On 2020/5/19 6:19, Gustavo A. R. Silva <gustavo...@kernel.org> wrote:
> -----Original Message-----
> From: Gustavo A. R. Silva <gustavo...@kernel.org>
> Sent: 2020年5月19日 6:19
> To: Qiang Zhao <qiang.z...@nxp.com>; Leo Li <leoyang...@nxp.com>
> Cc: linuxppc-dev@lists.ozlabs.org; linux-arm-ker...@lists.infradead.org;
> linux-ker...@vger.kernel.org; Gustavo A. R. Silva <gust...@embeddedor.com>;
> Kees Cook <keesc...@chromium.org>
> Subject: [PATCH] soc: fsl: qe: Replace one-element array and use struct_size()
> helper
>
> The current codebase makes use of one-element arrays in the following
> form:
>
> struct something {
> int length;
> u8 data[1];
> };
>
> struct something *instance;
>
> instance = kmalloc(sizeof(*instance) + size, GFP_KERNEL);
> instance->length = size;
> memcpy(instance->data, source, size);
>
> but the preferred mechanism to declare variable-length types such as these
> ones is a flexible array member[1][2], introduced in C99:
>
> struct foo {
> int stuff;
> struct boo array[];
> };
>
> By making use of the mechanism above, we will get a compiler warning in case
> the flexible array does not occur last in the structure, which will help us
> prevent
> some kind of undefined behavior bugs from being inadvertently introduced[3]
> to the codebase from now on. So, replace the one-element array with a
> flexible-array member.
>
> Also, make use of the new struct_size() helper to properly calculate the size
> of
> struct qe_firmware.
>
> This issue was found with the help of Coccinelle and, audited and fixed
> _manually_.
>
> [1]
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgcc.gnu.
> org%2Fonlinedocs%2Fgcc%2FZero-Length.html&data=02%7C01%7Cqiang.
> zhao%40nxp.com%7Cb058bcb9af134df8446808d7fb78cfa9%7C686ea1d3bc2b
> 4c6fa92cd99c5c301635%7C0%7C0%7C637254368610203908&sdata=70
> a6VBg3oWQf9a5KICuCEuIj6gw57NKYhNv2JL8JdDY%3D&reserved=0
> [2]
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.c
> om%2FKSPP%2Flinux%2Fissues%2F21&data=02%7C01%7Cqiang.zhao%40
> nxp.com%7Cb058bcb9af134df8446808d7fb78cfa9%7C686ea1d3bc2b4c6fa92c
> d99c5c301635%7C0%7C0%7C637254368610213901&sdata=kVyNBYHbm
> a5jCO9pbkoHMetHEYGvWDq6Xw%2BBeC7uHII%3D&reserved=0
> [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour")
>
> Signed-off-by: Gustavo A. R. Silva <gustavo...@kernel.org>
> ---
> drivers/soc/fsl/qe/qe.c | 4 ++--
> include/soc/fsl/qe/qe.h | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/soc/fsl/qe/qe.c b/drivers/soc/fsl/qe/qe.c index
> 447146861c2c1..2df20d6f85fa4 100644
> --- a/drivers/soc/fsl/qe/qe.c
> +++ b/drivers/soc/fsl/qe/qe.c
> @@ -448,7 +448,7 @@ int qe_upload_firmware(const struct qe_firmware
> *firmware)
> unsigned int i;
> unsigned int j;
> u32 crc;
> - size_t calc_size = sizeof(struct qe_firmware);
> + size_t calc_size;
> size_t length;
> const struct qe_header *hdr;
>
> @@ -480,7 +480,7 @@ int qe_upload_firmware(const struct qe_firmware
> *firmware)
> }
>
> /* Validate the length and check if there's a CRC */
> - calc_size += (firmware->count - 1) * sizeof(struct qe_microcode);
> + calc_size = struct_size(firmware, microcode, firmware->count);
>
> for (i = 0; i < firmware->count; i++)
> /*
> diff --git a/include/soc/fsl/qe/qe.h b/include/soc/fsl/qe/qe.h index
> e282ac01ec081..3feddfec9f87d 100644
> --- a/include/soc/fsl/qe/qe.h
> +++ b/include/soc/fsl/qe/qe.h
> @@ -307,7 +307,7 @@ struct qe_firmware {
> u8 revision; /* The microcode version revision */
> u8 padding; /* Reserved, for alignment */
> u8 reserved[4]; /* Reserved, for future expansion */
> - } __attribute__ ((packed)) microcode[1];
> + } __packed microcode[];
> /* All microcode binaries should be located here */
> /* CRC32 should be located here, after the microcode binaries */ }
> __attribute__ ((packed));
> --
> 2.26.2
[>]
Reviewed-by: Qiang Zhao <qiang.z...@nxp.com>
Best Regards
Qiang Zhao
