On 2/28/2023 9:16 AM, Johannes Berg wrote: > On Tue, 2023-02-28 at 08:28 -0800, Jacob Keller wrote: >> >> @@ -1247,7 +1247,6 @@ static struct ipw_fw_error *ipw_alloc_error_log(struct ipw_priv *priv) >> error->config = priv->config; >> error->elem_len = elem_len; >> error->log_len = log_len; >> - error->elem = (struct ipw_error_elem *)error->payload; >> error->log = (struct ipw_event *)(error->elem + elem_len); > > I really don't know this driver, it's ancient, but that last line looks > wrong to me already, elem_len doesn't seem like # of elems? > > But I guess this patch changes nothing here, so hey. Don't think there's > much value in the change either, this driver isn't going to get touched > any more, just removed eventually ;) > > johannes > Previous to this change, error struct has two pointers to sections of memory allocated at the end of the buffer. The code used to be: - error = kmalloc(sizeof(*error) + - sizeof(*error->elem) * elem_len + - sizeof(*error->log) * log_len, GFP_ATOMIC); i.e. the elem_len is multiplying sizeof(*error->elem). The code is essentially trying to get two flexible arrays in the same allocation, and its a bit messy to do that. I don't see how elem_len could be anything other than "number of elems" given this code I removed. I posted these mainly because I was trying to resolve all of the hits that were found by the coccinelle patch I made, posted at [1]. I wanted to get it to run clean so that we had no more struct_size hits. Dropping this would just make that patch have some hits until the driver is removed, eventually... Not really a big deal to me, I just didn't want to post a coccinelle patch without also trying to fix the handful of problems it reported, since the total number of reports was small. Thanks, Jake [1]: https://lore.kernel.org/all/20230227202428.3657443-1-jacob.e.keller@xxxxxxxxx/
