| Message ID | Y5z4Og3XmCGQwTO9@mail.google.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [v3,next] pcmcia: synclink_cs: replace 1-element array with flex-array member | expand |
On Sat, Dec 17, 2022 at 11:59:06AM +1300, Paulo Miguel Almeida wrote: > One-element arrays are deprecated, and we are replacing them with > flexible array members instead. So, replace one-element array with > flexible-array member in struct RXBUF and refactor the rest of the code > accordingly. While at it, fix an edge case which could cause > rx_buf_count to be 0 when max_frame_size was set to the maximum > allowed value (65535). > > It's worth mentioning that struct RXBUF was allocating 1 byte "too much" > for what is required (ignoring bytes added by padding). What was the result of using __packed to make sure there wasn't a sizing error? -Kees > > This helps with the ongoing efforts to tighten the FORTIFY_SOURCE > routines on memcpy() and help us make progress towards globally > enabling -fstrict-flex-arrays=3 [1]. > > Link: https://github.com/KSPP/linux/issues/79 > Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1] > Signed-off-by: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@gmail.com> > --- > Changelog: > > - v3: > fix size calculation mistakes using overflow.h macros: (Req: Andy > Shevchenko, Kees Cook) > add notes struct RXBUF size (Kees Cook) > > - v2: removed changes to how the size of RXBUF was calculated. I > changed my mind after thinking about the existing padding in the > struct. Happy to discuss it if anyone sees it differently. > > - v1: https://lore.kernel.org/lkml/Y5mMWEtHWKOiPVU+@mail.google.com/ > --- > drivers/char/pcmcia/synclink_cs.c | 33 +++++++++++++++++++------------ > 1 file changed, 20 insertions(+), 13 deletions(-) > > diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c > index b2735be81ab2..eee6772a0978 100644 > --- a/drivers/char/pcmcia/synclink_cs.c > +++ b/drivers/char/pcmcia/synclink_cs.c > @@ -105,7 +105,7 @@ static MGSL_PARAMS default_params = { > typedef struct { > int count; > unsigned char status; > - char data[1]; > + char data[]; > } RXBUF; > > /* The queue of BH actions to be performed */ > @@ -229,12 +229,18 @@ typedef struct _mgslpc_info { > } MGSLPC_INFO; > > #define MGSLPC_MAGIC 0x5402 > +#define MGSLPC_MAX_FRAME_SIZE 65535 > +#define MGSLPC_MIN_FRAME_SIZE 4096 > > /* > * The size of the serial xmit buffer is 1 page, or 4096 bytes > */ > #define TXBUFSIZE 4096 > > +/* > + * RXBUF accommodates at least 1 buffer (header+data) of MGSLPC_MAX_FRAME_SIZE > + */ > +#define RXBUF_MAX_SIZE (sizeof(RXBUF) + MGSLPC_MAX_FRAME_SIZE) > > #define CHA 0x00 /* channel A offset */ > #define CHB 0x40 /* channel B offset */ > @@ -529,7 +535,7 @@ static int mgslpc_probe(struct pcmcia_device *link) > tty_port_init(&info->port); > info->port.ops = &mgslpc_port_ops; > INIT_WORK(&info->task, bh_handler); > - info->max_frame_size = 4096; > + info->max_frame_size = MGSLPC_MIN_FRAME_SIZE; > init_waitqueue_head(&info->status_event_wait_q); > init_waitqueue_head(&info->event_wait_q); > spin_lock_init(&info->lock); > @@ -2611,19 +2617,20 @@ static int mgslpc_proc_show(struct seq_file *m, void *v) > static int rx_alloc_buffers(MGSLPC_INFO *info) > { > /* each buffer has header and data */ > - info->rx_buf_size = sizeof(RXBUF) + info->max_frame_size; > + if (check_add_overflow(sizeof(RXBUF), info->max_frame_size, &info->rx_buf_size)) > + return -EINVAL; > > - /* calculate total allocation size for 8 buffers */ > - info->rx_buf_total_size = info->rx_buf_size * 8; > + /* try to alloc as many buffers that can fit within RXBUF_MAX_SIZE (up to 8) */ > + if (check_mul_overflow(info->rx_buf_size, 8, &info->rx_buf_total_size)) > + return -EINVAL; > > - /* limit total allocated memory */ > - if (info->rx_buf_total_size > 0x10000) > - info->rx_buf_total_size = 0x10000; > + if (info->rx_buf_total_size > RXBUF_MAX_SIZE) > + info->rx_buf_total_size = RXBUF_MAX_SIZE; > > /* calculate number of buffers */ > info->rx_buf_count = info->rx_buf_total_size / info->rx_buf_size; > > - info->rx_buf = kmalloc(info->rx_buf_total_size, GFP_KERNEL); > + info->rx_buf = kcalloc(info->rx_buf_count, info->rx_buf_size, GFP_KERNEL); > if (info->rx_buf == NULL) > return -ENOMEM; > > @@ -2695,10 +2702,10 @@ static int mgslpc_add_device(MGSLPC_INFO *info) > current_dev->next_device = info; > } > > - if (info->max_frame_size < 4096) > - info->max_frame_size = 4096; > - else if (info->max_frame_size > 65535) > - info->max_frame_size = 65535; > + if (info->max_frame_size < MGSLPC_MIN_FRAME_SIZE) > + info->max_frame_size = MGSLPC_MIN_FRAME_SIZE; > + else if (info->max_frame_size > MGSLPC_MAX_FRAME_SIZE) > + info->max_frame_size = MGSLPC_MAX_FRAME_SIZE; > > printk("SyncLink PC Card %s:IO=%04X IRQ=%d\n", > info->device_name, info->io_base, info->irq_level); > -- > 2.38.1 >
On Fri, Dec 16, 2022 at 03:42:47PM -0800, Kees Cook wrote: > On Sat, Dec 17, 2022 at 11:59:06AM +1300, Paulo Miguel Almeida wrote: > > One-element arrays are deprecated, and we are replacing them with > > flexible array members instead. So, replace one-element array with > > flexible-array member in struct RXBUF and refactor the rest of the code > > accordingly. While at it, fix an edge case which could cause > > rx_buf_count to be 0 when max_frame_size was set to the maximum > > allowed value (65535). > > > > It's worth mentioning that struct RXBUF was allocating 1 byte "too much" > > for what is required (ignoring bytes added by padding). > > What was the result of using __packed to make sure there wasn't a sizing > error? > > -Kees > With or without __packed__ attribute, sufficient space would be allocated which is good :-) In both cases there is still some "extra space" (1 byte on __packed and 4 bytes on non-packed) but that should be negligible. OTOH, if I'm asked to cull those bytes I am happy to do it too. pahole -C RXBUF non-packed/drivers/char/pcmcia/synclink_cs.o typedef struct { int count; /* 0 4 */ unsigned char status; /* 4 1 */ char data[]; /* 5 0 */ /* size: 8, cachelines: 1, members: 3 */ /* padding: 3 */ /* last cacheline: 8 bytes */ } RXBUF; pahole -C RXBUF packed/drivers/char/pcmcia/synclink_cs.o typedef struct { int count; /* 0 4 */ unsigned char status; /* 4 1 */ char data[]; /* 5 0 */ /* size: 5, cachelines: 1, members: 3 */ /* last cacheline: 5 bytes */ } __attribute__((__packed__)) RXBUF; - Paulo A. > > > > This helps with the ongoing efforts to tighten the FORTIFY_SOURCE > > routines on memcpy() and help us make progress towards globally > > enabling -fstrict-flex-arrays=3 [1]. > > > > Link: https://github.com/KSPP/linux/issues/79 > > Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1] > > Signed-off-by: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@gmail.com> > > --- > > Changelog: > > > > - v3: > > fix size calculation mistakes using overflow.h macros: (Req: Andy > > Shevchenko, Kees Cook) > > add notes struct RXBUF size (Kees Cook) > > > > - v2: removed changes to how the size of RXBUF was calculated. I > > changed my mind after thinking about the existing padding in the > > struct. Happy to discuss it if anyone sees it differently. > > > > - v1: https://lore.kernel.org/lkml/Y5mMWEtHWKOiPVU+@mail.google.com/ > > --- > > drivers/char/pcmcia/synclink_cs.c | 33 +++++++++++++++++++------------ > > 1 file changed, 20 insertions(+), 13 deletions(-) > > > > diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c > > index b2735be81ab2..eee6772a0978 100644 > > --- a/drivers/char/pcmcia/synclink_cs.c > > +++ b/drivers/char/pcmcia/synclink_cs.c > > @@ -105,7 +105,7 @@ static MGSL_PARAMS default_params = { > > typedef struct { > > int count; > > unsigned char status; > > - char data[1]; > > + char data[]; > > } RXBUF; > > > > /* The queue of BH actions to be performed */ > > @@ -229,12 +229,18 @@ typedef struct _mgslpc_info { > > } MGSLPC_INFO; > > > > #define MGSLPC_MAGIC 0x5402 > > +#define MGSLPC_MAX_FRAME_SIZE 65535 > > +#define MGSLPC_MIN_FRAME_SIZE 4096 > > > > /* > > * The size of the serial xmit buffer is 1 page, or 4096 bytes > > */ > > #define TXBUFSIZE 4096 > > > > +/* > > + * RXBUF accommodates at least 1 buffer (header+data) of MGSLPC_MAX_FRAME_SIZE > > + */ > > +#define RXBUF_MAX_SIZE (sizeof(RXBUF) + MGSLPC_MAX_FRAME_SIZE) > > > > #define CHA 0x00 /* channel A offset */ > > #define CHB 0x40 /* channel B offset */ > > @@ -529,7 +535,7 @@ static int mgslpc_probe(struct pcmcia_device *link) > > tty_port_init(&info->port); > > info->port.ops = &mgslpc_port_ops; > > INIT_WORK(&info->task, bh_handler); > > - info->max_frame_size = 4096; > > + info->max_frame_size = MGSLPC_MIN_FRAME_SIZE; > > init_waitqueue_head(&info->status_event_wait_q); > > init_waitqueue_head(&info->event_wait_q); > > spin_lock_init(&info->lock); > > @@ -2611,19 +2617,20 @@ static int mgslpc_proc_show(struct seq_file *m, void *v) > > static int rx_alloc_buffers(MGSLPC_INFO *info) > > { > > /* each buffer has header and data */ > > - info->rx_buf_size = sizeof(RXBUF) + info->max_frame_size; > > + if (check_add_overflow(sizeof(RXBUF), info->max_frame_size, &info->rx_buf_size)) > > + return -EINVAL; > > > > - /* calculate total allocation size for 8 buffers */ > > - info->rx_buf_total_size = info->rx_buf_size * 8; > > + /* try to alloc as many buffers that can fit within RXBUF_MAX_SIZE (up to 8) */ > > + if (check_mul_overflow(info->rx_buf_size, 8, &info->rx_buf_total_size)) > > + return -EINVAL; > > > > - /* limit total allocated memory */ > > - if (info->rx_buf_total_size > 0x10000) > > - info->rx_buf_total_size = 0x10000; > > + if (info->rx_buf_total_size > RXBUF_MAX_SIZE) > > + info->rx_buf_total_size = RXBUF_MAX_SIZE; > > > > /* calculate number of buffers */ > > info->rx_buf_count = info->rx_buf_total_size / info->rx_buf_size; > > > > - info->rx_buf = kmalloc(info->rx_buf_total_size, GFP_KERNEL); > > + info->rx_buf = kcalloc(info->rx_buf_count, info->rx_buf_size, GFP_KERNEL); > > if (info->rx_buf == NULL) > > return -ENOMEM; > > > > @@ -2695,10 +2702,10 @@ static int mgslpc_add_device(MGSLPC_INFO *info) > > current_dev->next_device = info; > > } > > > > - if (info->max_frame_size < 4096) > > - info->max_frame_size = 4096; > > - else if (info->max_frame_size > 65535) > > - info->max_frame_size = 65535; > > + if (info->max_frame_size < MGSLPC_MIN_FRAME_SIZE) > > + info->max_frame_size = MGSLPC_MIN_FRAME_SIZE; > > + else if (info->max_frame_size > MGSLPC_MAX_FRAME_SIZE) > > + info->max_frame_size = MGSLPC_MAX_FRAME_SIZE; > > > > printk("SyncLink PC Card %s:IO=%04X IRQ=%d\n", > > info->device_name, info->io_base, info->irq_level); > > -- > > 2.38.1 > > > > -- > Kees Cook
On Sat, Dec 17, 2022 at 12:59 AM Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@gmail.com> wrote: > > One-element arrays are deprecated, and we are replacing them with > flexible array members instead. So, replace one-element array with > flexible-array member in struct RXBUF and refactor the rest of the code > accordingly. While at it, fix an edge case which could cause > rx_buf_count to be 0 when max_frame_size was set to the maximum > allowed value (65535). > > It's worth mentioning that struct RXBUF was allocating 1 byte "too much" > for what is required (ignoring bytes added by padding). > > This helps with the ongoing efforts to tighten the FORTIFY_SOURCE > routines on memcpy() and help us make progress towards globally > enabling -fstrict-flex-arrays=3 [1]. ... > static int rx_alloc_buffers(MGSLPC_INFO *info) > { > /* each buffer has header and data */ > - info->rx_buf_size = sizeof(RXBUF) + info->max_frame_size; > + if (check_add_overflow(sizeof(RXBUF), info->max_frame_size, &info->rx_buf_size)) > + return -EINVAL; > > - /* calculate total allocation size for 8 buffers */ > - info->rx_buf_total_size = info->rx_buf_size * 8; > + /* try to alloc as many buffers that can fit within RXBUF_MAX_SIZE (up to 8) */ > + if (check_mul_overflow(info->rx_buf_size, 8, &info->rx_buf_total_size)) > + return -EINVAL; This check is implied by kcalloc(). But to make it effective we probably need to get a count first. > - /* limit total allocated memory */ > - if (info->rx_buf_total_size > 0x10000) > - info->rx_buf_total_size = 0x10000; > + if (info->rx_buf_total_size > RXBUF_MAX_SIZE) > + info->rx_buf_total_size = RXBUF_MAX_SIZE; If max_frame_size > 8192 - sizeof(RXBUF), we bump into this condition... > /* calculate number of buffers */ > info->rx_buf_count = info->rx_buf_total_size / info->rx_buf_size; ...which means that rx_buf_count < 8... (and if max_frame_size > RXBUF_MAX_SIZE - sizeof(RXBUF), count becomes 0, I don't know if below clamp_val() is the only place to guarantee that) > - info->rx_buf = kmalloc(info->rx_buf_total_size, GFP_KERNEL); > + info->rx_buf = kcalloc(info->rx_buf_count, info->rx_buf_size, GFP_KERNEL); ...hence rx_buf size will be less than rx_buf_total_size. That is probably not an issue per se, but I'm wondering if the (bigger) value of rx_buf_total_size is the problem further in the code. > if (info->rx_buf == NULL) > return -ENOMEM; Maybe something like static int rx_alloc_buffers(MGSLPC_INFO *info) { /* Prevent count from being 0 */ if (->max_frame_size > MAX_FRAME_SIZE) return -EINVAL; ... count = ...; ... rx_total_size = ... rx_buf = kcalloc(...); Then you don't need to check overflow with check_add_overflow() and check_mul_overflow() will be inside the kcalloc. ... > - if (info->max_frame_size < 4096) > - info->max_frame_size = 4096; > - else if (info->max_frame_size > 65535) > - info->max_frame_size = 65535; > + if (info->max_frame_size < MGSLPC_MIN_FRAME_SIZE) > + info->max_frame_size = MGSLPC_MIN_FRAME_SIZE; > + else if (info->max_frame_size > MGSLPC_MAX_FRAME_SIZE) > + info->max_frame_size = MGSLPC_MAX_FRAME_SIZE; You can use clamp_val() macro here.
On Sat, Dec 17, 2022 at 01:43:40PM +0200, Andy Shevchenko wrote: > On Sat, Dec 17, 2022 at 12:59 AM Paulo Miguel Almeida > <paulo.miguel.almeida.rodenas@gmail.com> wrote: > > > > One-element arrays are deprecated, and we are replacing them with > > flexible array members instead. So, replace one-element array with > > flexible-array member in struct RXBUF and refactor the rest of the code > > accordingly. While at it, fix an edge case which could cause > > rx_buf_count to be 0 when max_frame_size was set to the maximum > > allowed value (65535). > > > > It's worth mentioning that struct RXBUF was allocating 1 byte "too much" > > for what is required (ignoring bytes added by padding). > > > > This helps with the ongoing efforts to tighten the FORTIFY_SOURCE > > routines on memcpy() and help us make progress towards globally > > enabling -fstrict-flex-arrays=3 [1]. > > ... > > > static int rx_alloc_buffers(MGSLPC_INFO *info) > > { > > /* each buffer has header and data */ > > - info->rx_buf_size = sizeof(RXBUF) + info->max_frame_size; > > + if (check_add_overflow(sizeof(RXBUF), info->max_frame_size, &info->rx_buf_size)) > > + return -EINVAL; > > > > - /* calculate total allocation size for 8 buffers */ > > - info->rx_buf_total_size = info->rx_buf_size * 8; > > > + /* try to alloc as many buffers that can fit within RXBUF_MAX_SIZE (up to 8) */ > > + if (check_mul_overflow(info->rx_buf_size, 8, &info->rx_buf_total_size)) > > + return -EINVAL; > > This check is implied by kcalloc(). But to make it effective we > probably need to get a count first. > > > - /* limit total allocated memory */ > > - if (info->rx_buf_total_size > 0x10000) > > - info->rx_buf_total_size = 0x10000; > > + if (info->rx_buf_total_size > RXBUF_MAX_SIZE) > > + info->rx_buf_total_size = RXBUF_MAX_SIZE; > > If max_frame_size > 8192 - sizeof(RXBUF), we bump into this condition... > > > /* calculate number of buffers */ > > info->rx_buf_count = info->rx_buf_total_size / info->rx_buf_size; > > ...which means that rx_buf_count < 8... that's correct. My reading of what the original author intended is the following: - rx_buf_count can be < 8 if max_frame_size needs to be > 8192 so that userspace tools don't need to collate the different packets together then again, SyncLink_CS supports a variety of protocols. - the more circular buffers, the better, but it looks perfectly acceptable to have 1 big rx_buf (max_frame_size possible) if the communication is orchestrated nicely (which part sends what and when) especially for RS-232-based communications. > (and if max_frame_size > RXBUF_MAX_SIZE - sizeof(RXBUF), count becomes > 0, I don't know if below clamp_val() is the only place to guarantee > that) > I can confirm that the clamp_val() below is the only place that guarantees the max_frame_size isn't greater than RXBUF_MAX_SIZE. That happens at the device probing stage: ( mgslpc_probe > mgslpc_add_device > clamp_val-like routine ) As max_frame_size can only be set as a module parameter and no other way is exposed to userspace to tweak that afterwards, my 2 cents is that clamp_val() routine should be fine as rx_buf_count will always be > 0 after this fix. > > - info->rx_buf = kmalloc(info->rx_buf_total_size, GFP_KERNEL); > > + info->rx_buf = kcalloc(info->rx_buf_count, info->rx_buf_size, GFP_KERNEL); > > ...hence rx_buf size will be less than rx_buf_total_size. > > That is probably not an issue per se, but I'm wondering if the > (bigger) value of rx_buf_total_size is the problem further in the > code. > rx_buf_total_size isn't used outside of this function so it could be a local variable IMO.. so I would say that this wouldn't be a problem. I had noticed that rx_buf_total_size could be moved into a local variable before but I thought that removing it from MGSLPC struct should be part of a separate patch instead. > > if (info->rx_buf == NULL) > > return -ENOMEM; > > Maybe something like > > static int rx_alloc_buffers(MGSLPC_INFO *info) > { > /* Prevent count from being 0 */ > if (->max_frame_size > MAX_FRAME_SIZE) > return -EINVAL; This boils down to whether having the clamp_val() on the probe method is sufficient in your point of view. You make the final call on this :-) > ... > count = ...; > ... > rx_total_size = ... > rx_buf = kcalloc(...); > > Then you don't need to check overflow with check_add_overflow() and > check_mul_overflow() will be inside the kcalloc. > check_mul_overflow point -> agreed. check_add_overflow -> similar suggestion as my previous point, if the clamp_val on probe is sufficient for you, I would say that we don't need it as of now too. But if you still think that we need it, I'm flexible with that too. > ... > > > - if (info->max_frame_size < 4096) > > - info->max_frame_size = 4096; > > - else if (info->max_frame_size > 65535) > > - info->max_frame_size = 65535; > > + if (info->max_frame_size < MGSLPC_MIN_FRAME_SIZE) > > + info->max_frame_size = MGSLPC_MIN_FRAME_SIZE; > > + else if (info->max_frame_size > MGSLPC_MAX_FRAME_SIZE) > > + info->max_frame_size = MGSLPC_MAX_FRAME_SIZE; > > You can use clamp_val() macro here. > Nice, I didn't know about this macro. I will make that change for v4. All really nice points you've made Andy, I'm learning heaps of new things with this patch :-) thanks! - Paulo A.
diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c index b2735be81ab2..eee6772a0978 100644 --- a/drivers/char/pcmcia/synclink_cs.c +++ b/drivers/char/pcmcia/synclink_cs.c @@ -105,7 +105,7 @@ static MGSL_PARAMS default_params = { typedef struct { int count; unsigned char status; - char data[1]; + char data[]; } RXBUF; /* The queue of BH actions to be performed */ @@ -229,12 +229,18 @@ typedef struct _mgslpc_info { } MGSLPC_INFO; #define MGSLPC_MAGIC 0x5402 +#define MGSLPC_MAX_FRAME_SIZE 65535 +#define MGSLPC_MIN_FRAME_SIZE 4096 /* * The size of the serial xmit buffer is 1 page, or 4096 bytes */ #define TXBUFSIZE 4096 +/* + * RXBUF accommodates at least 1 buffer (header+data) of MGSLPC_MAX_FRAME_SIZE + */ +#define RXBUF_MAX_SIZE (sizeof(RXBUF) + MGSLPC_MAX_FRAME_SIZE) #define CHA 0x00 /* channel A offset */ #define CHB 0x40 /* channel B offset */ @@ -529,7 +535,7 @@ static int mgslpc_probe(struct pcmcia_device *link) tty_port_init(&info->port); info->port.ops = &mgslpc_port_ops; INIT_WORK(&info->task, bh_handler); - info->max_frame_size = 4096; + info->max_frame_size = MGSLPC_MIN_FRAME_SIZE; init_waitqueue_head(&info->status_event_wait_q); init_waitqueue_head(&info->event_wait_q); spin_lock_init(&info->lock); @@ -2611,19 +2617,20 @@ static int mgslpc_proc_show(struct seq_file *m, void *v) static int rx_alloc_buffers(MGSLPC_INFO *info) { /* each buffer has header and data */ - info->rx_buf_size = sizeof(RXBUF) + info->max_frame_size; + if (check_add_overflow(sizeof(RXBUF), info->max_frame_size, &info->rx_buf_size)) + return -EINVAL; - /* calculate total allocation size for 8 buffers */ - info->rx_buf_total_size = info->rx_buf_size * 8; + /* try to alloc as many buffers that can fit within RXBUF_MAX_SIZE (up to 8) */ + if (check_mul_overflow(info->rx_buf_size, 8, &info->rx_buf_total_size)) + return -EINVAL; - /* limit total allocated memory */ - if (info->rx_buf_total_size > 0x10000) - info->rx_buf_total_size = 0x10000; + if (info->rx_buf_total_size > RXBUF_MAX_SIZE) + info->rx_buf_total_size = RXBUF_MAX_SIZE; /* calculate number of buffers */ info->rx_buf_count = info->rx_buf_total_size / info->rx_buf_size; - info->rx_buf = kmalloc(info->rx_buf_total_size, GFP_KERNEL); + info->rx_buf = kcalloc(info->rx_buf_count, info->rx_buf_size, GFP_KERNEL); if (info->rx_buf == NULL) return -ENOMEM; @@ -2695,10 +2702,10 @@ static int mgslpc_add_device(MGSLPC_INFO *info) current_dev->next_device = info; } - if (info->max_frame_size < 4096) - info->max_frame_size = 4096; - else if (info->max_frame_size > 65535) - info->max_frame_size = 65535; + if (info->max_frame_size < MGSLPC_MIN_FRAME_SIZE) + info->max_frame_size = MGSLPC_MIN_FRAME_SIZE; + else if (info->max_frame_size > MGSLPC_MAX_FRAME_SIZE) + info->max_frame_size = MGSLPC_MAX_FRAME_SIZE; printk("SyncLink PC Card %s:IO=%04X IRQ=%d\n", info->device_name, info->io_base, info->irq_level);
One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct RXBUF and refactor the rest of the code accordingly. While at it, fix an edge case which could cause rx_buf_count to be 0 when max_frame_size was set to the maximum allowed value (65535). It's worth mentioning that struct RXBUF was allocating 1 byte "too much" for what is required (ignoring bytes added by padding). This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy() and help us make progress towards globally enabling -fstrict-flex-arrays=3 [1]. Link: https://github.com/KSPP/linux/issues/79 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1] Signed-off-by: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@gmail.com> --- Changelog: - v3: fix size calculation mistakes using overflow.h macros: (Req: Andy Shevchenko, Kees Cook) add notes struct RXBUF size (Kees Cook) - v2: removed changes to how the size of RXBUF was calculated. I changed my mind after thinking about the existing padding in the struct. Happy to discuss it if anyone sees it differently. - v1: https://lore.kernel.org/lkml/Y5mMWEtHWKOiPVU+@mail.google.com/ --- drivers/char/pcmcia/synclink_cs.c | 33 +++++++++++++++++++------------ 1 file changed, 20 insertions(+), 13 deletions(-)