scsi: hptiop: Replace one-element array with flexible-array member

One-element arrays are deprecated, and we are replacing them with flexible
array members instead. So, replace one-element array with flexible-array
member in struct hpt_iop_request_scsi_command and refactor the rest of the
code, accordingly.

The following pieces of code suggest that the one element of array sg_list
in struct hpt_iop_request_scsi_command is not taken into account when
calculating the total size for both struct hpt_iop_request_scsi_command and
the maximum number of elements sg_list will contain:

1047         req->header.size = cpu_to_le32(
1048                                 sizeof(struct hpt_iop_request_scsi_command)
1049                                  - sizeof(struct hpt_iopsg)
1050                                  + sg_count * sizeof(struct hpt_iopsg));

1400         req_size = sizeof(struct hpt_iop_request_scsi_command)                            1401                 + sizeof(struct hpt_iopsg) * (hba->max_sg_descriptors - 1);

So it's safe to replace the one-element array with a flexible-array member
and update the code above, accordingly: now we don't need to subtract
sizeof(struct hpt_iopsg) from sizeof(struct hpt_iop_request_scsi_command)
because this is implicitly done by the flex-array transformation.

Link: https://github.com/KSPP/linux/issues/79
Link: https://github.com/KSPP/linux/issues/205
Link: https://lore.kernel.org/r/6238ccf37798e36d783f5ce5e483e6837e98be79.1663865333.git.gustavoars@kernel.org
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/hptiop.c b/drivers/scsi/hptiop.c
index f18b770..cfc6546 100644 (file)
--- a/drivers/scsi/hptiop.c
+++ b/drivers/scsi/hptiop.c
@@ -1046,7 +1046,6 @@ static int hptiop_queuecommand_lck(struct scsi_cmnd *scp)
        req->lun = scp->device->lun;
        req->header.size = cpu_to_le32(
                                sizeof(struct hpt_iop_request_scsi_command)
-                                - sizeof(struct hpt_iopsg)
                                 + sg_count * sizeof(struct hpt_iopsg));
 
        memcpy(req->cdb, scp->cmnd, sizeof(req->cdb));
@@ -1398,7 +1397,7 @@ static int hptiop_probe(struct pci_dev *pcidev, const struct pci_device_id *id)
        host->max_cmd_len = 16;
 
        req_size = sizeof(struct hpt_iop_request_scsi_command)
-               + sizeof(struct hpt_iopsg) * (hba->max_sg_descriptors - 1);
+               + sizeof(struct hpt_iopsg) * hba->max_sg_descriptors;
        if ((req_size & 0x1f) != 0)
                req_size = (req_size + 0x1f) & ~0x1f;
 

diff --git a/drivers/scsi/hptiop.h b/drivers/scsi/hptiop.h
index 363d5a1..ef2f2ac 100644 (file)
--- a/drivers/scsi/hptiop.h
+++ b/drivers/scsi/hptiop.h
@@ -228,7 +228,7 @@ struct hpt_iop_request_scsi_command {
        u8     pad1;
        u8     cdb[16];
        __le32 dataxfer_length;
-       struct hpt_iopsg sg_list[1];
+       struct hpt_iopsg sg_list[];
 };
 
 struct hpt_iop_request_ioctl_command {