Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows that,
in the worst scenario, could lead to heap overflows.
Also, address the following sparse warnings:
drivers/hwspinlock/stm32_hwspinlock.c:84:32: warning: using sizeof on a flexible structure
Link: https://github.com/KSPP/linux/issues/174
Signed-off-by: Gustavo A. R. Silva <[email protected]>
---
drivers/hwspinlock/stm32_hwspinlock.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/hwspinlock/stm32_hwspinlock.c b/drivers/hwspinlock/stm32_hwspinlock.c
index 5bd11a7fab65..716ad4401249 100644
--- a/drivers/hwspinlock/stm32_hwspinlock.c
+++ b/drivers/hwspinlock/stm32_hwspinlock.c
@@ -73,15 +73,14 @@ static int stm32_hwspinlock_probe(struct platform_device *pdev)
struct device *dev = &pdev->dev;
struct stm32_hwspinlock *hw;
void __iomem *io_base;
- size_t array_size;
int i, ret;
io_base = devm_platform_ioremap_resource(pdev, 0);
if (IS_ERR(io_base))
return PTR_ERR(io_base);
- array_size = STM32_MUTEX_NUM_LOCKS * sizeof(struct hwspinlock);
- hw = devm_kzalloc(dev, sizeof(*hw) + array_size, GFP_KERNEL);
+ hw = devm_kzalloc(dev, struct_size(hw, bank.lock, STM32_MUTEX_NUM_LOCKS),
+ GFP_KERNEL);
if (!hw)
return -ENOMEM;
--
2.27.0
On Tue, Jan 25, 2022 at 10:07 AM Gustavo A. R. Silva
<[email protected]> wrote:
>
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worst scenario, could lead to heap overflows.
>
> Also, address the following sparse warnings:
> drivers/hwspinlock/stm32_hwspinlock.c:84:32: warning: using sizeof on a flexible structure
>
> Link: https://github.com/KSPP/linux/issues/174
> Signed-off-by: Gustavo A. R. Silva <[email protected]>
LGTM.
Reviewed-by: Baolin Wang <[email protected]>
> ---
> drivers/hwspinlock/stm32_hwspinlock.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/hwspinlock/stm32_hwspinlock.c b/drivers/hwspinlock/stm32_hwspinlock.c
> index 5bd11a7fab65..716ad4401249 100644
> --- a/drivers/hwspinlock/stm32_hwspinlock.c
> +++ b/drivers/hwspinlock/stm32_hwspinlock.c
> @@ -73,15 +73,14 @@ static int stm32_hwspinlock_probe(struct platform_device *pdev)
> struct device *dev = &pdev->dev;
> struct stm32_hwspinlock *hw;
> void __iomem *io_base;
> - size_t array_size;
> int i, ret;
>
> io_base = devm_platform_ioremap_resource(pdev, 0);
> if (IS_ERR(io_base))
> return PTR_ERR(io_base);
>
> - array_size = STM32_MUTEX_NUM_LOCKS * sizeof(struct hwspinlock);
> - hw = devm_kzalloc(dev, sizeof(*hw) + array_size, GFP_KERNEL);
> + hw = devm_kzalloc(dev, struct_size(hw, bank.lock, STM32_MUTEX_NUM_LOCKS),
> + GFP_KERNEL);
> if (!hw)
> return -ENOMEM;
>
> --
> 2.27.0
>
--
Baolin Wang
Hi Gustavo,
Thank you for the patch.
I am fine with it with a nit picking comment regarding the non-mandatory
80 characters line break [1].
BR
Fabien
[1] https://lkml.org/lkml/2020/5/29/1038
On 25/01/2022 03:13, Gustavo A. R. Silva wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worst scenario, could lead to heap overflows.
>
> Also, address the following sparse warnings:
> drivers/hwspinlock/stm32_hwspinlock.c:84:32: warning: using sizeof on a
> flexible structure
>
> Link: https://github.com/KSPP/linux/issues/174
> Signed-off-by: Gustavo A. R. Silva <[email protected]>
> ---
> drivers/hwspinlock/stm32_hwspinlock.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/hwspinlock/stm32_hwspinlock.c
> b/drivers/hwspinlock/stm32_hwspinlock.c
> index 5bd11a7fab65..716ad4401249 100644
> --- a/drivers/hwspinlock/stm32_hwspinlock.c
> +++ b/drivers/hwspinlock/stm32_hwspinlock.c
> @@ -73,15 +73,14 @@ static int stm32_hwspinlock_probe(struct
> platform_device *pdev)
> struct device *dev = &pdev->dev;
> struct stm32_hwspinlock *hw;
> void __iomem *io_base;
> - size_t array_size;
> int i, ret;
>
> io_base = devm_platform_ioremap_resource(pdev, 0);
> if (IS_ERR(io_base))
> return PTR_ERR(io_base);
>
> - array_size = STM32_MUTEX_NUM_LOCKS * sizeof(struct hwspinlock);
> - hw = devm_kzalloc(dev, sizeof(*hw) + array_size, GFP_KERNEL);
> + hw = devm_kzalloc(dev, struct_size(hw, bank.lock,
> STM32_MUTEX_NUM_LOCKS),
> + GFP_KERNEL);
No need from line break here.
> if (!hw)
> return -ENOMEM;
>
>