projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0001650)
wifi: brcmfmac: Use struct_size() in code ralated to struct brcmf_dload_data_le
authorGustavo A. R. Silva <gustavoars@kernel.org>
Tue, 15 Nov 2022 21:55:34 +0000 (15:55 -0600)
committerKalle Valo <kvalo@kernel.org>
Tue, 22 Nov 2022 10:14:17 +0000 (12:14 +0200)
Prefer struct_size() over open-coded versions of idiom:

sizeof(struct-with-flex-array) + sizeof(typeof-flex-array-elements) * count

where count is the max number of items the flexible array is supposed to
contain.

In this particular case, in the open-coded version sizeof(typeof-flex-array-elements)
is implicit in _count_ because the type of the flex array data is u8:

drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h:941:
 941 struct brcmf_dload_data_le {
 942         __le16 flag;
 943         __le16 dload_type;
 944         __le32 len;
 945         __le32 crc;
 946         u8 data[];
 947 };

Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/41845ad3660ed4375f0c03fd36a67b2e12fafed5.1668548907.git.gustavoars@kernel.org
drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c patch | blob | history

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
index 2e83656..4a309e5 100644 (file)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
@@ -110,9 +110,9 @@ static int brcmf_c_download(struct brcmf_if *ifp, u16 flag,
        dload_buf->dload_type = cpu_to_le16(DL_TYPE_CLM);
        dload_buf->len = cpu_to_le32(len);
        dload_buf->crc = cpu_to_le32(0);
-       len = sizeof(*dload_buf) + len;
 
-       err = brcmf_fil_iovar_data_set(ifp, "clmload", dload_buf, len);
+       err = brcmf_fil_iovar_data_set(ifp, "clmload", dload_buf,
+                                      struct_size(dload_buf, data, len));
 
        return err;
 }
@@ -139,7 +139,8 @@ static int brcmf_c_process_clm_blob(struct brcmf_if *ifp)
                return 0;
        }
 
-       chunk_buf = kzalloc(sizeof(*chunk_buf) + MAX_CHUNK_LEN, GFP_KERNEL);
+       chunk_buf = kzalloc(struct_size(chunk_buf, data, MAX_CHUNK_LEN),
+                           GFP_KERNEL);
        if (!chunk_buf) {
                err = -ENOMEM;
                goto done;
Domain: System / Kernel;