Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp156992rbb; Fri, 23 Feb 2024 15:53:14 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWMeipUvYjxIsLu66tAJLZS2eojyl4OAsehNFKYbzVZhpCAZt3sHQLQvfPuFJciploScSvS8nBTq66//4emdNK7RLDzFb5CALxp30T7dg== X-Google-Smtp-Source: AGHT+IEQaHS6VVtPEWALSqgfZ6j794H2h/ctn1nvjEjkZBuNZnoqShu2FtsFX4+F8CVm432aEOpV X-Received: by 2002:aa7:d9d3:0:b0:565:862c:bf85 with SMTP id v19-20020aa7d9d3000000b00565862cbf85mr841937eds.12.1708732394781; Fri, 23 Feb 2024 15:53:14 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708732394; cv=pass; d=google.com; s=arc-20160816; b=n7N/16dCacnp8xjCJ9AO3cBA8Uf5SZw0htH10L0AH1nI9fJI4U7AMXT+P1C4w70Ei4 ZCaH3NPJuVskmG40nDwmrdV14hbm6/0LuL0z9ENCmQ9FcSondNtDgG3T7+kQQpnWWXWy /QNG7pYb5lpDyJxndcQYPUYP/8adtSKkr995vboEvdhK9eibyp3rAGsA4Uu9MT/Irjj0 mbR4k2NMujoOu59kfVU6DmP0nNUr1PTBmHtMUzGtoduA/VxDJ95GCHj9esUwEFsaezIk wxsSCy04i5vs2vhlxNox1wGWMRyyFB3FOrx/aBXzIOQgm3nwZXLrbI9rPgYNHwwDrrpq AT7Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=CtZ/gyZzvkeNiWt3oVfT5QTmQaJyVqDv2YJqGRGnkp8=; fh=sQ2VFbhMKDNAVlJVjp2o2wbDkgtAvPEV/NHKwWCH9fU=; b=bEaRgblRM4Mzw44XxuQk6kZGKYXape7Rb3X0UwJSu+xx/IjAgc66ZT/Oto2E0/i906 O6QAbZHbbg2zuGG/RnbXtcH8Ms0tTFwDyGEwOQbYoDR75FUtttVQEAp8PGbiSiF3HEgM fWoV3arP+N6H2KJ11zztZiORWIvYU6gtRYZRAm5iTWvcVIN2uy4P4lhymRCdPqmiaAqX IY+bmQlFTRopGWWgYI7EvcGVerHjSLnVUi1nIyX7JfPOFD9TSfoop7rQJQueTJdyG7Gk w4uJfMxnkf9L4IYt9DkoYvQBo3tIvVV7mbtPEhqFuvc202haBI2PaaVQQupQzy1+fUvJ M5Yw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=bFNTDbX4; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-79328-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79328-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id v15-20020aa7dbcf000000b005648b002d91si30440edt.524.2024.02.23.15.53.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 15:53:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-79328-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=bFNTDbX4; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-79328-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79328-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 88C741F2488D for ; Fri, 23 Feb 2024 23:53:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 870E314DFED; Fri, 23 Feb 2024 23:53:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="bFNTDbX4" Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6C1F14DFD6 for ; Fri, 23 Feb 2024 23:52:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708732385; cv=none; b=qWB8pG5ema4+pXpWsVZqqg8IKrFycaeJ8Fx+jXPSQ6MWjjekURZMkTMW5km96vB0sE8YqSkyTBDeP+e2u2LAemsRauu2icZAL9knF6EHkYpr+86I4Bgv7y+ma1IgFhYi0c82o1fUA/GO+r/RfCDwi0zcmsEzTT8yS/Sj0TAXcbI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708732385; c=relaxed/simple; bh=zg8HqNF7aNa77zuqfRyQfW/fe99lLofctq+gMMs9G44=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Eimou3HMPMCdO9x2a3Gpw4TaGlStGR0eTb7KJmvibDlX17jRvB4T2NnY0zhDpa0mvkt5X2ve/821ViZd9H+0RJdDJXQPCg310oPud4CD3nvDvPcEpSypAj3TiDiq5b+epz7LOyizY7qmd95f2Ktk5AcMkK6JdrJU2GkfaIxhe+k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=bFNTDbX4; arc=none smtp.client-ip=209.85.215.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pg1-f174.google.com with SMTP id 41be03b00d2f7-5d8b519e438so1293509a12.1 for ; Fri, 23 Feb 2024 15:52:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1708732377; x=1709337177; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=CtZ/gyZzvkeNiWt3oVfT5QTmQaJyVqDv2YJqGRGnkp8=; b=bFNTDbX4t/+wJ17uhYeOwK48ligwrudqgUXrs6T66/iR9ztdLkoTEaH5f6krmWc6bN HSbqmhjOXmNszglAVWbWLLy91gWIdSDFUzj/6QdyXgzQD0bVKyFBbzCIEk5tcP/Nxr5I YIlgaI+ggYj152lj+s8Mf4J3my0SIHzMG+SL4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708732377; x=1709337177; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=CtZ/gyZzvkeNiWt3oVfT5QTmQaJyVqDv2YJqGRGnkp8=; b=VzGQ9ymoOseL/bz8g4tLLzsDGq2hpxEI4aVRf2f96WCqaJQh2UuUtREiomvZSR9/k3 Bub9t1KMRjGGIiB7eh9IYPN4yqYUTGDbmUOZMvVxzt88ifP8MXPV12ZMVgnVbUEMxVDD sgINUv4x7HbGizEzf1vja/haIdpsf5z+Xl0kGnotcuo7qjlQ8VNZEJM4DUfkMz+o+wEJ vgi8iR7kWbunaxT+FnBqogHLHemUabBQL9qU2Dli2Mu1jEGTp0dYEX5l0wNMIqcbK5fI 87kLrXcYv/pFfxoYMgvc9wLs7Ed/Hg3YRQqDATpJn+/bdZl7BkfFkKDfm4kkeNxXvcKj iEtw== X-Forwarded-Encrypted: i=1; AJvYcCXcNFvvryAMSPygP6jS8DQkcOrvOnw24FxsiOyAuYztXwRUjcIIoWEU3djUu8QfabxfRqMAoZL/37YlL2Hvoz+dUmkZYSj3DeslZq9p X-Gm-Message-State: AOJu0Yx1Fk6cd/+6f/YrXI/YFp8IvMbbwdreVAklVJo8P8GGQi2wm3Ep eMkqmahXBqPhx4QaueIntaPzBBcC4mWx6ca4yDGDa4n7fmIdGbxwcPX+y3g6CEsL2J/QJEUALEk = X-Received: by 2002:a05:6a20:a49d:b0:19e:a527:96be with SMTP id y29-20020a056a20a49d00b0019ea52796bemr966445pzk.43.1708732377079; Fri, 23 Feb 2024 15:52:57 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id l64-20020a632543000000b005d3bae243bbsm57028pgl.4.2024.02.23.15.52.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 15:52:56 -0800 (PST) Date: Fri, 23 Feb 2024 15:52:56 -0800 From: Kees Cook To: Jacob Keller Cc: Jesse Brandeburg , Peter Rosin , gustavoars@kernel.org, linux-kernel@vger.kernel.org, linux-i2c@vger.kernel.org Subject: Re: [PATCH -next] mux: convert mux_chip->mux to flexible array Message-ID: <202402231552.26E774D@keescook> References: <20230223014221.1710307-1-jacob.e.keller@intel.com> <202402182100.1D5BBE45@keescook> <787dcf27-c434-42e0-9c80-35e341aa16c4@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <787dcf27-c434-42e0-9c80-35e341aa16c4@intel.com> On Tue, Feb 20, 2024 at 01:27:45PM -0800, Jacob Keller wrote: > > > On 2/18/2024 9:04 PM, Kees Cook wrote: > > On Mon, Feb 27, 2023 at 12:28:43PM -0800, Jesse Brandeburg wrote: > >> On 2/22/2023 5:42 PM, Jacob Keller wrote: > >>> The mux_chip structure size is over allocated to additionally include both > >>> the array of mux controllers as well as a device specific private area. > >>> The controllers array is then pointed to by assigning mux_chip->mux to the > >>> first block of extra memory, while the private area is extracted via > >>> mux_chip_priv() and points to the area just after the controllers. > >>> > >>> The size of the mux_chip allocation uses direct multiplication and addition > >>> rather than the helpers. In addition, the mux_chip->mux > >>> struct member wastes space by having to store the pointer as part of the > >>> structures. > >>> > >>> Convert struct mux_chip to use a flexible array member for the mux > >>> controller array. Use struct_size() and size_add() to compute the size of > >>> the structure while protecting against overflow. > >>> > >>> After converting the mux pointer, notice that two 4-byte holes remain in > >>> the structure layout due to the alignment requirements for the dev > >>> sub-structure and the ops pointer. > >>> > >>> These can be easily fixed through re-ordering the id field to the 4-byte > >>> hole just after the controllers member. > >> > >> Looks good to me (just a driver dev, not a mux dev!). Also added > >> linux-i2c mailing list and a couple others for more review. > >> > >> Reviewed-by: Jesse Brandeburg > >> > >> related thread (cocci script) at [1] > >> > >> [1] > >> https://lore.kernel.org/all/20230227202428.3657443-1-jacob.e.keller@intel.com/ > > > > *thread necromancy* > > > > Can we land this? It's the last struct_size() instance that the above > > Coccinelle script flags. > > > > Reviewed-by: Kees Cook > > > > I'm happy to send a v2 if we need. Since it's been a while, yeah, can you send a v2? Thanks! -Kees -- Kees Cook