[PATCH] mux: Convert mux_control_ops to a flex array member in mux_chip

Fri, 21 Feb 2025 14:35:27 -0800 

Convert mux_control_ops to a flexible array member at the end of the
mux_chip struct and add the __counted_by() compiler attribute to
improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.

Use struct_size() to calculate the number of bytes to allocate for a new
mux chip and to remove the following Coccinelle/coccicheck warning:

  WARNING: Use struct_size

Use size_add() to safely add any extra bytes.

Compile-tested only.

Link: https://github.com/KSPP/linux/issues/83
Signed-off-by: Thorsten Blum <thorsten.b...@linux.dev>
---
 drivers/mux/core.c         | 7 +++----
 include/linux/mux/driver.h | 4 ++--
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/drivers/mux/core.c b/drivers/mux/core.c
index 02be4ba37257..a3840fe0995f 100644
--- a/drivers/mux/core.c
+++ b/drivers/mux/core.c
@@ -98,13 +98,12 @@ struct mux_chip *mux_chip_alloc(struct device *dev,
        if (WARN_ON(!dev || !controllers))
                return ERR_PTR(-EINVAL);
 
-       mux_chip = kzalloc(sizeof(*mux_chip) +
-                          controllers * sizeof(*mux_chip->mux) +
-                          sizeof_priv, GFP_KERNEL);
+       mux_chip = kzalloc(size_add(struct_size(mux_chip, mux, controllers),
+                                   sizeof_priv),
+                          GFP_KERNEL);
        if (!mux_chip)
                return ERR_PTR(-ENOMEM);
 
-       mux_chip->mux = (struct mux_control *)(mux_chip + 1);
        mux_chip->dev.class = &mux_class;
        mux_chip->dev.type = &mux_type;
        mux_chip->dev.parent = dev;
diff --git a/include/linux/mux/driver.h b/include/linux/mux/driver.h
index 18824064f8c0..e58e59354e23 100644
--- a/include/linux/mux/driver.h
+++ b/include/linux/mux/driver.h
@@ -56,18 +56,18 @@ struct mux_control {
 /**
  * struct mux_chip -   Represents a chip holding mux controllers.
  * @controllers:       Number of mux controllers handled by the chip.
- * @mux:               Array of mux controllers that are handled.
  * @dev:               Device structure.
  * @id:                        Used to identify the device internally.
  * @ops:               Mux controller operations.
+ * @mux:               Array of mux controllers that are handled.
  */
 struct mux_chip {
        unsigned int controllers;
-       struct mux_control *mux;
        struct device dev;
        int id;
 
        const struct mux_control_ops *ops;
+       struct mux_control mux[] __counted_by(controllers);
 };
 
 #define to_mux_chip(x) container_of((x), struct mux_chip, dev)
-- 
2.48.1

Reply via email to