2023-03-07 23:03:34

by Jacob Keller

[permalink] [raw]
Subject: [PATCH v2] wifi: qtnfmac: use struct_size and size_sub for payload length

Replace the calculations for the payload length in
qtnf_cmd_band_fill_iftype with struct_size() and size_sub(). While
the payload length does not get directly passed to an allocation function,
the performed calculation is still calculating the size of a flexible array
structure (minus the size of a header structure).

Signed-off-by: Jacob Keller <[email protected]>
Cc: Igor Mitsyanko <[email protected]>
Cc: Sergey Matyukevich <[email protected]>
---
This was discovered by a coccinelle patch I developed, and submitted at:
https://lore.kernel.org/all/[email protected]/

V1: https://lore.kernel.org/linux-wireless/[email protected]/
Changes since v1
* Split series into individual postings to avoid confusion about dependency
* Fixed subject line

drivers/net/wireless/quantenna/qtnfmac/commands.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/net/wireless/quantenna/qtnfmac/commands.c b/drivers/net/wireless/quantenna/qtnfmac/commands.c
index b1b73478d89b..68ae9c7ea95a 100644
--- a/drivers/net/wireless/quantenna/qtnfmac/commands.c
+++ b/drivers/net/wireless/quantenna/qtnfmac/commands.c
@@ -1325,9 +1325,10 @@ static int qtnf_cmd_band_fill_iftype(const u8 *data,
struct ieee80211_sband_iftype_data *iftype_data;
const struct qlink_tlv_iftype_data *tlv =
(const struct qlink_tlv_iftype_data *)data;
- size_t payload_len = tlv->n_iftype_data * sizeof(*tlv->iftype_data) +
- sizeof(*tlv) -
- sizeof(struct qlink_tlv_hdr);
+ size_t payload_len;
+
+ payload_len = struct_size(tlv, iftype_data, tlv->n_iftype_data);
+ payload_len = size_sub(payload_len, sizeof(struct qlink_tlv_hdr));

if (tlv->hdr.len != cpu_to_le16(payload_len)) {
pr_err("bad IFTYPE_DATA TLV len %u\n", tlv->hdr.len);

base-commit: 8f9850dd8d23c1290cb642ce9548a440da5771ec
--
2.39.1.405.gd4c25cc71f83



2023-03-13 13:44:45

by Kalle Valo

[permalink] [raw]
Subject: Re: [PATCH v2] wifi: qtnfmac: use struct_size and size_sub for payload length

Jacob Keller <[email protected]> wrote:

> Replace the calculations for the payload length in
> qtnf_cmd_band_fill_iftype with struct_size() and size_sub(). While
> the payload length does not get directly passed to an allocation function,
> the performed calculation is still calculating the size of a flexible array
> structure (minus the size of a header structure).
>
> Signed-off-by: Jacob Keller <[email protected]>
> Cc: Igor Mitsyanko <[email protected]>
> Cc: Sergey Matyukevich <[email protected]>

Patch applied to wireless-next.git, thanks.

84e9e2102bdc wifi: qtnfmac: use struct_size and size_sub for payload length

--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches