->support_seqnum_jbod_fp;
@@ -7961,7 +7961,7 @@ static void megasas_detach_one(struct pci_dev *pdev)
 	struct Scsi_Host *host;
 	struct megasas_instance *instance;
 	struct fusion_context *fusion;
-	u32 pd_seq_map_sz;
+	size_t pd_seq_map_sz;
 
 	instance = pci_get_drvdata(pdev);
 
@@ -8033,9 +8033,9 @@ static void megasas_detach_one(struct pci_dev *pdev)
 
 	if (instance->adapter_type != MFI_SERIES) {
 		megasas_release_fusion(instance);
-			pd_seq_map_sz = sizeof(struct MR_PD_CFG_SEQ_NUM_SYNC) +
-				(sizeof(struct MR_PD_CFG_SEQ) *
-					(MAX_PHYSICAL_DEVICES - 1));
+			pd_seq_map_sz =
+				struct_size((struct MR_PD_CFG_SEQ_NUM_SYNC *)0,
+					    seq, MAX_PHYSICAL_DEVICES);
 		for (i = 0; i < 2 ; i++) {
 			if (fusion->ld_map[i])
 				dma_free_coherent(&instance->pdev->dev,
diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c
index 06399c026a8d..a824fb641fda 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
@@ -1310,7 +1310,7 @@ megasas_sync_pd_seq_num(struct megasas_instance *instance, bool pend) {
 
 	pd_sync = (void *)fusion->pd_seq_sync[(instance->pd_seq_map_id & 1)];
 	pd_seq_h = fusion->pd_seq_phys[(instance->pd_seq_map_id & 1)];
-	pd_seq_map_sz = struct_size(pd_sync, seq, MAX_PHYSICAL_DEVICES - 1);
+	pd_seq_map_sz = struct_size(pd_sync, seq, MAX_PHYSICAL_DEVICES);
 
 	cmd = megasas_get_cmd(instance);
 	if (!cmd) {
diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
index 5fe2f7a6eebe..af39d9c20cc6 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
@@ -1249,7 +1249,7 @@ struct MR_PD_CFG_SEQ {
 struct MR_PD_CFG_SEQ_NUM_SYNC {
 	__le32 size;
 	__le32 count;
-	struct MR_PD_CFG_SEQ seq[1];
+	struct MR_PD_CFG_SEQ seq[];
 } __packed;
 
 /* stream detection */
-- 
2.27.0

Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP

[Kees Cook]

On Wed, Aug 04, 2021 at 11:20:04PM -0500, Gustavo A. R. Silva wrote:
> Replace one-element array with a flexible-array member in struct
> MR_DRV_RAID_MAP and use the flex_array_size() helper.
> 
> This helps with the ongoing efforts to globally enable -Warray-bounds
> and get us closer to being able to tighten the FORTIFY_SOURCE routines
> on memcpy().
> 
> Link: https://en.wikipedia.org/wiki/Flexible_array_member
> Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/109
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>

I'd really like to see this fixed. :) I'm running into this 1-element
array problem now with UBSAN_BOUNDS:

[   10.011173] UBSAN: array-index-out-of-bounds in /build/linux-WLUive/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
[   10.087824] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'

and I'm not the only one:

https://bugzilla.kernel.org/show_bug.cgi?id=215943

> ---
> Changes in v2:
>  - None.
> 
>  drivers/scsi/megaraid/megaraid_sas_fp.c     | 6 +++---
>  drivers/scsi/megaraid/megaraid_sas_fusion.h | 2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
> index da1cad1ee123..9cb36ef96c2c 100644
> --- a/drivers/scsi/megaraid/megaraid_sas_fp.c
> +++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
> @@ -229,8 +229,8 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
>  					le32_to_cpu(desc_table->raid_map_desc_offset));
>  				memcpy(pDrvRaidMap->ldSpanMap,
>  				       fw_map_dyn->ld_span_map,
> -				       sizeof(struct MR_LD_SPAN_MAP) *
> -				       le32_to_cpu(desc_table->raid_map_desc_elements));
> +				       flex_array_size(pDrvRaidMap, ldSpanMap,
> +				       le32_to_cpu(desc_table->raid_map_desc_elements)));
>  			break;
>  			default:
>  				dev_dbg(&instance->pdev->dev, "wrong number of desctableElements %d\n",
> @@ -254,7 +254,7 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
>  			pDrvRaidMap->ldTgtIdToLd[i] =
>  				(u16)fw_map_ext->ldTgtIdToLd[i];
>  		memcpy(pDrvRaidMap->ldSpanMap, fw_map_ext->ldSpanMap,
> -		       sizeof(struct MR_LD_SPAN_MAP) * ld_count);
> +		       flex_array_size(pDrvRaidMap, ldSpanMap, ld_count));
>  		memcpy(pDrvRaidMap->arMapInfo, fw_map_ext->arMapInfo,
>  		       sizeof(struct MR_ARRAY_INFO) * MAX_API_ARRAYS_EXT);
>  		memcpy(pDrvRaidMap->devHndlInfo, fw_map_ext->devHndlInfo,
> diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> index 9adb8b30f422..5fe2f7a6eebe 100644
> --- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
> +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> @@ -1182,7 +1182,7 @@ struct MR_DRV_RAID_MAP {
>  		devHndlInfo[MAX_RAIDMAP_PHYSICAL_DEVICES_DYN];
>  	u16 ldTgtIdToLd[MAX_LOGICAL_DRIVES_DYN];
>  	struct MR_ARRAY_INFO arMapInfo[MAX_API_ARRAYS_DYN];
> -	struct MR_LD_SPAN_MAP      ldSpanMap[1];
> +	struct MR_LD_SPAN_MAP      ldSpanMap[];
>  
>  };
>  

I think this patch is incomplete, and the wrapping struct needs to be
adjusted too:

@@ -1193,7 +1193,7 @@ struct MR_DRV_RAID_MAP {
 struct MR_DRV_RAID_MAP_ALL {
 
        struct MR_DRV_RAID_MAP raidMap;
-       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN - 1];
+       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN];
 } __packed;
 
With that added, I get zero changes to the executable code.

I assume the others need adjustment too.

-- 
Kees Cook

Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP

[Gustavo A. R. Silva]

On Wed, Jun 22, 2022 at 03:26:38PM -0700, Kees Cook wrote:
> On Wed, Aug 04, 2021 at 11:20:04PM -0500, Gustavo A. R. Silva wrote:
> > Replace one-element array with a flexible-array member in struct
> > MR_DRV_RAID_MAP and use the flex_array_size() helper.
> > 
> > This helps with the ongoing efforts to globally enable -Warray-bounds
> > and get us closer to being able to tighten the FORTIFY_SOURCE routines
> > on memcpy().
> > 
> > Link: https://en.wikipedia.org/wiki/Flexible_array_member
> > Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
> > Link: https://github.com/KSPP/linux/issues/79
> > Link: https://github.com/KSPP/linux/issues/109
> > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> 
> I'd really like to see this fixed. :) I'm running into this 1-element
> array problem now with UBSAN_BOUNDS:

Wow; another forgoten patch from the times we didn't have Patchwork. :) 

> 
> [   10.011173] UBSAN: array-index-out-of-bounds in /build/linux-WLUive/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
> [   10.087824] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
> 
> and I'm not the only one:
> 
> https://bugzilla.kernel.org/show_bug.cgi?id=215943

It's actually great that other people are running into these issues now.
That could only means that we should fixed ASAP. :)

We also have this other series that hasn't been applied yet:

https://lore.kernel.org/linux-hardening/cover.1645513670.git.gustavoars@kernel.org/

> 
> > ---
> > Changes in v2:
> >  - None.
> > 
> >  drivers/scsi/megaraid/megaraid_sas_fp.c     | 6 +++---
> >  drivers/scsi/megaraid/megaraid_sas_fusion.h | 2 +-
> >  2 files changed, 4 insertions(+), 4 deletions(-)
> > 
> > diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
> > index da1cad1ee123..9cb36ef96c2c 100644
> > --- a/drivers/scsi/megaraid/megaraid_sas_fp.c
> > +++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
> > @@ -229,8 +229,8 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
> >  					le32_to_cpu(desc_table->raid_map_desc_offset));
> >  				memcpy(pDrvRaidMap->ldSpanMap,
> >  				       fw_map_dyn->ld_span_map,
> > -				       sizeof(struct MR_LD_SPAN_MAP) *
> > -				       le32_to_cpu(desc_table->raid_map_desc_elements));
> > +				       flex_array_size(pDrvRaidMap, ldSpanMap,
> > +				       le32_to_cpu(desc_table->raid_map_desc_elements)));
> >  			break;
> >  			default:
> >  				dev_dbg(&instance->pdev->dev, "wrong number of desctableElements %d\n",
> > @@ -254,7 +254,7 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
> >  			pDrvRaidMap->ldTgtIdToLd[i] =
> >  				(u16)fw_map_ext->ldTgtIdToLd[i];
> >  		memcpy(pDrvRaidMap->ldSpanMap, fw_map_ext->ldSpanMap,
> > -		       sizeof(struct MR_LD_SPAN_MAP) * ld_count);
> > +		       flex_array_size(pDrvRaidMap, ldSpanMap, ld_count));
> >  		memcpy(pDrvRaidMap->arMapInfo, fw_map_ext->arMapInfo,
> >  		       sizeof(struct MR_ARRAY_INFO) * MAX_API_ARRAYS_EXT);
> >  		memcpy(pDrvRaidMap->devHndlInfo, fw_map_ext->devHndlInfo,
> > diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > index 9adb8b30f422..5fe2f7a6eebe 100644
> > --- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > @@ -1182,7 +1182,7 @@ struct MR_DRV_RAID_MAP {
> >  		devHndlInfo[MAX_RAIDMAP_PHYSICAL_DEVICES_DYN];
> >  	u16 ldTgtIdToLd[MAX_LOGICAL_DRIVES_DYN];
> >  	struct MR_ARRAY_INFO arMapInfo[MAX_API_ARRAYS_DYN];
> > -	struct MR_LD_SPAN_MAP      ldSpanMap[1];
> > +	struct MR_LD_SPAN_MAP      ldSpanMap[];
> >  
> >  };
> >  
> 
> I think this patch is incomplete, and the wrapping struct needs to be
> adjusted too:
> 
> @@ -1193,7 +1193,7 @@ struct MR_DRV_RAID_MAP {
>  struct MR_DRV_RAID_MAP_ALL {
>  
>         struct MR_DRV_RAID_MAP raidMap;
> -       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN - 1];
> +       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN];
>  } __packed;
>  
> With that added, I get zero changes to the executable code.
> 
> I assume the others need adjustment too.

Interesting... OK, let me refresh my memory about the whole thing
and be back in a minute.

--
Gustavo

Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP

[Gustavo A. R. Silva]

On Thu, Jun 23, 2022 at 03:45:33AM +0200, Gustavo A. R. Silva wrote:
> On Wed, Jun 22, 2022 at 03:26:38PM -0700, Kees Cook wrote:
> > On Wed, Aug 04, 2021 at 11:20:04PM -0500, Gustavo A. R. Silva wrote:
> > > Replace one-element array with a flexible-array member in struct
> > > MR_DRV_RAID_MAP and use the flex_array_size() helper.
> > > 
> > > This helps with the ongoing efforts to globally enable -Warray-bounds
> > > and get us closer to being able to tighten the FORTIFY_SOURCE routines
> > > on memcpy().
> > > 
> > > Link: https://en.wikipedia.org/wiki/Flexible_array_member
> > > Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
> > > Link: https://github.com/KSPP/linux/issues/79
> > > Link: https://github.com/KSPP/linux/issues/109
> > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> > 
> > I'd really like to see this fixed. :) I'm running into this 1-element
> > array problem now with UBSAN_BOUNDS:
> 
> Wow; another forgoten patch from the times we didn't have Patchwork. :) 
> 
> > 
> > [   10.011173] UBSAN: array-index-out-of-bounds in /build/linux-WLUive/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
> > [   10.087824] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
> > 
> > and I'm not the only one:
> > 
> > https://bugzilla.kernel.org/show_bug.cgi?id=215943
> 
> It's actually great that other people are running into these issues now.
> That could only means that we should fixed ASAP. :)
> 
> We also have this other series that hasn't been applied yet:
> 
> https://lore.kernel.org/linux-hardening/cover.1645513670.git.gustavoars@kernel.org/
> 
> > 
> > > ---
> > > Changes in v2:
> > >  - None.
> > > 
> > >  drivers/scsi/megaraid/megaraid_sas_fp.c     | 6 +++---
> > >  drivers/scsi/megaraid/megaraid_sas_fusion.h | 2 +-
> > >  2 files changed, 4 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
> > > index da1cad1ee123..9cb36ef96c2c 100644
> > > --- a/drivers/scsi/megaraid/megaraid_sas_fp.c
> > > +++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
> > > @@ -229,8 +229,8 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
> > >  					le32_to_cpu(desc_table->raid_map_desc_offset));
> > >  				memcpy(pDrvRaidMap->ldSpanMap,
> > >  				       fw_map_dyn->ld_span_map,
> > > -				       sizeof(struct MR_LD_SPAN_MAP) *
> > > -				       le32_to_cpu(desc_table->raid_map_desc_elements));
> > > +				       flex_array_size(pDrvRaidMap, ldSpanMap,
> > > +				       le32_to_cpu(desc_table->raid_map_desc_elements)));
> > >  			break;
> > >  			default:
> > >  				dev_dbg(&instance->pdev->dev, "wrong number of desctableElements %d\n",
> > > @@ -254,7 +254,7 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
> > >  			pDrvRaidMap->ldTgtIdToLd[i] =
> > >  				(u16)fw_map_ext->ldTgtIdToLd[i];
> > >  		memcpy(pDrvRaidMap->ldSpanMap, fw_map_ext->ldSpanMap,
> > > -		       sizeof(struct MR_LD_SPAN_MAP) * ld_count);
> > > +		       flex_array_size(pDrvRaidMap, ldSpanMap, ld_count));
> > >  		memcpy(pDrvRaidMap->arMapInfo, fw_map_ext->arMapInfo,
> > >  		       sizeof(struct MR_ARRAY_INFO) * MAX_API_ARRAYS_EXT);
> > >  		memcpy(pDrvRaidMap->devHndlInfo, fw_map_ext->devHndlInfo,
> > > diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > > index 9adb8b30f422..5fe2f7a6eebe 100644
> > > --- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > > +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > > @@ -1182,7 +1182,7 @@ struct MR_DRV_RAID_MAP {
> > >  		devHndlInfo[MAX_RAIDMAP_PHYSICAL_DEVICES_DYN];
> > >  	u16 ldTgtIdToLd[MAX_LOGICAL_DRIVES_DYN];
> > >  	struct MR_ARRAY_INFO arMapInfo[MAX_API_ARRAYS_DYN];
> > > -	struct MR_LD_SPAN_MAP      ldSpanMap[1];
> > > +	struct MR_LD_SPAN_MAP      ldSpanMap[];
> > >  
> > >  };
> > >  
> > 
> > I think this patch is incomplete, and the wrapping struct needs to be
> > adjusted too:
> > 
> > @@ -1193,7 +1193,7 @@ struct MR_DRV_RAID_MAP {
> >  struct MR_DRV_RAID_MAP_ALL {
> >  
> >         struct MR_DRV_RAID_MAP raidMap;
> > -       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN - 1];
> > +       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN];
> >  } __packed;

BTW, I'd really like to get some input from the maintainers of this
code. :)

Thanks
--
Gustavo

> >  
> > With that added, I get zero changes to the executable code.
> > 
> > I assume the others need adjustment too.
> 
> Interesting... OK, let me refresh my memory about the whole thing
> and be back in a minute.
> 
> --
> Gustavo

Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP

[Kees Cook]

On Thu, Jun 23, 2022 at 05:14:01AM +0200, Gustavo A. R. Silva wrote:
> On Thu, Jun 23, 2022 at 03:45:33AM +0200, Gustavo A. R. Silva wrote:
> > On Wed, Jun 22, 2022 at 03:26:38PM -0700, Kees Cook wrote:
> > > On Wed, Aug 04, 2021 at 11:20:04PM -0500, Gustavo A. R. Silva wrote:
> > > > Replace one-element array with a flexible-array member in struct
> > > > MR_DRV_RAID_MAP and use the flex_array_size() helper.
> > > > 
> > > > This helps with the ongoing efforts to globally enable -Warray-bounds
> > > > and get us closer to being able to tighten the FORTIFY_SOURCE routines
> > > > on memcpy().
> > > > 
> > > > Link: https://en.wikipedia.org/wiki/Flexible_array_member
> > > > Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
> > > > Link: https://github.com/KSPP/linux/issues/79
> > > > Link: https://github.com/KSPP/linux/issues/109
> > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> > > 
> > > I'd really like to see this fixed. :) I'm running into this 1-element
> > > array problem now with UBSAN_BOUNDS:
> > 
> > Wow; another forgoten patch from the times we didn't have Patchwork. :) 
> > 
> > > 
> > > [   10.011173] UBSAN: array-index-out-of-bounds in /build/linux-WLUive/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
> > > [   10.087824] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
> > > 
> > > and I'm not the only one:
> > > 
> > > https://bugzilla.kernel.org/show_bug.cgi?id=215943
> > 
> > It's actually great that other people are running into these issues now.
> > That could only means that we should fixed ASAP. :)
> > 
> > We also have this other series that hasn't been applied yet:
> > 
> > https://lore.kernel.org/linux-hardening/cover.1645513670.git.gustavoars@kernel.org/
> > 
> > > 
> > > > ---
> > > > Changes in v2:
> > > >  - None.
> > > > 
> > > >  drivers/scsi/megaraid/megaraid_sas_fp.c     | 6 +++---
> > > >  drivers/scsi/megaraid/megaraid_sas_fusion.h | 2 +-
> > > >  2 files changed, 4 insertions(+), 4 deletions(-)
> > > > 
> > > > diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
> > > > index da1cad1ee123..9cb36ef96c2c 100644
> > > > --- a/drivers/scsi/megaraid/megaraid_sas_fp.c
> > > > +++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
> > > > @@ -229,8 +229,8 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
> > > >  					le32_to_cpu(desc_table->raid_map_desc_offset));
> > > >  				memcpy(pDrvRaidMap->ldSpanMap,
> > > >  				       fw_map_dyn->ld_span_map,
> > > > -				       sizeof(struct MR_LD_SPAN_MAP) *
> > > > -				       le32_to_cpu(desc_table->raid_map_desc_elements));
> > > > +				       flex_array_size(pDrvRaidMap, ldSpanMap,
> > > > +				       le32_to_cpu(desc_table->raid_map_desc_elements)));
> > > >  			break;
> > > >  			default:
> > > >  				dev_dbg(&instance->pdev->dev, "wrong number of desctableElements %d\n",
> > > > @@ -254,7 +254,7 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
> > > >  			pDrvRaidMap->ldTgtIdToLd[i] =
> > > >  				(u16)fw_map_ext->ldTgtIdToLd[i];
> > > >  		memcpy(pDrvRaidMap->ldSpanMap, fw_map_ext->ldSpanMap,
> > > > -		       sizeof(struct MR_LD_SPAN_MAP) * ld_count);
> > > > +		       flex_array_size(pDrvRaidMap, ldSpanMap, ld_count));
> > > >  		memcpy(pDrvRaidMap->arMapInfo, fw_map_ext->arMapInfo,
> > > >  		       sizeof(struct MR_ARRAY_INFO) * MAX_API_ARRAYS_EXT);
> > > >  		memcpy(pDrvRaidMap->devHndlInfo, fw_map_ext->devHndlInfo,
> > > > diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > > > index 9adb8b30f422..5fe2f7a6eebe 100644
> > > > --- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > > > +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > > > @@ -1182,7 +1182,7 @@ struct MR_DRV_RAID_MAP {
> > > >  		devHndlInfo[MAX_RAIDMAP_PHYSICAL_DEVICES_DYN];
> > > >  	u16 ldTgtIdToLd[MAX_LOGICAL_DRIVES_DYN];
> > > >  	struct MR_ARRAY_INFO arMapInfo[MAX_API_ARRAYS_DYN];
> > > > -	struct MR_LD_SPAN_MAP      ldSpanMap[1];
> > > > +	struct MR_LD_SPAN_MAP      ldSpanMap[];
> > > >  
> > > >  };
> > > >  
> > > 
> > > I think this patch is incomplete, and the wrapping struct needs to be
> > > adjusted too:
> > > 
> > > @@ -1193,7 +1193,7 @@ struct MR_DRV_RAID_MAP {
> > >  struct MR_DRV_RAID_MAP_ALL {
> > >  
> > >         struct MR_DRV_RAID_MAP raidMap;
> > > -       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN - 1];
> > > +       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN];
> > >  } __packed;
> 
> BTW, I'd really like to get some input from the maintainers of this
> code. :)

Agreed, though if we get 0 output from a diffoscope of the object files,
I think it's safe to carry such patches in our trees. This is how I've
been testing:

$ make allmodconfig
$ ./scripts/config -d GCOV_KERNEL -d KCOV -d GCC_PLUGINS -d IKHEADERS -d KASAN -d UBSAN
$ make olddefconfig
$ make the/path/to/code.o
$ cp the/path/to/code.o the/path/to/code.before
$ *apply patch*
$ make the/path/to/code.o
$ cp the/path/to/code.o the/path/to/code.after
$ diffoscope the/path/to/code.before the/path/to/code.after


-- 
Kees Cook

Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP

[Gustavo A. R. Silva]

On Thu, Jun 23, 2022 at 08:19:49AM -0700, Kees Cook wrote:
> On Thu, Jun 23, 2022 at 05:14:01AM +0200, Gustavo A. R. Silva wrote:
> > On Thu, Jun 23, 2022 at 03:45:33AM +0200, Gustavo A. R. Silva wrote:
> > > On Wed, Jun 22, 2022 at 03:26:38PM -0700, Kees Cook wrote:
> > > > On Wed, Aug 04, 2021 at 11:20:04PM -0500, Gustavo A. R. Silva wrote:
> > > > > Replace one-element array with a flexible-array member in struct
> > > > > MR_DRV_RAID_MAP and use the flex_array_size() helper.
> > > > > 
> > > > > This helps with the ongoing efforts to globally enable -Warray-bounds
> > > > > and get us closer to being able to tighten the FORTIFY_SOURCE routines
> > > > > on memcpy().
> > > > > 
> > > > > Link: https://en.wikipedia.org/wiki/Flexible_array_member
> > > > > Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
> > > > > Link: https://github.com/KSPP/linux/issues/79
> > > > > Link: https://github.com/KSPP/linux/issues/109
> > > > > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> > > > 
> > > > I'd really like to see this fixed. :) I'm running into this 1-element
> > > > array problem now with UBSAN_BOUNDS:
> > > 
> > > Wow; another forgoten patch from the times we didn't have Patchwork. :) 
> > > 
> > > > 
> > > > [   10.011173] UBSAN: array-index-out-of-bounds in /build/linux-WLUive/linux-5.15.0/drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
> > > > [   10.087824] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
> > > > 
> > > > and I'm not the only one:
> > > > 
> > > > https://bugzilla.kernel.org/show_bug.cgi?id=215943
> > > 
> > > It's actually great that other people are running into these issues now.
> > > That could only means that we should fixed ASAP. :)
> > > 
> > > We also have this other series that hasn't been applied yet:
> > > 
> > > https://lore.kernel.org/linux-hardening/cover.1645513670.git.gustavoars@kernel.org/
> > > 
> > > > 
> > > > > ---
> > > > > Changes in v2:
> > > > >  - None.
> > > > > 
> > > > >  drivers/scsi/megaraid/megaraid_sas_fp.c     | 6 +++---
> > > > >  drivers/scsi/megaraid/megaraid_sas_fusion.h | 2 +-
> > > > >  2 files changed, 4 insertions(+), 4 deletions(-)
> > > > > 
> > > > > diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
> > > > > index da1cad1ee123..9cb36ef96c2c 100644
> > > > > --- a/drivers/scsi/megaraid/megaraid_sas_fp.c
> > > > > +++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
> > > > > @@ -229,8 +229,8 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
> > > > >  					le32_to_cpu(desc_table->raid_map_desc_offset));
> > > > >  				memcpy(pDrvRaidMap->ldSpanMap,
> > > > >  				       fw_map_dyn->ld_span_map,
> > > > > -				       sizeof(struct MR_LD_SPAN_MAP) *
> > > > > -				       le32_to_cpu(desc_table->raid_map_desc_elements));
> > > > > +				       flex_array_size(pDrvRaidMap, ldSpanMap,
> > > > > +				       le32_to_cpu(desc_table->raid_map_desc_elements)));
> > > > >  			break;
> > > > >  			default:
> > > > >  				dev_dbg(&instance->pdev->dev, "wrong number of desctableElements %d\n",
> > > > > @@ -254,7 +254,7 @@ static int MR_PopulateDrvRaidMap(struct megasas_instance *instance, u64 map_id)
> > > > >  			pDrvRaidMap->ldTgtIdToLd[i] =
> > > > >  				(u16)fw_map_ext->ldTgtIdToLd[i];
> > > > >  		memcpy(pDrvRaidMap->ldSpanMap, fw_map_ext->ldSpanMap,
> > > > > -		       sizeof(struct MR_LD_SPAN_MAP) * ld_count);
> > > > > +		       flex_array_size(pDrvRaidMap, ldSpanMap, ld_count));
> > > > >  		memcpy(pDrvRaidMap->arMapInfo, fw_map_ext->arMapInfo,
> > > > >  		       sizeof(struct MR_ARRAY_INFO) * MAX_API_ARRAYS_EXT);
> > > > >  		memcpy(pDrvRaidMap->devHndlInfo, fw_map_ext->devHndlInfo,
> > > > > diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > > > > index 9adb8b30f422..5fe2f7a6eebe 100644
> > > > > --- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > > > > +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
> > > > > @@ -1182,7 +1182,7 @@ struct MR_DRV_RAID_MAP {
> > > > >  		devHndlInfo[MAX_RAIDMAP_PHYSICAL_DEVICES_DYN];
> > > > >  	u16 ldTgtIdToLd[MAX_LOGICAL_DRIVES_DYN];
> > > > >  	struct MR_ARRAY_INFO arMapInfo[MAX_API_ARRAYS_DYN];
> > > > > -	struct MR_LD_SPAN_MAP      ldSpanMap[1];
> > > > > +	struct MR_LD_SPAN_MAP      ldSpanMap[];
> > > > >  
> > > > >  };
> > > > >  
> > > > 
> > > > I think this patch is incomplete, and the wrapping struct needs to be
> > > > adjusted too:
> > > > 
> > > > @@ -1193,7 +1193,7 @@ struct MR_DRV_RAID_MAP {
> > > >  struct MR_DRV_RAID_MAP_ALL {
> > > >  
> > > >         struct MR_DRV_RAID_MAP raidMap;
> > > > -       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN - 1];
> > > > +       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN];
> > > >  } __packed;
> > 
> > BTW, I'd really like to get some input from the maintainers of this
> > code. :)
> 
> Agreed, though if we get 0 output from a diffoscope of the object files,
> I think it's safe to carry such patches in our trees. This is how I've
> been testing:

Which object files are you comparing here? because I don't see the zero
change when comparing the before and after of megaraid_sas_fp.o with
the change you propose.

> 
> $ make allmodconfig
> $ ./scripts/config -d GCOV_KERNEL -d KCOV -d GCC_PLUGINS -d IKHEADERS -d KASAN -d UBSAN
> $ make olddefconfig
> $ make the/path/to/code.o
> $ cp the/path/to/code.o the/path/to/code.before
> $ *apply patch*
> $ make the/path/to/code.o
> $ cp the/path/to/code.o the/path/to/code.after
> $ diffoscope the/path/to/code.before the/path/to/code.after

Yep; that's how we do it. However, I think the zero change is the
exception, not the norm in these sorts of changes.

The machine code could easily change after refactoring the code a
bit as a consequence of the flex-array transformation. It's not like
we are merely removing the 1 from the array declaration. We are also
making use of helpers like struct_size(), flex_array_size() and in
some cases we are making the code to stop allocating some too-many
extra bytes (which usually account for the size of one item of the
trailing array) that are never actually used. I think that could
easily impact how the compiler ultimately arrange the code.

--
Gustavo

Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP

[Kees Cook]

On Thu, Jun 23, 2022 at 05:38:25PM +0200, Gustavo A. R. Silva wrote:
> Which object files are you comparing here? because I don't see the zero
> change when comparing the before and after of megaraid_sas_fp.o with
> the change you propose.

Hm, maybe I did something wrong. But I was looking at megaraid_sas_fp.o

-- 
Kees Cook

Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP

[Kees Cook]

On Fri, Jun 24, 2022 at 10:48:39AM -0700, Kees Cook wrote:
> On Thu, Jun 23, 2022 at 05:38:25PM +0200, Gustavo A. R. Silva wrote:
> > Which object files are you comparing here? because I don't see the zero
> > change when comparing the before and after of megaraid_sas_fp.o with
> > the change you propose.
> 
> Hm, maybe I did something wrong. But I was looking at megaraid_sas_fp.o

Explaining my process got a bit long, so I wrote a blog post on it.
Here's how I did my examination of the resulting output:

https://outflux.net/blog/archives/2022/06/24/finding-binary-differences/

-- 
Kees Cook

Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP

[Sumit Saxena]

[-- Attachment #1: Type: text/plain, Size: 483 bytes --]

>
> BTW, I'd really like to get some input from the maintainers of this
> code. :)
Original patch along with the below change looks good.

@@ -1193,7 +1193,7 @@ struct MR_DRV_RAID_MAP {
 struct MR_DRV_RAID_MAP_ALL {

        struct MR_DRV_RAID_MAP raidMap;
-       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN - 1];
+       struct MR_LD_SPAN_MAP ldSpanMap[MAX_LOGICAL_DRIVES_DYN];
 } __packed;

I will test it and then can provide an Acked-by/Tested-by tag.

Thanks,
Sumit

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4209 bytes --]