scsi: hptiop: Replace one-element array with flexible-array member

One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct hpt_iop_request_scsi_command and refactor the rest of the code, accordingly. The following pieces of code suggest that the one element of array sg_list in struct hpt_iop_request_scsi_command is not taken into account when calculating the total size for both struct hpt_iop_request_scsi_command and the maximum number of elements sg_list will contain: 1047 req->header.size = cpu_to_le32( 1048 sizeof(struct hpt_iop_request_scsi_command) 1049 - sizeof(struct hpt_iopsg) 1050 + sg_count * sizeof(struct hpt_iopsg)); 1400 req_size = sizeof(struct hpt_iop_request_scsi_command) 1401 + sizeof(struct hpt_iopsg) * (hba->max_sg_descriptors - 1); So it's safe to replace the one-element array with a flexible-array member and update the code above, accordingly: now we don't need to subtract sizeof(struct hpt_iopsg) from sizeof(struct hpt_iop_request_scsi_command) because this is implicitly done by the flex-array transformation. Link: https://github.com/KSPP/linux/issues/79 Link: https://github.com/KSPP/linux/issues/205 Link: https://lore.kernel.org/r/6238ccf37798e36d783f5ce5e483e6837e98be79.1663865333.git.gustavoars@kernel.orgReviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

scsi: hptiop: Replace one-element array with flexible-array member
One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in struct hpt_iop_request_scsi_command and refactor the rest of the code, accordingly. The following pieces of code suggest that the one element of array sg_list in struct hpt_iop_request_scsi_command is not taken into account when calculating the total size for both struct hpt_iop_request_scsi_command and the maximum number of elements sg_list will contain: 1047 req->header.size = cpu_to_le32( 1048 sizeof(struct hpt_iop_request_scsi_command) 1049 - sizeof(struct hpt_iopsg) 1050 + sg_count * sizeof(struct hpt_iopsg)); 1400 req_size = sizeof(struct hpt_iop_request_scsi_command) 1401 + sizeof(struct hpt_iopsg) * (hba->max_sg_descriptors - 1); So it's safe to replace the one-element array with a flexible-array member and update the code above, accordingly: now we don't need to subtract sizeof(struct hpt_iopsg) from sizeof(struct hpt_iop_request_scsi_command) because this is implicitly done by the flex-array transformation. Link: https://github.com/KSPP/linux/issues/79 Link: https://github.com/KSPP/linux/issues/205 Link: https://lore.kernel.org/r/6238ccf37798e36d783f5ce5e483e6837e98be79.1663865333.git.gustavoars@kernel.orgReviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
c682df71 · Gustavo A. R. Silva · Martin K. Petersen · d8c22c46 · c682df71 · c682df71
Commit c682df71 authored Sep 22, 2022 by Gustavo A. R. Silva Committed by Martin K. Petersen Sep 25, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

drivers/scsi/hptiop.c drivers/scsi/hptiop.c +1 -2

drivers/scsi/hptiop.h drivers/scsi/hptiop.h +1 -1

No files found.
--- a/drivers/scsi/hptiop.c
+++ b/drivers/scsi/hptiop.c
@@ -1046,7 +1046,6 @@ static int hptiop_queuecommand_lck(struct scsi_cmnd *scp)
 	req->lun = scp->device->lun;
 	req->header.size = cpu_to_le32(
 				sizeof(struct hpt_iop_request_scsi_command)
-				 - sizeof(struct hpt_iopsg)
 				 + sg_count * sizeof(struct hpt_iopsg));

 	memcpy(req->cdb, scp->cmnd, sizeof(req->cdb));
@@ -1398,7 +1397,7 @@ static int hptiop_probe(struct pci_dev *pcidev, const struct pci_device_id *id)
 	host->max_cmd_len = 16;

 	req_size = sizeof(struct hpt_iop_request_scsi_command)
-		+ sizeof(struct hpt_iopsg) * (hba->max_sg_descriptors - 1);
+		+ sizeof(struct hpt_iopsg) * hba->max_sg_descriptors;
 	if ((req_size & 0x1f) != 0)
 		req_size = (req_size + 0x1f) & ~0x1f;


--- a/drivers/scsi/hptiop.h
+++ b/drivers/scsi/hptiop.h
@@ -228,7 +228,7 @@ struct hpt_iop_request_scsi_command {
 	u8     pad1;
 	u8     cdb[16];
 	__le32 dataxfer_length;
-	struct hpt_iopsg sg_list[1];
+	struct hpt_iopsg sg_list[];
 };

 struct hpt_iop_request_ioctl_command {