Re: [PATCH v2][next] scsi: lpfc: Use struct_size() helper

Justin Tee <justintee8345@xxxxxxxxx> · Tue, 23 May 2023 22:25:20 -0700

no_of_objects may be hardcoded to 1 right now, but does it make more
sense to use?

struct_size(rap, obj, be32_to_cpu(rap->no_of_objects));

We probably should have declared no_of_objects as __be32 to have
avoided this confusion.

On Tue, May 23, 2023 at 1:33 PM Gustavo A. R. Silva
<gustavoars@xxxxxxxxxx> wrote:
>
> Prefer struct_size() over open-coded versions of idiom:
>
> sizeof(struct-with-flex-array) + sizeof(typeof-flex-array-elements) * count
>
> where count is the max number of items the flexible array is supposed to
> contain.
>
> Link: https://github.com/KSPP/linux/issues/160
> Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
> ---
> Changes in v2:
>  - Use literal 1 in call to struct_size(), instead of rap->no_of_objects
>    (Kees Cook).
>
> v1:
>  - Link: https://lore.kernel.org/linux-hardening/99e06733f5f35c6cd62e05f530b93107bfd03362.1684358315.git.gustavoars@xxxxxxxxxx/
>
>  drivers/scsi/lpfc/lpfc_ct.c | 8 ++------
>  1 file changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/scsi/lpfc/lpfc_ct.c b/drivers/scsi/lpfc/lpfc_ct.c
> index e880d127d7f5..f52aeb73af8d 100644
> --- a/drivers/scsi/lpfc/lpfc_ct.c
> +++ b/drivers/scsi/lpfc/lpfc_ct.c
> @@ -3747,9 +3747,7 @@ lpfc_vmid_cmd(struct lpfc_vport *vport,
>                 rap->no_of_objects = cpu_to_be32(1);
>                 rap->obj[0].entity_id_len = vmid->vmid_len;
>                 memcpy(rap->obj[0].entity_id, vmid->host_vmid, vmid->vmid_len);
> -               size = RAPP_IDENT_OFFSET +
> -                       sizeof(struct lpfc_vmid_rapp_ident_list) +
> -                       sizeof(struct entity_id_object);
> +               size = RAPP_IDENT_OFFSET + struct_size(rap, obj, 1);
>                 retry = 1;
>                 break;
>
> @@ -3767,9 +3765,7 @@ lpfc_vmid_cmd(struct lpfc_vport *vport,
>                 dap->no_of_objects = cpu_to_be32(1);
>                 dap->obj[0].entity_id_len = vmid->vmid_len;
>                 memcpy(dap->obj[0].entity_id, vmid->host_vmid, vmid->vmid_len);
> -               size = DAPP_IDENT_OFFSET +
> -                       sizeof(struct lpfc_vmid_dapp_ident_list) +
> -                       sizeof(struct entity_id_object);
> +               size = DAPP_IDENT_OFFSET + struct_size(dap, obj, 1);
>                 write_lock(&vport->vmid_lock);
>                 vmid->flag &= ~LPFC_VMID_REGISTERED;
>                 write_unlock(&vport->vmid_lock);
> --
> 2.34.1
>