From: Cássio Gabriel Date: Sun, 31 May 2026 23:41:41 +0000 (-0300) Subject: ALSA: seq: Use flexible array for device arguments X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a2d0b5496850403d1105efbbe54aa8fc68cae6f;p=thirdparty%2Flinux.git ALSA: seq: Use flexible array for device arguments snd_seq_device_new() allocates struct snd_seq_device together with a caller-specific argument area. SNDRV_SEQ_DEVICE_ARGPTR() reaches that area by adding sizeof(struct snd_seq_device) to the object pointer. Make the trailing storage explicit with a flexible array and allocate it with kzalloc_flex(). This makes the object layout self-describing and avoids open-coded size arithmetic in the allocation and accessor. Reject negative argsize values before calculating the allocation size. Current in-tree callers pass either zero or sizeof() values, but the function takes an int size argument and should not let a negative value flow into unsigned allocation arithmetic. Signed-off-by: Cássio Gabriel Link: https://patch.msgid.link/20260531-alsa-seq-flex-args-v2-1-6e068d4ed9b0@gmail.com Signed-off-by: Takashi Iwai --- diff --git a/include/sound/seq_device.h b/include/sound/seq_device.h index a72380c202e9..3137d4c5f5a8 100644 --- a/include/sound/seq_device.h +++ b/include/sound/seq_device.h @@ -22,6 +22,7 @@ struct snd_seq_device { void *private_data; /* private data for the caller */ void (*private_free)(struct snd_seq_device *device); struct device dev; + unsigned char args[]; /* driver-specific argument */ }; #define to_seq_dev(_dev) \ @@ -64,7 +65,7 @@ void snd_seq_device_load_drivers(void); int snd_seq_device_new(struct snd_card *card, int device, const char *id, int argsize, struct snd_seq_device **result); -#define SNDRV_SEQ_DEVICE_ARGPTR(dev) (void *)((char *)(dev) + sizeof(struct snd_seq_device)) +#define SNDRV_SEQ_DEVICE_ARGPTR(dev) ((void *)(dev)->args) int __must_check __snd_seq_driver_register(struct snd_seq_driver *drv, struct module *mod); diff --git a/sound/core/seq_device.c b/sound/core/seq_device.c index 1b062d6b17ea..8be1f3ab5b63 100644 --- a/sound/core/seq_device.c +++ b/sound/core/seq_device.c @@ -234,7 +234,10 @@ int snd_seq_device_new(struct snd_card *card, int device, const char *id, if (snd_BUG_ON(!id)) return -EINVAL; - dev = kzalloc(sizeof(*dev) + argsize, GFP_KERNEL); + if (argsize < 0) + return -EINVAL; + + dev = kzalloc_flex(*dev, args, argsize); if (!dev) return -ENOMEM;