[PATCH 0/3][next] scsi: smartpqi: Replace one-element arrays with flexible-array members

[PATCH 0/3][next] scsi: smartpqi: Replace one-element arrays with flexible-array members

[Gustavo A. R. Silva]

Hi!

This series aims to replace one-element arrays with flexible-array
members in drivers/scsi/smartpqi/smartpqi.h

This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
routines on memcpy() and help us make progress towards globally
enabling -fstrict-flex-arrays=3 [1].

Link: https://en.wikipedia.org/wiki/Flexible_array_member
Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/109
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1]

Gustavo A. R. Silva (3):
  scsi: smartpqi: Replace one-element array with flexible-array member
  scsi: smartpqi: Replace one-element arrays with flexible-array members
  scsi: smartpqi: Use struct_size() helper in pqi_report_phys_luns()

 drivers/scsi/smartpqi/smartpqi.h      |  6 +++---
 drivers/scsi/smartpqi/smartpqi_init.c | 12 ++++--------
 2 files changed, 7 insertions(+), 11 deletions(-)

-- 
2.34.1

[PATCH 1/3][next] scsi: smartpqi: Replace one-element array with flexible-array member

[Gustavo A. R. Silva]

One-element arrays are deprecated, and we are replacing them with flexible
array members instead. So, replace one-element array with flexible-array
member in struct MR_DRV_RAID_MAP and refactor the the rest of the code
accordingly.

It seems that the addition of sizeof(struct report_log_lun) in all the
places that are modified by this patch is due to the fact that
the one-element array struct report_log_lun lun_entries[1]; always
contributes to the size of the containing structure struct
report_log_lun_list.

Notice that at line 1267 while allocating memory for an instance of
struct report_log_lun_list, some _extra_ space seems to be allocated
for one element of type struct report_log_lun, which is the type of
the elements in array lun_entries:

 1267         internal_logdev_list = kmalloc(logdev_data_length +
 1268                 sizeof(struct report_log_lun), GFP_KERNEL);

However, at line 1275 just logdev_data_length bytes are copied into
internal_logdev_list (remember that we allocated space for logdev_data_length +
sizeof(struct report_log_lun) bytes at line 1267), and then exactly
sizeof(struct report_log_lun) bytes are being zeroing out at line 1276.

 1275         memcpy(internal_logdev_list, logdev_data, logdev_data_length);
 1276         memset((u8 *)internal_logdev_list + logdev_data_length, 0,
 1277                 sizeof(struct report_log_lun));

All the above makes think that it's just fine if we transform array
lun_entries into a flexible-array member and just don't allocate
that extra sizeof(struct report_log_lun) bytes of space. With this
we can remove that memset() call and we also need to modify the code
that updates the total length (internal_logdev_list->header.list_length)
of array lun_entries at line 1278:

 1278         put_unaligned_be32(logdev_list_length +
 1279                 sizeof(struct report_log_lun),
 1280                 &internal_logdev_list->header.list_length);

This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/204
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
And of course, it'd be great if maintainers can confirm what I described
in the changelog text. :)

 drivers/scsi/smartpqi/smartpqi.h      |  2 +-
 drivers/scsi/smartpqi/smartpqi_init.c | 10 +++-------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/drivers/scsi/smartpqi/smartpqi.h b/drivers/scsi/smartpqi/smartpqi.h
index e550b12e525a..d1756c9d1112 100644
--- a/drivers/scsi/smartpqi/smartpqi.h
+++ b/drivers/scsi/smartpqi/smartpqi.h
@@ -954,7 +954,7 @@ struct report_log_lun {
 
 struct report_log_lun_list {
 	struct report_lun_header header;
-	struct report_log_lun lun_entries[1];
+	struct report_log_lun lun_entries[];
 };
 
 struct report_phys_lun_8byte_wwid {
diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index b971fbe3b3a1..544cd18a90d7 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -1264,8 +1264,7 @@ static int pqi_get_device_lists(struct pqi_ctrl_info *ctrl_info,
 	logdev_data_length = sizeof(struct report_lun_header) +
 		logdev_list_length;
 
-	internal_logdev_list = kmalloc(logdev_data_length +
-		sizeof(struct report_log_lun), GFP_KERNEL);
+	internal_logdev_list = kmalloc(logdev_data_length, GFP_KERNEL);
 	if (!internal_logdev_list) {
 		kfree(*logdev_list);
 		*logdev_list = NULL;
@@ -1273,11 +1272,8 @@ static int pqi_get_device_lists(struct pqi_ctrl_info *ctrl_info,
 	}
 
 	memcpy(internal_logdev_list, logdev_data, logdev_data_length);
-	memset((u8 *)internal_logdev_list + logdev_data_length, 0,
-		sizeof(struct report_log_lun));
-	put_unaligned_be32(logdev_list_length +
-		sizeof(struct report_log_lun),
-		&internal_logdev_list->header.list_length);
+	put_unaligned_be32(logdev_list_length,
+			   &internal_logdev_list->header.list_length);
 
 	kfree(*logdev_list);
 	*logdev_list = internal_logdev_list;
-- 
2.34.1

[PATCH 2/3][next] scsi: smartpqi: Replace one-element arrays with flexible-array members

[Gustavo A. R. Silva]

One-element arrays are deprecated, and we are replacing them with flexible
array members instead. So, replace one-element array with flexible-array
member in structures report_phys_lun_8byte_wwid_list and
report_phys_lun_16byte_wwid_list.

This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/204
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 drivers/scsi/smartpqi/smartpqi.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/smartpqi/smartpqi.h b/drivers/scsi/smartpqi/smartpqi.h
index d1756c9d1112..b31b42530674 100644
--- a/drivers/scsi/smartpqi/smartpqi.h
+++ b/drivers/scsi/smartpqi/smartpqi.h
@@ -982,12 +982,12 @@ struct report_phys_lun_16byte_wwid {
 
 struct report_phys_lun_8byte_wwid_list {
 	struct report_lun_header header;
-	struct report_phys_lun_8byte_wwid lun_entries[1];
+	struct report_phys_lun_8byte_wwid lun_entries[];
 };
 
 struct report_phys_lun_16byte_wwid_list {
 	struct report_lun_header header;
-	struct report_phys_lun_16byte_wwid lun_entries[1];
+	struct report_phys_lun_16byte_wwid lun_entries[];
 };
 
 struct raid_map_disk_data {
-- 
2.34.1

[PATCH 3/3][next] scsi: smartpqi: Use struct_size() helper in pqi_report_phys_luns()

[Gustavo A. R. Silva]

Prefer struct_size() over open-coded versions of idiom:

sizeof(struct-with-flex-array) + sizeof(typeof-flex-array-elements) * count

where count is the max number of items the flexible array is supposed to
contain.

Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 drivers/scsi/smartpqi/smartpqi_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index 544cd18a90d7..17bdc8b3f161 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -1192,7 +1192,7 @@ static inline int pqi_report_phys_luns(struct pqi_ctrl_info *ctrl_info, void **b
 
 	rpl_8byte_wwid_list = rpl_list;
 	num_physicals = get_unaligned_be32(&rpl_8byte_wwid_list->header.list_length) / sizeof(rpl_8byte_wwid_list->lun_entries[0]);
-	rpl_16byte_wwid_list_length = sizeof(struct report_lun_header) + (num_physicals * sizeof(struct report_phys_lun_16byte_wwid));
+	rpl_16byte_wwid_list_length = struct_size(rpl_16byte_wwid_list, lun_entries, num_physicals);
 
 	rpl_16byte_wwid_list = kmalloc(rpl_16byte_wwid_list_length, GFP_KERNEL);
 	if (!rpl_16byte_wwid_list)
-- 
2.34.1

Re: [PATCH 0/3][next] scsi: smartpqi: Replace one-element arrays with flexible-array members

[Gustavo A. R. Silva]

Hi all,

Friendly ping: who can review/take this, please? :)

Thanks
--
Gustavo

On 9/21/22 23:26, Gustavo A. R. Silva wrote:
> Hi!
> 
> This series aims to replace one-element arrays with flexible-array
> members in drivers/scsi/smartpqi/smartpqi.h
> 
> This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
> routines on memcpy() and help us make progress towards globally
> enabling -fstrict-flex-arrays=3 [1].
> 
> Link: https://en.wikipedia.org/wiki/Flexible_array_member
> Link: https://www.kernel.org/doc/html/v5.10/process/deprecated.html#zero-length-and-one-element-arrays
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/109
> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1]
> 
> Gustavo A. R. Silva (3):
>    scsi: smartpqi: Replace one-element array with flexible-array member
>    scsi: smartpqi: Replace one-element arrays with flexible-array members
>    scsi: smartpqi: Use struct_size() helper in pqi_report_phys_luns()
> 
>   drivers/scsi/smartpqi/smartpqi.h      |  6 +++---
>   drivers/scsi/smartpqi/smartpqi_init.c | 12 ++++--------
>   2 files changed, 7 insertions(+), 11 deletions(-)
> 

Re: [PATCH 1/3][next] scsi: smartpqi: Replace one-element array with flexible-array member

[Kees Cook]

On Wed, Sep 21, 2022 at 11:28:35PM -0500, Gustavo A. R. Silva wrote:
> One-element arrays are deprecated, and we are replacing them with flexible
> array members instead. So, replace one-element array with flexible-array
> member in struct MR_DRV_RAID_MAP and refactor the the rest of the code
> accordingly.
> 
> It seems that the addition of sizeof(struct report_log_lun) in all the
> places that are modified by this patch is due to the fact that
> the one-element array struct report_log_lun lun_entries[1]; always
> contributes to the size of the containing structure struct
> report_log_lun_list.
> 
> Notice that at line 1267 while allocating memory for an instance of
> struct report_log_lun_list, some _extra_ space seems to be allocated
> for one element of type struct report_log_lun, which is the type of
> the elements in array lun_entries:
> 
>  1267         internal_logdev_list = kmalloc(logdev_data_length +
>  1268                 sizeof(struct report_log_lun), GFP_KERNEL);
> 
> However, at line 1275 just logdev_data_length bytes are copied into
> internal_logdev_list (remember that we allocated space for logdev_data_length +
> sizeof(struct report_log_lun) bytes at line 1267), and then exactly
> sizeof(struct report_log_lun) bytes are being zeroing out at line 1276.
> 
>  1275         memcpy(internal_logdev_list, logdev_data, logdev_data_length);
>  1276         memset((u8 *)internal_logdev_list + logdev_data_length, 0,
>  1277                 sizeof(struct report_log_lun));
> 
> All the above makes think that it's just fine if we transform array
> lun_entries into a flexible-array member and just don't allocate
> that extra sizeof(struct report_log_lun) bytes of space. With this
> we can remove that memset() call and we also need to modify the code
> that updates the total length (internal_logdev_list->header.list_length)
> of array lun_entries at line 1278:
> 
>  1278         put_unaligned_be32(logdev_list_length +
>  1279                 sizeof(struct report_log_lun),
>  1280                 &internal_logdev_list->header.list_length);
> 
> This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines
> on memcpy().
> 
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/204
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
> And of course, it'd be great if maintainers can confirm what I described
> in the changelog text. :)
> 
>  drivers/scsi/smartpqi/smartpqi.h      |  2 +-
>  drivers/scsi/smartpqi/smartpqi_init.c | 10 +++-------
>  2 files changed, 4 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/scsi/smartpqi/smartpqi.h b/drivers/scsi/smartpqi/smartpqi.h
> index e550b12e525a..d1756c9d1112 100644
> --- a/drivers/scsi/smartpqi/smartpqi.h
> +++ b/drivers/scsi/smartpqi/smartpqi.h
> @@ -954,7 +954,7 @@ struct report_log_lun {
>  
>  struct report_log_lun_list {
>  	struct report_lun_header header;
> -	struct report_log_lun lun_entries[1];
> +	struct report_log_lun lun_entries[];
>  };
>  
>  struct report_phys_lun_8byte_wwid {
> diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
> index b971fbe3b3a1..544cd18a90d7 100644
> --- a/drivers/scsi/smartpqi/smartpqi_init.c
> +++ b/drivers/scsi/smartpqi/smartpqi_init.c
> @@ -1264,8 +1264,7 @@ static int pqi_get_device_lists(struct pqi_ctrl_info *ctrl_info,
>  	logdev_data_length = sizeof(struct report_lun_header) +
>  		logdev_list_length;
>  
> -	internal_logdev_list = kmalloc(logdev_data_length +
> -		sizeof(struct report_log_lun), GFP_KERNEL);
> +	internal_logdev_list = kmalloc(logdev_data_length, GFP_KERNEL);
>  	if (!internal_logdev_list) {
>  		kfree(*logdev_list);
>  		*logdev_list = NULL;
> @@ -1273,11 +1272,8 @@ static int pqi_get_device_lists(struct pqi_ctrl_info *ctrl_info,
>  	}
>  
>  	memcpy(internal_logdev_list, logdev_data, logdev_data_length);
> -	memset((u8 *)internal_logdev_list + logdev_data_length, 0,
> -		sizeof(struct report_log_lun));
> -	put_unaligned_be32(logdev_list_length +
> -		sizeof(struct report_log_lun),
> -		&internal_logdev_list->header.list_length);
> +	put_unaligned_be32(logdev_list_length,
> +			   &internal_logdev_list->header.list_length);

This is a bit of a twisty maze to read through, but at the end, I agree
with your assessment: it was needlessly added the extra member to the
allocation. I don't see it used anywhere in later code -- it's always
bounded by logdev_list_length.

Reviewed-by: Kees Cook <keescook@chromium.org>

>  
>  	kfree(*logdev_list);
>  	*logdev_list = internal_logdev_list;
> -- 
> 2.34.1
> 

-- 
Kees Cook

Re: [PATCH 2/3][next] scsi: smartpqi: Replace one-element arrays with flexible-array members

[Kees Cook]

On Wed, Sep 21, 2022 at 11:29:29PM -0500, Gustavo A. R. Silva wrote:
> One-element arrays are deprecated, and we are replacing them with flexible
> array members instead. So, replace one-element array with flexible-array
> member in structures report_phys_lun_8byte_wwid_list and
> report_phys_lun_16byte_wwid_list.
> 
> This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines
> on memcpy().
> 
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/204
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Are there any binary differences after this patch? I assume not, so:

Reviewed-by: Kees Cook <keescook@chromium.org>


> ---
>  drivers/scsi/smartpqi/smartpqi.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/scsi/smartpqi/smartpqi.h b/drivers/scsi/smartpqi/smartpqi.h
> index d1756c9d1112..b31b42530674 100644
> --- a/drivers/scsi/smartpqi/smartpqi.h
> +++ b/drivers/scsi/smartpqi/smartpqi.h
> @@ -982,12 +982,12 @@ struct report_phys_lun_16byte_wwid {
>  
>  struct report_phys_lun_8byte_wwid_list {
>  	struct report_lun_header header;
> -	struct report_phys_lun_8byte_wwid lun_entries[1];
> +	struct report_phys_lun_8byte_wwid lun_entries[];
>  };
>  
>  struct report_phys_lun_16byte_wwid_list {
>  	struct report_lun_header header;
> -	struct report_phys_lun_16byte_wwid lun_entries[1];
> +	struct report_phys_lun_16byte_wwid lun_entries[];
>  };
>  
>  struct raid_map_disk_data {
> -- 
> 2.34.1
> 

-- 
Kees Cook

Re: [PATCH 3/3][next] scsi: smartpqi: Use struct_size() helper in pqi_report_phys_luns()

[Kees Cook]

On Wed, Sep 21, 2022 at 11:30:47PM -0500, Gustavo A. R. Silva wrote:
> Prefer struct_size() over open-coded versions of idiom:
> 
> sizeof(struct-with-flex-array) + sizeof(typeof-flex-array-elements) * count
> 
> where count is the max number of items the flexible array is supposed to
> contain.
> 
> Link: https://github.com/KSPP/linux/issues/160
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Reviewed-by: Kees Cook <keescook@chromium.org>

> ---
>  drivers/scsi/smartpqi/smartpqi_init.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
> index 544cd18a90d7..17bdc8b3f161 100644
> --- a/drivers/scsi/smartpqi/smartpqi_init.c
> +++ b/drivers/scsi/smartpqi/smartpqi_init.c
> @@ -1192,7 +1192,7 @@ static inline int pqi_report_phys_luns(struct pqi_ctrl_info *ctrl_info, void **b
>  
>  	rpl_8byte_wwid_list = rpl_list;
>  	num_physicals = get_unaligned_be32(&rpl_8byte_wwid_list->header.list_length) / sizeof(rpl_8byte_wwid_list->lun_entries[0]);
> -	rpl_16byte_wwid_list_length = sizeof(struct report_lun_header) + (num_physicals * sizeof(struct report_phys_lun_16byte_wwid));
> +	rpl_16byte_wwid_list_length = struct_size(rpl_16byte_wwid_list, lun_entries, num_physicals);
>  
>  	rpl_16byte_wwid_list = kmalloc(rpl_16byte_wwid_list_length, GFP_KERNEL);
>  	if (!rpl_16byte_wwid_list)
> -- 
> 2.34.1
> 

-- 
Kees Cook

Re: [PATCH 1/3][next] scsi: smartpqi: Replace one-element array with flexible-array member

[Gustavo A. R. Silva]

On 2/6/23 15:58, Don.Brace@microchip.com wrote:
> 
> ________________________________
> From: Gustavo A. R. Silva <gustavoars@kernel.org>
> Sent: Wednesday, September 21, 2022 11:28 PM
> To: Kevin Barnett <kevin.barnett@microsemi.com>; Don Brace - C33706 <Don.Brace@microchip.com>; storagedev <storagedev@microchip.com>; James E.J. Bottomley <jejb@linux.ibm.com>; Martin K. Petersen <martin.petersen@oracle.com>
> Cc: linux-scsi@vger.kernel.org <linux-scsi@vger.kernel.org>; linux-kernel@vger.kernel.org <linux-kernel@vger.kernel.org>; Gustavo A. R. Silva <gustavoars@kernel.org>; linux-hardening@vger.kernel.org <linux-hardening@vger.kernel.org>
> Subject: [PATCH 1/3][next] scsi: smartpqi: Replace one-element array with flexible-array member
> 
> [Some people who received this message don't often get email from gustavoars@kernel.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
> 
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> 
> One-element arrays are deprecated, and we are replacing them with flexible
> array members instead. So, replace one-element array with flexible-array
> member in struct MR_DRV_RAID_MAP and refactor the the rest of the code
> accordingly.
> 
> It seems that the addition of sizeof(struct report_log_lun) in all the
> places that are modified by this patch is due to the fact that
> the one-element array struct report_log_lun lun_entries[1]; always
> contributes to the size of the containing structure struct
> report_log_lun_list.
> 
> Notice that at line 1267 while allocating memory for an instance of
> struct report_log_lun_list, some _extra_ space seems to be allocated
> for one element of type struct report_log_lun, which is the type of
> the elements in array lun_entries:
> 
>   1267         internal_logdev_list = kmalloc(logdev_data_length +
>   1268                 sizeof(struct report_log_lun), GFP_KERNEL);
> 
> However, at line 1275 just logdev_data_length bytes are copied into
> internal_logdev_list (remember that we allocated space for logdev_data_length +
> sizeof(struct report_log_lun) bytes at line 1267), and then exactly
> sizeof(struct report_log_lun) bytes are being zeroing out at line 1276.
> 
>   1275         memcpy(internal_logdev_list, logdev_data, logdev_data_length);
>   1276         memset((u8 *)internal_logdev_list + logdev_data_length, 0,
>   1277                 sizeof(struct report_log_lun));
> 
> All the above makes think that it's just fine if we transform array
> lun_entries into a flexible-array member and just don't allocate
> that extra sizeof(struct report_log_lun) bytes of space. With this
> we can remove that memset() call and we also need to modify the code
> that updates the total length (internal_logdev_list->header.list_length)
> of array lun_entries at line 1278:
> 
>   1278         put_unaligned_be32(logdev_list_length +
>   1279                 sizeof(struct report_log_lun),
>   1280                 &internal_logdev_list->header.list_length);
> 
> This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines
> on memcpy().
> 
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/204
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> 
> NAK: What is actually happening is that we were taking on an extra list entry that is all zeros for the controller itself. This is intentional. These changes will break the driver.

Oh, great to know. :)

So, in this case, what do you think about this, instead:

diff --git a/drivers/scsi/smartpqi/smartpqi.h b/drivers/scsi/smartpqi/smartpqi.h
index af27bb0f3133..228838eb3686 100644
--- a/drivers/scsi/smartpqi/smartpqi.h
+++ b/drivers/scsi/smartpqi/smartpqi.h
@@ -954,7 +954,7 @@ struct report_log_lun {

  struct report_log_lun_list {
         struct report_lun_header header;
-       struct report_log_lun lun_entries[1];
+       struct report_log_lun lun_entries[];
  };

  struct report_phys_lun_8byte_wwid {
diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index d0446d4d4465..af8f1a8e9f8f 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -1277,6 +1277,10 @@ static int pqi_get_device_lists(struct pqi_ctrl_info *ctrl_info,
         logdev_data_length = sizeof(struct report_lun_header) +
                 logdev_list_length;

+       /*
+        * Notice that we take on an extra list entry (struct report_log_lun)
+        * that is all zeros for the controller itself.
+        */
         internal_logdev_list = kmalloc(logdev_data_length +
                 sizeof(struct report_log_lun), GFP_KERNEL);
         if (!internal_logdev_list) {


Thanks for the feedback!
--
Gustavo

> 
> Thanks,
> Don Brace <don.brace@microchip.com>
> 
> 
> ---
> And of course, it'd be great if maintainers can confirm what I described
> in the changelog text. :)
> 
>   drivers/scsi/smartpqi/smartpqi.h      |  2 +-
>   drivers/scsi/smartpqi/smartpqi_init.c | 10 +++-------
>   2 files changed, 4 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/scsi/smartpqi/smartpqi.h b/drivers/scsi/smartpqi/smartpqi.h
> index e550b12e525a..d1756c9d1112 100644
> --- a/drivers/scsi/smartpqi/smartpqi.h
> +++ b/drivers/scsi/smartpqi/smartpqi.h
> @@ -954,7 +954,7 @@ struct report_log_lun {
> 
>   struct report_log_lun_list {
>          struct report_lun_header header;
> -       struct report_log_lun lun_entries[1];
> +       struct report_log_lun lun_entries[];
>   };
> 
>   struct report_phys_lun_8byte_wwid {
> diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
> index b971fbe3b3a1..544cd18a90d7 100644
> --- a/drivers/scsi/smartpqi/smartpqi_init.c
> +++ b/drivers/scsi/smartpqi/smartpqi_init.c
> @@ -1264,8 +1264,7 @@ static int pqi_get_device_lists(struct pqi_ctrl_info *ctrl_info,
>          logdev_data_length = sizeof(struct report_lun_header) +
>                  logdev_list_length;
> 
> -       internal_logdev_list = kmalloc(logdev_data_length +
> -               sizeof(struct report_log_lun), GFP_KERNEL);
> +       internal_logdev_list = kmalloc(logdev_data_length, GFP_KERNEL);
>          if (!internal_logdev_list) {
>                  kfree(*logdev_list);
>                  *logdev_list = NULL;
> @@ -1273,11 +1272,8 @@ static int pqi_get_device_lists(struct pqi_ctrl_info *ctrl_info,
>          }
> 
>          memcpy(internal_logdev_list, logdev_data, logdev_data_length);
> -       memset((u8 *)internal_logdev_list + logdev_data_length, 0,
> -               sizeof(struct report_log_lun));
> -       put_unaligned_be32(logdev_list_length +
> -               sizeof(struct report_log_lun),
> -               &internal_logdev_list->header.list_length);
> +       put_unaligned_be32(logdev_list_length,
> +                          &internal_logdev_list->header.list_length);
> 
>          kfree(*logdev_list);
>          *logdev_list = internal_logdev_list;
> --
> 2.34.1
> 
> 

Re: [PATCH 1/3][next] scsi: smartpqi: Replace one-element array with flexible-array member

[Gustavo A. R. Silva]

On 2/7/23 15:08, Don.Brace@microchip.com wrote:
> 
> ________________________________
> From: Gustavo A. R. Silva <gustavo@embeddedor.com>
> Sent: Monday, February 6, 2023 4:28 PM
> To: Don Brace - C33706 <Don.Brace@microchip.com>; gustavoars@kernel.org <gustavoars@kernel.org>; kevin.barnett@microsemi.com <kevin.barnett@microsemi.com>; storagedev <storagedev@microchip.com>; jejb@linux.ibm.com <jejb@linux.ibm.com>; martin.petersen@oracle.com <martin.petersen@oracle.com>
> Cc: linux-scsi@vger.kernel.org <linux-scsi@vger.kernel.org>; linux-kernel@vger.kernel.org <linux-kernel@vger.kernel.org>; linux-hardening@vger.kernel.org <linux-hardening@vger.kernel.org>; Kees Cook <keescook@chromium.org>
> Subject: Re: [PATCH 1/3][next] scsi: smartpqi: Replace one-element array with flexible-array member
> 
> 
>> NAK: What is actually happening is that we were taking on an extra list entry that is all zeros for the controller itself. This is intentional. These changes will break the driver.
> 
> Oh, great to know. :)
> 
> So, in this case, what do you think about this, instead:
> 
> diff --git a/drivers/scsi/smartpqi/smartpqi.h b/drivers/scsi/smartpqi/smartpqi.h
> index af27bb0f3133..228838eb3686 100644
> --- a/drivers/scsi/smartpqi/smartpqi.h
> +++ b/drivers/scsi/smartpqi/smartpqi.h
> @@ -954,7 +954,7 @@ struct report_log_lun {
> 
>    struct report_log_lun_list {
>           struct report_lun_header header;
> -       struct report_log_lun lun_entries[1];
> +       struct report_log_lun lun_entries[];
>    };
> 
> This HUNK is OK.
> Thanks for your patch.
> 
> Acked-by: Don Brace <don.brace@microchip.com>
> Don
> 
>    struct report_phys_lun_8byte_wwid {
> diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
> index d0446d4d4465..af8f1a8e9f8f 100644
> --- a/drivers/scsi/smartpqi/smartpqi_init.c
> +++ b/drivers/scsi/smartpqi/smartpqi_init.c
> @@ -1277,6 +1277,10 @@ static int pqi_get_device_lists(struct pqi_ctrl_info *ctrl_info,
>           logdev_data_length = sizeof(struct report_lun_header) +
>                   logdev_list_length;
> 
> +       /*
> +        * Notice that we take on an extra list entry (struct report_log_lun)
> +        * that is all zeros for the controller itself.
> +        */
>           internal_logdev_list = kmalloc(logdev_data_length +
>                   sizeof(struct report_log_lun), GFP_KERNEL);
>           if (!internal_logdev_list) {
> 
> The driver author has provided his input on the change to the above comment:
> 
> I think that'd I'd prefer that we just amplify the existing comment to something like this:
> 
>          /*
>           * Tack the controller itself onto the end of the logical device list
>                 * by adding a list entry that is all zeros.
>           */

OK. Great. :)

Thanks
--
Gustavo

> 
> Thank-you for your patch
> Don Brace <don.brace@microchip.com>
> 
>