From: Kees Cook Date: Thu, 11 Jul 2024 15:58:42 +0000 (-0700) Subject: scsi: megaraid_sas: struct MR_HOST_DEVICE_LIST: Replace 1-element array with flexible... X-Git-Tag: v6.12-rc1~124^2~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=29b4a49750776925ea48ef440da6aa75828913db;p=thirdparty%2Fkernel%2Flinux.git scsi: megaraid_sas: struct MR_HOST_DEVICE_LIST: Replace 1-element array with flexible array Replace the deprecated[1] use of a 1-element array in struct MR_HOST_DEVICE_LIST with a modern flexible array. One binary difference appears in megasas_host_device_list_query(): struct MR_HOST_DEVICE_LIST *ci; ... ci = instance->host_device_list_buf; ... memset(ci, 0, sizeof(*ci)); The memset() clears only the non-flexible array fields. Looking at the rest of the function, this appears to be fine: firmware is using this region to communicate with the kernel, so it likely never made sense to clear the first MR_HOST_DEVICE_LIST_ENTRY. Link: https://github.com/KSPP/linux/issues/79 [1] Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20240711155841.work.839-kees@kernel.org Reviewed-by: Gustavo A. R. Silva Signed-off-by: Martin K. Petersen --- diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h index 84cf77c48c0d2..088cc40ae866a 100644 --- a/drivers/scsi/megaraid/megaraid_sas.h +++ b/drivers/scsi/megaraid/megaraid_sas.h @@ -814,12 +814,12 @@ struct MR_HOST_DEVICE_LIST { __le32 size; __le32 count; __le32 reserved[2]; - struct MR_HOST_DEVICE_LIST_ENTRY host_device_list[1]; + struct MR_HOST_DEVICE_LIST_ENTRY host_device_list[] __counted_by_le(count); } __packed; #define HOST_DEVICE_LIST_SZ (sizeof(struct MR_HOST_DEVICE_LIST) + \ (sizeof(struct MR_HOST_DEVICE_LIST_ENTRY) * \ - (MEGASAS_MAX_PD + MAX_LOGICAL_DRIVES_EXT - 1))) + (MEGASAS_MAX_PD + MAX_LOGICAL_DRIVES_EXT))) /*