Message ID | 20220119233803.GA66829@embeddedor (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [next] tpm: xen-tpmfront: Use struct_size() helper | expand |
On Wed, Jan 19, 2022 at 05:38:03PM -0600, Gustavo A. R. Silva wrote: > Make use of the struct_size() helper instead of an open-coded version, > in order to avoid any potential type mistakes or integer overflows that, > in the worse scenario, could lead to heap overflows. > > Also, address the following sparse warning: > drivers/char/tpm/xen-tpmfront.c:131:16: warning: using sizeof on a flexible structure > > Link: https://github.com/KSPP/linux/issues/160 > Link: https://github.com/KSPP/linux/issues/174 > Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> > --- > drivers/char/tpm/xen-tpmfront.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c > index da5b30771418..f53e0cf1ec7e 100644 > --- a/drivers/char/tpm/xen-tpmfront.c > +++ b/drivers/char/tpm/xen-tpmfront.c > @@ -126,16 +126,16 @@ static void vtpm_cancel(struct tpm_chip *chip) > notify_remote_via_evtchn(priv->evtchn); > } > > -static unsigned int shr_data_offset(struct vtpm_shared_page *shr) > +static size_t shr_data_offset(struct vtpm_shared_page *shr) > { > - return sizeof(*shr) + sizeof(u32) * shr->nr_extra_pages; > + return struct_size(shr, extra_pages, shr->nr_extra_pages); > } > > static int vtpm_send(struct tpm_chip *chip, u8 *buf, size_t count) > { > struct tpm_private *priv = dev_get_drvdata(&chip->dev); > struct vtpm_shared_page *shr = priv->shr; > - unsigned int offset = shr_data_offset(shr); > + size_t offset = shr_data_offset(shr); > > u32 ordinal; > unsigned long duration; > @@ -177,7 +177,7 @@ static int vtpm_recv(struct tpm_chip *chip, u8 *buf, size_t count) > { > struct tpm_private *priv = dev_get_drvdata(&chip->dev); > struct vtpm_shared_page *shr = priv->shr; > - unsigned int offset = shr_data_offset(shr); > + size_t offset = shr_data_offset(shr); > size_t length = shr->length; > > if (shr->state == VTPM_STATE_IDLE) > -- > 2.27.0 > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> BR, Jarkko
diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c index da5b30771418..f53e0cf1ec7e 100644 --- a/drivers/char/tpm/xen-tpmfront.c +++ b/drivers/char/tpm/xen-tpmfront.c @@ -126,16 +126,16 @@ static void vtpm_cancel(struct tpm_chip *chip) notify_remote_via_evtchn(priv->evtchn); } -static unsigned int shr_data_offset(struct vtpm_shared_page *shr) +static size_t shr_data_offset(struct vtpm_shared_page *shr) { - return sizeof(*shr) + sizeof(u32) * shr->nr_extra_pages; + return struct_size(shr, extra_pages, shr->nr_extra_pages); } static int vtpm_send(struct tpm_chip *chip, u8 *buf, size_t count) { struct tpm_private *priv = dev_get_drvdata(&chip->dev); struct vtpm_shared_page *shr = priv->shr; - unsigned int offset = shr_data_offset(shr); + size_t offset = shr_data_offset(shr); u32 ordinal; unsigned long duration; @@ -177,7 +177,7 @@ static int vtpm_recv(struct tpm_chip *chip, u8 *buf, size_t count) { struct tpm_private *priv = dev_get_drvdata(&chip->dev); struct vtpm_shared_page *shr = priv->shr; - unsigned int offset = shr_data_offset(shr); + size_t offset = shr_data_offset(shr); size_t length = shr->length; if (shr->state == VTPM_STATE_IDLE)
Make use of the struct_size() helper instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worse scenario, could lead to heap overflows. Also, address the following sparse warning: drivers/char/tpm/xen-tpmfront.c:131:16: warning: using sizeof on a flexible structure Link: https://github.com/KSPP/linux/issues/160 Link: https://github.com/KSPP/linux/issues/174 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> --- drivers/char/tpm/xen-tpmfront.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)