From patchwork Fri Aug 27 16:30:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 504000 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A466C43216 for ; Fri, 27 Aug 2021 16:30:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5422F60F14 for ; Fri, 27 Aug 2021 16:30:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234916AbhH0QbW (ORCPT ); Fri, 27 Aug 2021 12:31:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235993AbhH0QbQ (ORCPT ); Fri, 27 Aug 2021 12:31:16 -0400 Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85C52C0613D9 for ; Fri, 27 Aug 2021 09:30:27 -0700 (PDT) Received: by mail-pj1-x102f.google.com with SMTP id n13-20020a17090a4e0d00b0017946980d8dso9236322pjh.5 for ; Fri, 27 Aug 2021 09:30:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=AmRGvbkZ+HWY5GZhyZd4YkSqh2o2/5UvgQvzBZ7Y2Ws=; b=PbsJrBMRKF/2vojBT1FJDhx/vuIEAl3DBhXymIuoiS3bjtC9u99BlyecfyeUVCLo7H ghgkOa3TLsAFj8jiEcFUTOTXDRCXv6iJOcqITBEi4O8pF5th6eTPpBnLanlrW86k8Glf T+nSBgmKSMw4IjvwkQjpua7f8NsWP0yhHmDvg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AmRGvbkZ+HWY5GZhyZd4YkSqh2o2/5UvgQvzBZ7Y2Ws=; b=B1F8hL9YASgTzMWLXNIbX/45Z/LpVjlVmHSz05s/z/2SRtnAzs7YGKOfmnMciEVZLB RffxCFfNzaWFfjHFvyWiClnfA0oztpUslIISezKyhzgEdbxIsPs6k1k1CUZogHn2TO6L lMPm35OPBZ+9pj3BIzCU4w9aAUnW1bjEwooqo2DaiH4I8Z5LmjEFk2dvhKZ/HIkwGyic wSpzouzv17D6huXiqaa0ZqwFWozlJzs45wl7ZTMgKOckyLxJjwjHbwnnKAmsUr+DmnHc 91iTx+DvAMNkB6gDjpqx4pB/MNQcKBZaUwWMq/b5v+1E1vnx97LC7KREfb9XJFykIZ2j 6GzA== X-Gm-Message-State: AOAM5335ISHaFlDyPPxnfHF6SF/erRMh5s+2rT0S8PW7UAkw4Po1qwjw 47lA3IL4XQH/V25XxHCC2uG47A== X-Google-Smtp-Source: ABdhPJzfk4UnyWU+F8v5+CWMNHDk8HKgiEMVa3XrHpLNd6CNMykmib0yPZjm6yRM9/7ypO678H9nig== X-Received: by 2002:a17:90a:a404:: with SMTP id y4mr11944751pjp.52.1630081827075; Fri, 27 Aug 2021 09:30:27 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id i6sm6964852pfa.44.2021.08.27.09.30.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Aug 2021 09:30:18 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , "Gustavo A. R. Silva" , Arnd Bergmann , Ayush Sawal , Vinay Kumar Yadav , Rohit Maheshwari , Herbert Xu , "David S. Miller" , Kalle Valo , Jakub Kicinski , Stanislaw Gruszka , Luca Coelho , "James E.J. Bottomley" , "Martin K. Petersen" , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Johannes Berg , Mordechay Goodstein , Lee Jones , Wolfgang Grandegger , Marc Kleine-Budde , Arunachalam Santhanam , Vincent Mailhol , Mikulas Patocka , linux-crypto@vger.kernel.org, ath10k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-scsi@vger.kernel.org, linux-can@vger.kernel.org, bpf@vger.kernel.org, Rasmus Villemoes , Keith Packard , Dan Williams , Daniel Vetter , clang-built-linux@googlegroups.com, linux-hardening@vger.kernel.org Subject: [PATCH v3 2/5] treewide: Replace open-coded flex arrays in unions Date: Fri, 27 Aug 2021 09:30:12 -0700 Message-Id: <20210827163015.3141722-3-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210827163015.3141722-1-keescook@chromium.org> References: <20210827163015.3141722-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=12270; h=from:subject; bh=eFCqj8TgCluR7qHynURYZ3UAYbkKodDwENZe+J/Ww2Q=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhKRMWXBl23f3wYmfAA9oafQAsGo7DW0itqZdpWZf5 gSdVkAKJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYSkTFgAKCRCJcvTf3G3AJmBoD/ 42XX6WCHs/GxmJ0TRmk9fQ9rZ0aHarUT5iOQDO54UR5mO7QGfQLZBAekcL6VoOCcFmDb8/kMN69aKi i1tMqoKXTehr4M+M/PSneXVzBBt6oNUBt0hfn4tvTpdvKaJcSUXIzG6gYaQSNb9+pWESUnOdIHD4U8 QwTOE+Cf0d8Eoja+9ApWCBj4XHZY9GsHStcT/EYsTrOaurp2Jmqo79kOiZht1P4qIYmAiIOD9bgjuE wSRzPl33zylBStMO+CNTK2h9g2lTc0p3ln3sxbHSs9f4UW8HXohR7GcY/ZnsXWQfrwL6GPeaTI4U0f D7r2CkyaraTarN7iBaeUo6KBSAzyJ0grjvLiyrVj/FN7IN5lfNdZwO1ENj84mo4yv/GJJWv/QHK8t+ PTYJgTE9ukqmToa/Yb+8+fiSA2uaEy431jAL3ZPrJiOGvLB4sAWRNxiHjHi/h02kGzJ+Um9pA0i1Ef +TDsmdMun7/PqRLWm8Ss0xXm8TpMOkROtyjTWTipN4rlIzGCkVch6/nis3RmICdpmLsnw/yDZuB/RM y4lwcbImf2olvkiavsNRHqQMSNEHxMMuxa6GEhPc1CouLFUypjkv8lOffUdV2C6oDRBR78XRINU9i2 /lnvW1jKL07JSC30nYUaj409ff+zY4sMBCbcV00kH+L/BunY6FL8zDvfy8qA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org In support of enabling -Warray-bounds and -Wzero-length-bounds and correctly handling run-time memcpy() bounds checking, replace all open-coded flexible arrays (i.e. 0-element arrays) in unions with the DECLARE_FLEX_ARRAY() helper macro. This fixes warnings such as: fs/hpfs/anode.c: In function 'hpfs_add_sector_to_btree': fs/hpfs/anode.c:209:27: warning: array subscript 0 is outside the bounds of an interior zero-length array 'struct bplus_internal_node[0]' [-Wzero-length-bounds] 209 | anode->btree.u.internal[0].down = cpu_to_le32(a); | ~~~~~~~~~~~~~~~~~~~~~~~^~~ In file included from fs/hpfs/hpfs_fn.h:26, from fs/hpfs/anode.c:10: fs/hpfs/hpfs.h:412:32: note: while referencing 'internal' 412 | struct bplus_internal_node internal[0]; /* (internal) 2-word entries giving | ^~~~~~~~ drivers/net/can/usb/etas_es58x/es58x_fd.c: In function 'es58x_fd_tx_can_msg': drivers/net/can/usb/etas_es58x/es58x_fd.c:360:35: warning: array subscript 65535 is outside the bounds of an interior zero-length array 'u8[0]' {aka 'unsigned char[]'} [-Wzero-length-bounds] 360 | tx_can_msg = (typeof(tx_can_msg))&es58x_fd_urb_cmd->raw_msg[msg_len]; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from drivers/net/can/usb/etas_es58x/es58x_core.h:22, from drivers/net/can/usb/etas_es58x/es58x_fd.c:17: drivers/net/can/usb/etas_es58x/es58x_fd.h:231:6: note: while referencing 'raw_msg' 231 | u8 raw_msg[0]; | ^~~~~~~ Cc: "Gustavo A. R. Silva" Cc: Arnd Bergmann Cc: Ayush Sawal Cc: Vinay Kumar Yadav Cc: Rohit Maheshwari Cc: Herbert Xu Cc: "David S. Miller" Cc: Kalle Valo Cc: Jakub Kicinski Cc: Stanislaw Gruszka Cc: Luca Coelho Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Andrii Nakryiko Cc: Martin KaFai Lau Cc: Song Liu Cc: Yonghong Song Cc: John Fastabend Cc: KP Singh Cc: Johannes Berg Cc: Mordechay Goodstein Cc: Lee Jones Cc: Wolfgang Grandegger Cc: Marc Kleine-Budde Cc: Arunachalam Santhanam Cc: Vincent Mailhol Cc: Mikulas Patocka Cc: linux-crypto@vger.kernel.org Cc: ath10k@lists.infradead.org Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-scsi@vger.kernel.org Cc: linux-can@vger.kernel.org Cc: bpf@vger.kernel.org Acked-by: Marc Kleine-Budde # drivers/net/can/usb/etas_es58x/* Signed-off-by: Kees Cook --- drivers/crypto/chelsio/chcr_crypto.h | 14 +++++++++----- drivers/net/can/usb/etas_es58x/es581_4.h | 2 +- drivers/net/can/usb/etas_es58x/es58x_fd.h | 2 +- drivers/net/wireless/ath/ath10k/htt.h | 7 +++++-- drivers/net/wireless/intel/iwlegacy/commands.h | 6 ++++-- drivers/net/wireless/intel/iwlwifi/dvm/commands.h | 6 ++++-- drivers/net/wireless/intel/iwlwifi/fw/api/tx.h | 6 ++++-- drivers/scsi/aic94xx/aic94xx_sds.c | 6 ++++-- fs/hpfs/hpfs.h | 8 ++++---- include/linux/filter.h | 6 ++++-- include/scsi/sas.h | 12 ++++++++---- include/uapi/rdma/rdma_user_rxe.h | 4 ++-- include/uapi/sound/asoc.h | 4 ++-- 13 files changed, 52 insertions(+), 31 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index e89f9e0094b4..c7816c83e324 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -222,8 +222,10 @@ struct chcr_authenc_ctx { }; struct __aead_ctx { - struct chcr_gcm_ctx gcm[0]; - struct chcr_authenc_ctx authenc[]; + union { + DECLARE_FLEX_ARRAY(struct chcr_gcm_ctx, gcm); + DECLARE_FLEX_ARRAY(struct chcr_authenc_ctx, authenc); + }; }; struct chcr_aead_ctx { @@ -245,9 +247,11 @@ struct hmac_ctx { }; struct __crypto_ctx { - struct hmac_ctx hmacctx[0]; - struct ablk_ctx ablkctx[0]; - struct chcr_aead_ctx aeadctx[]; + union { + DECLARE_FLEX_ARRAY(struct hmac_ctx, hmacctx); + DECLARE_FLEX_ARRAY(struct ablk_ctx, ablkctx); + DECLARE_FLEX_ARRAY(struct chcr_aead_ctx, aeadctx); + }; }; struct chcr_context { diff --git a/drivers/net/can/usb/etas_es58x/es581_4.h b/drivers/net/can/usb/etas_es58x/es581_4.h index 4bc60a6df697..667ecb77168c 100644 --- a/drivers/net/can/usb/etas_es58x/es581_4.h +++ b/drivers/net/can/usb/etas_es58x/es581_4.h @@ -192,7 +192,7 @@ struct es581_4_urb_cmd { struct es581_4_rx_cmd_ret rx_cmd_ret; __le64 timestamp; u8 rx_cmd_ret_u8; - u8 raw_msg[0]; + DECLARE_FLEX_ARRAY(u8, raw_msg); } __packed; __le16 reserved_for_crc16_do_not_use; diff --git a/drivers/net/can/usb/etas_es58x/es58x_fd.h b/drivers/net/can/usb/etas_es58x/es58x_fd.h index ee18a87e40c0..e33003f96e5e 100644 --- a/drivers/net/can/usb/etas_es58x/es58x_fd.h +++ b/drivers/net/can/usb/etas_es58x/es58x_fd.h @@ -228,7 +228,7 @@ struct es58x_fd_urb_cmd { struct es58x_fd_tx_ack_msg tx_ack_msg; __le64 timestamp; __le32 rx_cmd_ret_le32; - u8 raw_msg[0]; + DECLARE_FLEX_ARRAY(u8, raw_msg); } __packed; __le16 reserved_for_crc16_do_not_use; diff --git a/drivers/net/wireless/ath/ath10k/htt.h b/drivers/net/wireless/ath/ath10k/htt.h index ec689e3ce48a..a6de08d3bf4a 100644 --- a/drivers/net/wireless/ath/ath10k/htt.h +++ b/drivers/net/wireless/ath/ath10k/htt.h @@ -1674,8 +1674,11 @@ struct htt_tx_fetch_ind { __le32 token; __le16 num_resp_ids; __le16 num_records; - __le32 resp_ids[0]; /* ath10k_htt_get_tx_fetch_ind_resp_ids() */ - struct htt_tx_fetch_record records[]; + union { + /* ath10k_htt_get_tx_fetch_ind_resp_ids() */ + DECLARE_FLEX_ARRAY(__le32, resp_ids); + DECLARE_FLEX_ARRAY(struct htt_tx_fetch_record, records); + }; } __packed; static inline void * diff --git a/drivers/net/wireless/intel/iwlegacy/commands.h b/drivers/net/wireless/intel/iwlegacy/commands.h index 89c6671b32bc..4a97310f8fee 100644 --- a/drivers/net/wireless/intel/iwlegacy/commands.h +++ b/drivers/net/wireless/intel/iwlegacy/commands.h @@ -1408,8 +1408,10 @@ struct il3945_tx_cmd { * MAC header goes here, followed by 2 bytes padding if MAC header * length is 26 or 30 bytes, followed by payload data */ - u8 payload[0]; - struct ieee80211_hdr hdr[]; + union { + DECLARE_FLEX_ARRAY(u8, payload); + DECLARE_FLEX_ARRAY(struct ieee80211_hdr, hdr); + }; } __packed; /* diff --git a/drivers/net/wireless/intel/iwlwifi/dvm/commands.h b/drivers/net/wireless/intel/iwlwifi/dvm/commands.h index 235c7a2e3483..75a4b8e26232 100644 --- a/drivers/net/wireless/intel/iwlwifi/dvm/commands.h +++ b/drivers/net/wireless/intel/iwlwifi/dvm/commands.h @@ -1251,8 +1251,10 @@ struct iwl_tx_cmd { * MAC header goes here, followed by 2 bytes padding if MAC header * length is 26 or 30 bytes, followed by payload data */ - u8 payload[0]; - struct ieee80211_hdr hdr[]; + union { + DECLARE_FLEX_ARRAY(u8, payload); + DECLARE_FLEX_ARRAY(struct ieee80211_hdr, hdr); + }; } __packed; /* diff --git a/drivers/net/wireless/intel/iwlwifi/fw/api/tx.h b/drivers/net/wireless/intel/iwlwifi/fw/api/tx.h index 24e4a82a55da..66c5487e857e 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/api/tx.h +++ b/drivers/net/wireless/intel/iwlwifi/fw/api/tx.h @@ -713,8 +713,10 @@ struct iwl_mvm_compressed_ba_notif { __le32 tx_rate; __le16 tfd_cnt; __le16 ra_tid_cnt; - struct iwl_mvm_compressed_ba_ratid ra_tid[0]; - struct iwl_mvm_compressed_ba_tfd tfd[]; + union { + DECLARE_FLEX_ARRAY(struct iwl_mvm_compressed_ba_ratid, ra_tid); + DECLARE_FLEX_ARRAY(struct iwl_mvm_compressed_ba_tfd, tfd); + }; } __packed; /* COMPRESSED_BA_RES_API_S_VER_4 */ /** diff --git a/drivers/scsi/aic94xx/aic94xx_sds.c b/drivers/scsi/aic94xx/aic94xx_sds.c index 46815e65f7a4..5def83c88f13 100644 --- a/drivers/scsi/aic94xx/aic94xx_sds.c +++ b/drivers/scsi/aic94xx/aic94xx_sds.c @@ -517,8 +517,10 @@ struct asd_ms_conn_map { u8 num_nodes; u8 usage_model_id; u32 _resvd; - struct asd_ms_conn_desc conn_desc[0]; - struct asd_ms_node_desc node_desc[]; + union { + DECLARE_FLEX_ARRAY(struct asd_ms_conn_desc, conn_desc); + DECLARE_FLEX_ARRAY(struct asd_ms_node_desc, node_desc); + }; } __attribute__ ((packed)); struct asd_ctrla_phy_entry { diff --git a/fs/hpfs/hpfs.h b/fs/hpfs/hpfs.h index d92c4af3e1b4..281dec8f636b 100644 --- a/fs/hpfs/hpfs.h +++ b/fs/hpfs/hpfs.h @@ -409,10 +409,10 @@ struct bplus_header __le16 first_free; /* offset from start of header to first free node in array */ union { - struct bplus_internal_node internal[0]; /* (internal) 2-word entries giving - subtree pointers */ - struct bplus_leaf_node external[0]; /* (external) 3-word entries giving - sector runs */ + /* (internal) 2-word entries giving subtree pointers */ + DECLARE_FLEX_ARRAY(struct bplus_internal_node, internal); + /* (external) 3-word entries giving sector runs */ + DECLARE_FLEX_ARRAY(struct bplus_leaf_node, external); } u; }; diff --git a/include/linux/filter.h b/include/linux/filter.h index 472f97074da0..5ca52bfa5868 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -572,8 +572,10 @@ struct bpf_prog { struct bpf_prog_aux *aux; /* Auxiliary fields */ struct sock_fprog_kern *orig_prog; /* Original BPF program */ /* Instructions for interpreter */ - struct sock_filter insns[0]; - struct bpf_insn insnsi[]; + union { + DECLARE_FLEX_ARRAY(struct sock_filter, insns); + DECLARE_FLEX_ARRAY(struct bpf_insn, insnsi); + }; }; struct sk_filter { diff --git a/include/scsi/sas.h b/include/scsi/sas.h index 4726c1bbec65..64154c1fed02 100644 --- a/include/scsi/sas.h +++ b/include/scsi/sas.h @@ -323,8 +323,10 @@ struct ssp_response_iu { __be32 sense_data_len; __be32 response_data_len; - u8 resp_data[0]; - u8 sense_data[]; + union { + DECLARE_FLEX_ARRAY(u8, resp_data); + DECLARE_FLEX_ARRAY(u8, sense_data); + }; } __attribute__ ((packed)); struct ssp_command_iu { @@ -554,8 +556,10 @@ struct ssp_response_iu { __be32 sense_data_len; __be32 response_data_len; - u8 resp_data[0]; - u8 sense_data[]; + union { + DECLARE_FLEX_ARRAY(u8, resp_data); + DECLARE_FLEX_ARRAY(u8, sense_data); + }; } __attribute__ ((packed)); struct ssp_command_iu { diff --git a/include/uapi/rdma/rdma_user_rxe.h b/include/uapi/rdma/rdma_user_rxe.h index e283c2220aba..7f44d54bb0ab 100644 --- a/include/uapi/rdma/rdma_user_rxe.h +++ b/include/uapi/rdma/rdma_user_rxe.h @@ -141,8 +141,8 @@ struct rxe_dma_info { __u32 sge_offset; __u32 reserved; union { - __u8 inline_data[0]; - struct rxe_sge sge[0]; + __DECLARE_FLEX_ARRAY(__u8, inline_data); + __DECLARE_FLEX_ARRAY(struct rxe_sge, sge); }; }; diff --git a/include/uapi/sound/asoc.h b/include/uapi/sound/asoc.h index da61398b1f8f..053949287ce8 100644 --- a/include/uapi/sound/asoc.h +++ b/include/uapi/sound/asoc.h @@ -240,8 +240,8 @@ struct snd_soc_tplg_vendor_array { struct snd_soc_tplg_private { __le32 size; /* in bytes of private data */ union { - char data[0]; - struct snd_soc_tplg_vendor_array array[0]; + __DECLARE_FLEX_ARRAY(char, data); + __DECLARE_FLEX_ARRAY(struct snd_soc_tplg_vendor_array, array); }; } __attribute__((packed)); From patchwork Fri Aug 27 16:30:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 503667 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4C5EC432BE for ; Fri, 27 Aug 2021 16:30:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B9C9160E99 for ; Fri, 27 Aug 2021 16:30:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235172AbhH0QbP (ORCPT ); Fri, 27 Aug 2021 12:31:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48442 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234869AbhH0QbN (ORCPT ); Fri, 27 Aug 2021 12:31:13 -0400 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 795F2C0613CF for ; Fri, 27 Aug 2021 09:30:24 -0700 (PDT) Received: by mail-pf1-x431.google.com with SMTP id j187so6139324pfg.4 for ; Fri, 27 Aug 2021 09:30:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1psCo0hHdSsvpvZi1i10TA+ZorhOo3SQLpKqrNnbpKQ=; b=OmnqFAP7ktTCd9H3gR8AVQeDG+ud0Mtb2MSPXbpux8F/3bTLlDa8f5Vcqs7FwvrfVk 731hNKcsoWeGTILObQXHXl5QUzZuVzwVHwtI6D2+JXxVGW+sQ7jnUj3Q7lJweJ4NAedF Tb3qROx9NVlnsVaFGC4Ka3YR8s7r8IkeN8bjQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1psCo0hHdSsvpvZi1i10TA+ZorhOo3SQLpKqrNnbpKQ=; b=K/JXU2eK/zRsaJ+KpgSmLopDilzpTZCA3B3XkfVxruUK5XcG/RcJbC3Wdx8GuAipyt ZngrLxxoBqFlhYMp+ejMMFEUnZE+oW0Yu63uh6dGICf4LgVv/Una0GpTFIItfGyPQCJ0 oAMGBDMmVD84l6EuNFZb5jbYVZJOlwHIeiHg/WNLLkhSjuYWHLUm3n8BLi5u94/u/W6b jkQDOSlzbh8eHtBJnI33PTnN7zPvLa3QkaCNoXJLW+CO3Q+/aZV0u78Oahz4+dsCX9u5 FqYC/W+wW3J1eGuL54hKM7ZzWg+Li/IBfqHGim9/F1gxzpsV7ZpCmTQzcu7Z/ii+Rc1F Fbjw== X-Gm-Message-State: AOAM5322uNvdQNlFkVEDzNVZXk/+Xs/viHUH4QwMTiEyO/BcYgrCBARQ MoVj3qD3ppJltIyMnNHC00YWew== X-Google-Smtp-Source: ABdhPJzetnDNmg6GQEa6gDwmO0Vjz/O0oS5CoVDRuSpJH609wxH+6x0AvmklOe/wlDSvwKW+u/LiYA== X-Received: by 2002:a63:68a:: with SMTP id 132mr8698863pgg.154.1630081823959; Fri, 27 Aug 2021 09:30:23 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id x16sm7444590pgc.49.2021.08.27.09.30.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Aug 2021 09:30:18 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , "Gustavo A. R. Silva" , Arnd Bergmann , Kalle Valo , "David S. Miller" , Jakub Kicinski , Nilesh Javali , Manish Rangankar , GR-QLogic-Storage-Upstream@marvell.com, "James E.J. Bottomley" , "Martin K. Petersen" , Larry Finger , Phillip Potter , Greg Kroah-Hartman , Florian Schilhabel , Johannes Berg , Christophe JAILLET , Fabio Aiuto , Ross Schmidt , Marco Cesati , ath10k@lists.infradead.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-scsi@vger.kernel.org, linux-staging@lists.linux.dev, Rasmus Villemoes , Keith Packard , Dan Williams , Daniel Vetter , clang-built-linux@googlegroups.com, linux-hardening@vger.kernel.org Subject: [PATCH v3 3/5] treewide: Replace 0-element memcpy() destinations with flexible arrays Date: Fri, 27 Aug 2021 09:30:13 -0700 Message-Id: <20210827163015.3141722-4-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210827163015.3141722-1-keescook@chromium.org> References: <20210827163015.3141722-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=9615; h=from:subject; bh=DQFK9rz+vbtwSe8m1jRGSzDk89AmiraaMvJ3vzaHm8Y=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhKRMWNfZsDewA0npSo8PMQq7ndkNGBWcmzgJmKRrJ 1BkWyaKJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYSkTFgAKCRCJcvTf3G3AJr0uD/ 4mAYPTqz/QSFVNhxAMqLvTQS1+RgNFauOCioQYwm1AMJdQ8XhUGVPZ5u7bpT77mQ4ShRsILG1SKcRq X2v0DzW0lK/aU0unUk0NzIIVHn5L2izCW1x66txy02zy1EMGvgy7A4k25ef19jKZn5W0nYlHFokzsB OmUn/u9jfMVp0lQlJZYc5u+oLNwFHerFEME+eQuB2GPR2MXgGmItzHkhlJ3rg5zOITlORtNZxpTuQE cJa6WU27FaSI4SzOoLDXs2bJ8/uNKRq6Rm1fLN0IFrV6TxBUExu2x9TDuCPrLsayDjtWDSed96v4k3 wf7j2rtoN4ra8X84L3mtuBv0ye7UDIiMJrBxwqqmJLPsiNLECTfh/s8YcmypPEMFyIrQx5lHhQEFgU yIcdbY5hY/Ok2A2Jh9vgkjghochXbxfy1R7sboEoh9ZipKOWdIQEIt+Ihat2UsOcNi7XQRsoVM/UhF 4zRfIi3vicfpkpZGiU/orZN69+ouZyzFrNKcsK6TgjJVBU0cZR148+Pi0cb3phPtxrczreV4TbQTIw 2raMJPQBueGoeiduPt9tuBXiwVseZeVNQHRSk9A33Vkod3D6cjAVs/jPrlFG64umQd1zgHY7FFYjpJ rj9R4U+O5+aKEKzGT+UWyv+E+X7NizZ0dcfT+jBtMTEqj6BRx8G/j32rnqLQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The 0-element arrays that are used as memcpy() destinations are actually flexible arrays. Adjust their structures accordingly so that memcpy() can better reason able their destination size (i.e. they need to be seen as "unknown" length rather than "zero"). In some cases, use of the DECLARE_FLEX_ARRAY() helper is needed when a flexible array is alone in a struct. Cc: "Gustavo A. R. Silva" Cc: Arnd Bergmann Cc: Kalle Valo Cc: "David S. Miller" Cc: Jakub Kicinski Cc: Nilesh Javali Cc: Manish Rangankar Cc: GR-QLogic-Storage-Upstream@marvell.com Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: Larry Finger Cc: Phillip Potter Cc: Greg Kroah-Hartman Cc: Florian Schilhabel Cc: Johannes Berg Cc: Christophe JAILLET Cc: Fabio Aiuto Cc: Ross Schmidt Cc: Marco Cesati Cc: ath10k@lists.infradead.org Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-scsi@vger.kernel.org Cc: linux-staging@lists.linux.dev Signed-off-by: Kees Cook --- drivers/net/wireless/ath/ath10k/bmi.h | 10 +++---- drivers/scsi/qla4xxx/ql4_def.h | 4 +-- drivers/staging/rtl8188eu/include/ieee80211.h | 6 ++-- drivers/staging/rtl8712/ieee80211.h | 4 +-- drivers/staging/rtl8723bs/include/ieee80211.h | 6 ++-- include/linux/ieee80211.h | 30 +++++++++---------- include/uapi/linux/dlm_device.h | 4 +-- 7 files changed, 32 insertions(+), 32 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/bmi.h b/drivers/net/wireless/ath/ath10k/bmi.h index f6fadcbdd86e..0685c0d2d4ea 100644 --- a/drivers/net/wireless/ath/ath10k/bmi.h +++ b/drivers/net/wireless/ath/ath10k/bmi.h @@ -109,7 +109,7 @@ struct bmi_cmd { struct { __le32 addr; __le32 len; - u8 payload[0]; + u8 payload[]; } write_mem; struct { __le32 addr; @@ -138,18 +138,18 @@ struct bmi_cmd { } rompatch_uninstall; struct { __le32 count; - __le32 patch_ids[0]; /* length of @count */ + __le32 patch_ids[]; /* length of @count */ } rompatch_activate; struct { __le32 count; - __le32 patch_ids[0]; /* length of @count */ + __le32 patch_ids[]; /* length of @count */ } rompatch_deactivate; struct { __le32 addr; } lz_start; struct { __le32 len; /* max BMI_MAX_DATA_SIZE */ - u8 payload[0]; /* length of @len */ + u8 payload[]; /* length of @len */ } lz_data; struct { u8 name[BMI_NVRAM_SEG_NAME_SZ]; @@ -160,7 +160,7 @@ struct bmi_cmd { union bmi_resp { struct { - u8 payload[0]; + DECLARE_FLEX_ARRAY(u8, payload); } read_mem; struct { __le32 result; diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h index 031569c496e5..69a590546bf9 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h @@ -366,13 +366,13 @@ struct qla4_work_evt { struct { enum iscsi_host_event_code code; uint32_t data_size; - uint8_t data[0]; + uint8_t data[]; } aen; struct { uint32_t status; uint32_t pid; uint32_t data_size; - uint8_t data[0]; + uint8_t data[]; } ping; } u; }; diff --git a/drivers/staging/rtl8188eu/include/ieee80211.h b/drivers/staging/rtl8188eu/include/ieee80211.h index da6245a77d5d..aa5c1a513495 100644 --- a/drivers/staging/rtl8188eu/include/ieee80211.h +++ b/drivers/staging/rtl8188eu/include/ieee80211.h @@ -199,7 +199,7 @@ struct ieee_param { struct { u32 len; u8 reserved[32]; - u8 data[0]; + u8 data[]; } wpa_ie; struct { int command; @@ -212,7 +212,7 @@ struct ieee_param { u8 idx; u8 seq[8]; /* sequence counter (set: RX, get: TX) */ u16 key_len; - u8 key[0]; + u8 key[]; } crypt; #ifdef CONFIG_88EU_AP_MODE struct { @@ -224,7 +224,7 @@ struct ieee_param { } add_sta; struct { u8 reserved[2];/* for set max_num_sta */ - u8 buf[0]; + u8 buf[]; } bcn_ie; #endif diff --git a/drivers/staging/rtl8712/ieee80211.h b/drivers/staging/rtl8712/ieee80211.h index 61eff7c5746b..65ceaca9b51e 100644 --- a/drivers/staging/rtl8712/ieee80211.h +++ b/drivers/staging/rtl8712/ieee80211.h @@ -78,7 +78,7 @@ struct ieee_param { struct { u32 len; u8 reserved[32]; - u8 data[0]; + u8 data[]; } wpa_ie; struct { int command; @@ -91,7 +91,7 @@ struct ieee_param { u8 idx; u8 seq[8]; /* sequence counter (set: RX, get: TX) */ u16 key_len; - u8 key[0]; + u8 key[]; } crypt; } u; }; diff --git a/drivers/staging/rtl8723bs/include/ieee80211.h b/drivers/staging/rtl8723bs/include/ieee80211.h index 378c21595e05..89c311cd20a6 100644 --- a/drivers/staging/rtl8723bs/include/ieee80211.h +++ b/drivers/staging/rtl8723bs/include/ieee80211.h @@ -180,7 +180,7 @@ struct ieee_param { struct { u32 len; u8 reserved[32]; - u8 data[0]; + u8 data[]; } wpa_ie; struct{ int command; @@ -193,7 +193,7 @@ struct ieee_param { u8 idx; u8 seq[8]; /* sequence counter (set: RX, get: TX) */ u16 key_len; - u8 key[0]; + u8 key[]; } crypt; struct { u16 aid; @@ -204,7 +204,7 @@ struct ieee_param { } add_sta; struct { u8 reserved[2];/* for set max_num_sta */ - u8 buf[0]; + u8 buf[]; } bcn_ie; } u; }; diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index a6730072d13a..445597c03cd1 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -1101,7 +1101,7 @@ struct ieee80211_mgmt { __le16 auth_transaction; __le16 status_code; /* possibly followed by Challenge text */ - u8 variable[0]; + u8 variable[]; } __packed auth; struct { __le16 reason_code; @@ -1110,26 +1110,26 @@ struct ieee80211_mgmt { __le16 capab_info; __le16 listen_interval; /* followed by SSID and Supported rates */ - u8 variable[0]; + u8 variable[]; } __packed assoc_req; struct { __le16 capab_info; __le16 status_code; __le16 aid; /* followed by Supported rates */ - u8 variable[0]; + u8 variable[]; } __packed assoc_resp, reassoc_resp; struct { __le16 capab_info; __le16 status_code; - u8 variable[0]; + u8 variable[]; } __packed s1g_assoc_resp, s1g_reassoc_resp; struct { __le16 capab_info; __le16 listen_interval; u8 current_ap[ETH_ALEN]; /* followed by SSID and Supported rates */ - u8 variable[0]; + u8 variable[]; } __packed reassoc_req; struct { __le16 reason_code; @@ -1140,11 +1140,11 @@ struct ieee80211_mgmt { __le16 capab_info; /* followed by some of SSID, Supported rates, * FH Params, DS Params, CF Params, IBSS Params, TIM */ - u8 variable[0]; + u8 variable[]; } __packed beacon; struct { /* only variable items: SSID, Supported rates */ - u8 variable[0]; + DECLARE_FLEX_ARRAY(u8, variable); } __packed probe_req; struct { __le64 timestamp; @@ -1152,7 +1152,7 @@ struct ieee80211_mgmt { __le16 capab_info; /* followed by some of SSID, Supported rates, * FH Params, DS Params, CF Params, IBSS Params */ - u8 variable[0]; + u8 variable[]; } __packed probe_resp; struct { u8 category; @@ -1161,16 +1161,16 @@ struct ieee80211_mgmt { u8 action_code; u8 dialog_token; u8 status_code; - u8 variable[0]; + u8 variable[]; } __packed wme_action; struct{ u8 action_code; - u8 variable[0]; + u8 variable[]; } __packed chan_switch; struct{ u8 action_code; struct ieee80211_ext_chansw_ie data; - u8 variable[0]; + u8 variable[]; } __packed ext_chan_switch; struct{ u8 action_code; @@ -1186,7 +1186,7 @@ struct ieee80211_mgmt { __le16 timeout; __le16 start_seq_num; /* followed by BA Extension */ - u8 variable[0]; + u8 variable[]; } __packed addba_req; struct{ u8 action_code; @@ -1202,11 +1202,11 @@ struct ieee80211_mgmt { } __packed delba; struct { u8 action_code; - u8 variable[0]; + u8 variable[]; } __packed self_prot; struct{ u8 action_code; - u8 variable[0]; + u8 variable[]; } __packed mesh_action; struct { u8 action; @@ -1250,7 +1250,7 @@ struct ieee80211_mgmt { u8 toa[6]; __le16 tod_error; __le16 toa_error; - u8 variable[0]; + u8 variable[]; } __packed ftm; } u; } __packed action; diff --git a/include/uapi/linux/dlm_device.h b/include/uapi/linux/dlm_device.h index f880d2831160..e83954c69fff 100644 --- a/include/uapi/linux/dlm_device.h +++ b/include/uapi/linux/dlm_device.h @@ -45,13 +45,13 @@ struct dlm_lock_params { void __user *bastaddr; struct dlm_lksb __user *lksb; char lvb[DLM_USER_LVB_LEN]; - char name[0]; + char name[]; }; struct dlm_lspace_params { __u32 flags; __u32 minor; - char name[0]; + char name[]; }; struct dlm_purge_params {