Commit d67790dd authored by Kees Cook's avatar Kees Cook
Browse files

overflow: Add struct_size_t() helper 



While struct_size() is normally used in situations where the structure
type already has a pointer instance, there are places where no variable
is available. In the past, this has been worked around by using a typed
NULL first argument, but this is a bit ugly. Add a helper to do this,
and replace the handful of instances of the code pattern with it.

Instances were found with this Coccinelle script:

@struct_size_t@
identifier STRUCT, MEMBER;
expression COUNT;
@@

-       struct_size((struct STRUCT *)\(0\|NULL\),
+       struct_size_t(struct STRUCT,
                MEMBER, COUNT)

Suggested-by: default avatarChristoph Hellwig <hch@infradead.org>
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: James Smart <james.smart@broadcom.com>
Cc: Keith Busch <kbusch@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Sagi Grimberg <sagi@grimberg.me>
Cc: HighPoint Linux Team <linux@highpoint-tech.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Kashyap Desai <kashyap.desai@broadcom.com>
Cc: Sumit Saxena <sumit.saxena@broadcom.com>
Cc: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Cc: Don Brace <don.brace@microchip.com>
Cc: "Darrick J. Wong" <djwong@kernel.org>
Cc: Dave Chinner <dchinner@redhat.com>
Cc: Guo Xuenan <guoxuenan@huawei.com>
Cc: Gwan-gyeong Mun <gwan-gyeong.mun@intel.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Daniel Latypov <dlatypov@google.com>
Cc: kernel test robot <lkp@intel.com>
Cc: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org
Cc: linux-nvme@lists.infradead.org
Cc: linux-scsi@vger.kernel.org
Cc: megaraidlinux.pdl@broadcom.com
Cc: storagedev@microchip.com
Cc: linux-xfs@vger.kernel.org
Cc: linux-hardening@vger.kernel.org
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Acked-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
Reviewed-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Acked-by: default avatarJakub Kicinski <kuba@kernel.org>
Reviewed-by: default avatarAlexander Lobakin <aleksander.lobakin@intel.com>
Link: https://lore.kernel.org/r/20230522211810.never.421-kees@kernel.org
parent 7f09a3a0

drivers/net/ethernet/intel/ice/ice_ddp.h

+4 −5
Original line number Diff line number Diff line
@@ -185,7 +185,7 @@ struct ice_buf_hdr { 


#define ICE_MAX_ENTRIES_IN_BUF(hd_sz, ent_sz)                                 \

	((ICE_PKG_BUF_SIZE -                                                  \

	  struct_size((struct ice_buf_hdr *)0, section_entry, 1) - (hd_sz)) / \

	  struct_size_t(struct ice_buf_hdr,  section_entry, 1) - (hd_sz)) / \

	 (ent_sz))



/* ice package section IDs */
@@ -297,7 +297,7 @@ struct ice_label_section { 
};



#define ICE_MAX_LABELS_IN_BUF                                             \

	ICE_MAX_ENTRIES_IN_BUF(struct_size((struct ice_label_section *)0, \

	ICE_MAX_ENTRIES_IN_BUF(struct_size_t(struct ice_label_section,  \

					   label, 1) -                    \

				       sizeof(struct ice_label),          \

			       sizeof(struct ice_label))
@@ -352,7 +352,7 @@ struct ice_boost_tcam_section { 
};



#define ICE_MAX_BST_TCAMS_IN_BUF                                               \

	ICE_MAX_ENTRIES_IN_BUF(struct_size((struct ice_boost_tcam_section *)0, \

	ICE_MAX_ENTRIES_IN_BUF(struct_size_t(struct ice_boost_tcam_section,  \

					   tcam, 1) -                          \

				       sizeof(struct ice_boost_tcam_entry),    \

			       sizeof(struct ice_boost_tcam_entry))
@@ -372,8 +372,7 @@ struct ice_marker_ptype_tcam_section { 
};



#define ICE_MAX_MARKER_PTYPE_TCAMS_IN_BUF                                    \

	ICE_MAX_ENTRIES_IN_BUF(                                              \

		struct_size((struct ice_marker_ptype_tcam_section *)0, tcam, \

	ICE_MAX_ENTRIES_IN_BUF(struct_size_t(struct ice_marker_ptype_tcam_section,  tcam, \

			    1) -                                             \

			sizeof(struct ice_marker_ptype_tcam_entry),          \

		sizeof(struct ice_marker_ptype_tcam_entry))

drivers/nvme/host/fc.c

+4 −4
Original line number Diff line number Diff line
@@ -2917,7 +2917,7 @@ nvme_fc_create_io_queues(struct nvme_fc_ctrl *ctrl) 


	ret = nvme_alloc_io_tag_set(&ctrl->ctrl, &ctrl->tag_set,

			&nvme_fc_mq_ops, 1,

			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,

			struct_size_t(struct nvme_fcp_op_w_sgl, priv,

				      ctrl->lport->ops->fcprqst_priv_sz));

	if (ret)

		return ret;
@@ -3536,7 +3536,7 @@ nvme_fc_init_ctrl(struct device *dev, struct nvmf_ctrl_options *opts, 


	ret = nvme_alloc_admin_tag_set(&ctrl->ctrl, &ctrl->admin_tag_set,

			&nvme_fc_admin_mq_ops,

			struct_size((struct nvme_fcp_op_w_sgl *)NULL, priv,

			struct_size_t(struct nvme_fcp_op_w_sgl, priv,

				      ctrl->lport->ops->fcprqst_priv_sz));

	if (ret)

		goto fail_ctrl;

drivers/scsi/hptiop.c

+2 −2
Original line number Diff line number Diff line
@@ -1394,7 +1394,7 @@ static int hptiop_probe(struct pci_dev *pcidev, const struct pci_device_id *id) 
	host->cmd_per_lun = le32_to_cpu(iop_config.max_requests);

	host->max_cmd_len = 16;



	req_size = struct_size((struct hpt_iop_request_scsi_command *)0,

	req_size = struct_size_t(struct hpt_iop_request_scsi_command,

				 sg_list, hba->max_sg_descriptors);

	if ((req_size & 0x1f) != 0)

		req_size = (req_size + 0x1f) & ~0x1f;

drivers/scsi/megaraid/megaraid_sas_base.c

+6 −6
Original line number Diff line number Diff line
@@ -5153,7 +5153,7 @@ static void megasas_update_ext_vd_details(struct megasas_instance *instance) 
		fusion->max_map_sz = ventura_map_sz;

	} else {

		fusion->old_map_sz =

			struct_size((struct MR_FW_RAID_MAP *)0, ldSpanMap,

			struct_size_t(struct MR_FW_RAID_MAP, ldSpanMap,

				      instance->fw_supported_vd_count);

		fusion->new_map_sz =  sizeof(struct MR_FW_RAID_MAP_EXT);
@@ -5789,7 +5789,7 @@ megasas_setup_jbod_map(struct megasas_instance *instance) 
	struct fusion_context *fusion = instance->ctrl_context;

	size_t pd_seq_map_sz;



	pd_seq_map_sz = struct_size((struct MR_PD_CFG_SEQ_NUM_SYNC *)0, seq,

	pd_seq_map_sz = struct_size_t(struct MR_PD_CFG_SEQ_NUM_SYNC, seq,

				      MAX_PHYSICAL_DEVICES);



	instance->use_seqnum_jbod_fp =
@@ -8033,7 +8033,7 @@ static void megasas_detach_one(struct pci_dev *pdev) 
	if (instance->adapter_type != MFI_SERIES) {

		megasas_release_fusion(instance);

		pd_seq_map_sz =

			struct_size((struct MR_PD_CFG_SEQ_NUM_SYNC *)0,

			struct_size_t(struct MR_PD_CFG_SEQ_NUM_SYNC,

				      seq, MAX_PHYSICAL_DEVICES);

		for (i = 0; i < 2 ; i++) {

			if (fusion->ld_map[i])

drivers/scsi/megaraid/megaraid_sas_fp.c

+3 −3
Original line number Diff line number Diff line
@@ -326,7 +326,7 @@ u8 MR_ValidateMapInfo(struct megasas_instance *instance, u64 map_id) 
	else if (instance->supportmax256vd)

		expected_size = sizeof(struct MR_FW_RAID_MAP_EXT);

	else

		expected_size = struct_size((struct MR_FW_RAID_MAP *)0,

		expected_size = struct_size_t(struct MR_FW_RAID_MAP,

					      ldSpanMap,

					      le16_to_cpu(pDrvRaidMap->ldCount));