Re: [PATCH][next] usb: dwc2: Use flex_array_size() helper

[Thinh Nguyen <Thinh.Nguyen@xxxxxxxxxxxx>]

Hi,

Gustavo A. R. Silva wrote:
> Make use of the flex_array_size() helper to calculate the size of a
> flexible array member within an enclosing structure.
> 
> This helper offers defense-in-depth against potential integer
> overflows, while at the same time makes it explicitly clear that
> we are dealing with a flexible array member.
> 
> Link: https://urldefense.com/v3/__https://github.com/KSPP/linux/issues/160__;!!A4F2R9G_pg!L8p7TlfbH0sNpL9gtsVuWEZVnP8euMZtJKpc71sXxzEw4MAKWuQ28dJJc0cJTI3bWXLm$ 
> Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
> ---
>  drivers/usb/dwc2/hcd.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c
> index f63a27d11fac..2c21498662cd 100644
> --- a/drivers/usb/dwc2/hcd.c
> +++ b/drivers/usb/dwc2/hcd.c
> @@ -4054,8 +4054,9 @@ struct dwc2_tt *dwc2_host_get_tt_info(struct dwc2_hsotg *hsotg, void *context,
>  			 * For single_tt we need one schedule.  For multi_tt
>  			 * we need one per port.
>  			 */
> -			bitmap_size = DWC2_ELEMENTS_PER_LS_BITMAP *
> -				      sizeof(dwc_tt->periodic_bitmaps[0]);
> +			bitmap_size =
> +				flex_array_size(dwc_tt, periodic_bitmaps,
> +						DWC2_ELEMENTS_PER_LS_BITMAP);
>  			if (urb->dev->tt->multi)
>  				bitmap_size *= urb->dev->tt->hub->maxchild;
>  

This doesn't look right even though the result will be the same. The
return value from flex_array_size() may not be the final array size as you
can see that bitmap_size gets updated again a couple lines down.

How about this instead:

diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c
index f63a27d11fac..0936ff8b57db 100644
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -4048,18 +4048,17 @@ struct dwc2_tt *dwc2_host_get_tt_info(struct dwc2_hsotg *hsotg, void *context,
 
                dwc_tt = urb->dev->tt->hcpriv;
                if (!dwc_tt) {
-                       size_t bitmap_size;
+                       int count;
 
                        /*
                         * For single_tt we need one schedule.  For multi_tt
                         * we need one per port.
                         */
-                       bitmap_size = DWC2_ELEMENTS_PER_LS_BITMAP *
-                                     sizeof(dwc_tt->periodic_bitmaps[0]);
+                       count = DWC2_ELEMENTS_PER_LS_BITMAP;
                        if (urb->dev->tt->multi)
-                               bitmap_size *= urb->dev->tt->hub->maxchild;
+                               count *= urb->dev->tt->hub->maxchild;
 
-                       dwc_tt = kzalloc(sizeof(*dwc_tt) + bitmap_size,
+                       dwc_tt = kzalloc(struct_size(dwc_tt, periodic_bitmaps, count),
                                         mem_flags);
                        if (!dwc_tt)
                                return NULL;


BR,
Thinh