Replace the deprecated[1] use of a 1-element array in
union aac_init with a modern flexible array.
Additionally add __counted_by annotation since rrq is only ever accessed
after rr_queue_count has been set (with the same value used to control
the loop):
init->r8.rr_queue_count = cpu_to_le32(dev->max_msix);
...
for (i = 0; i < dev->max_msix; i++) {
addr = (u64)dev->host_rrq_pa + dev->vector_cap * i *
sizeof(u32);
init->r8.rrq[i].host_addr_high = cpu_to_le32(
upper_32_bits(addr));
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook <kees@xxxxxxxxxx>
---
Cc: Adaptec OEM Raid Solutions <aacraid@xxxxxxxxxxxxx>
Cc: "James E.J. Bottomley" <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
Cc: "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>
Cc: linux-scsi@xxxxxxxxxxxxxxx
---
drivers/scsi/aacraid/aacraid.h | 2 +-
drivers/scsi/aacraid/src.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h
index 7d5a155073c6..659e393c1033 100644
--- a/drivers/scsi/aacraid/aacraid.h
+++ b/drivers/scsi/aacraid/aacraid.h
@@ -873,7 +873,7 @@ union aac_init
__le16 element_count;
__le16 comp_thresh;
__le16 unused;
- } rrq[1]; /* up to 64 RRQ addresses */
+ } rrq[] __counted_by_le(rr_queue_count); /* up to 64 RRQ addresses */
} r8;
};
diff --git a/drivers/scsi/aacraid/src.c b/drivers/scsi/aacraid/src.c
index 11ef58204e96..28115ed637e8 100644
--- a/drivers/scsi/aacraid/src.c
+++ b/drivers/scsi/aacraid/src.c
@@ -410,7 +410,7 @@ static void aac_src_start_adapter(struct aac_dev *dev)
lower_32_bits(dev->init_pa),
upper_32_bits(dev->init_pa),
sizeof(struct _r8) +
- (AAC_MAX_HRRQ - 1) * sizeof(struct _rrq),
+ AAC_MAX_HRRQ * sizeof(struct _rrq),
0, 0, 0, NULL, NULL, NULL, NULL, NULL);
} else {
init->r7.host_elapsed_seconds =
--
2.34.1
