Replace the deprecated[1] use of a 1-element array in
struct _CONFIG_PAGE_IOC_3 with a modern flexible array.
Additionally add __counted_by annotation since PhysDisk is only ever
accessed via a loops bounded by NumPhysDisks:
lsi/mpi_cnfg.h: IOC_3_PHYS_DISK PhysDisk[] __counted_by(NumPhysDisks); /* 08h */
mptscsih.c: for (i = 0; i < ioc->raid_data.pIocPg3->NumPhysDisks; i++) {
mptscsih.c: if ((id == ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskID) &&
mptscsih.c: (channel == ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskBus)) {
mptscsih.c: for (i = 0; i < ioc->raid_data.pIocPg3->NumPhysDisks; i++) {
mptscsih.c: ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum);
mptscsih.c: ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum,
mptscsih.c: for (i = 0; i < ioc->raid_data.pIocPg3->NumPhysDisks; i++) {
mptscsih.c: if ((id == ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskID) &&
mptscsih.c: (channel == ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskBus)) {
mptscsih.c: rc = ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum;
mptscsih.c: for (i = 0; i < ioc->raid_data.pIocPg3->NumPhysDisks; i++) {
mptscsih.c: ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum);
mptscsih.c: ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum,
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Sathya Prakash <sathya.prakash@broadcom.com>
Cc: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
Cc: Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: MPT-FusionLinux.pdl@broadcom.com
Cc: linux-scsi@vger.kernel.org
Cc: linux-hardening@vger.kernel.org
---
drivers/message/fusion/lsi/mpi_cnfg.h | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/drivers/message/fusion/lsi/mpi_cnfg.h b/drivers/message/fusion/lsi/mpi_cnfg.h
index 7713c74e515b..bac49c162165 100644
--- a/drivers/message/fusion/lsi/mpi_cnfg.h
+++ b/drivers/message/fusion/lsi/mpi_cnfg.h
@@ -1056,21 +1056,13 @@ typedef struct _IOC_3_PHYS_DISK
} IOC_3_PHYS_DISK, MPI_POINTER PTR_IOC_3_PHYS_DISK,
Ioc3PhysDisk_t, MPI_POINTER pIoc3PhysDisk_t;
-/*
- * Host code (drivers, BIOS, utilities, etc.) should leave this define set to
- * one and check Header.PageLength at runtime.
- */
-#ifndef MPI_IOC_PAGE_3_PHYSDISK_MAX
-#define MPI_IOC_PAGE_3_PHYSDISK_MAX (1)
-#endif
-
typedef struct _CONFIG_PAGE_IOC_3
{
CONFIG_PAGE_HEADER Header; /* 00h */
U8 NumPhysDisks; /* 04h */
U8 Reserved1; /* 05h */
U16 Reserved2; /* 06h */
- IOC_3_PHYS_DISK PhysDisk[MPI_IOC_PAGE_3_PHYSDISK_MAX]; /* 08h */
+ IOC_3_PHYS_DISK PhysDisk[] __counted_by(NumPhysDisks); /* 08h */
} CONFIG_PAGE_IOC_3, MPI_POINTER PTR_CONFIG_PAGE_IOC_3,
IOCPage3_t, MPI_POINTER pIOCPage3_t;
--
2.34.1
On 11/07/24 11:28, Kees Cook wrote:
> Replace the deprecated[1] use of a 1-element array in
> struct _CONFIG_PAGE_IOC_3 with a modern flexible array.
>
> Additionally add __counted_by annotation since PhysDisk is only ever
> accessed via a loops bounded by NumPhysDisks:
>
> lsi/mpi_cnfg.h: IOC_3_PHYS_DISK PhysDisk[] __counted_by(NumPhysDisks); /* 08h */
> mptscsih.c: for (i = 0; i < ioc->raid_data.pIocPg3->NumPhysDisks; i++) {
> mptscsih.c: if ((id == ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskID) &&
> mptscsih.c: (channel == ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskBus)) {
> mptscsih.c: for (i = 0; i < ioc->raid_data.pIocPg3->NumPhysDisks; i++) {
> mptscsih.c: ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum);
> mptscsih.c: ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum,
> mptscsih.c: for (i = 0; i < ioc->raid_data.pIocPg3->NumPhysDisks; i++) {
> mptscsih.c: if ((id == ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskID) &&
> mptscsih.c: (channel == ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskBus)) {
> mptscsih.c: rc = ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum;
> mptscsih.c: for (i = 0; i < ioc->raid_data.pIocPg3->NumPhysDisks; i++) {
> mptscsih.c: ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum);
> mptscsih.c: ioc->raid_data.pIocPg3->PhysDisk[i].PhysDiskNum,
>
> No binary differences are present after this conversion.
>
> Link: https://github.com/KSPP/linux/issues/79 [1]
> Signed-off-by: Kees Cook <kees@kernel.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Thanks
--
Gustavo
> ---
> Cc: Sathya Prakash <sathya.prakash@broadcom.com>
> Cc: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
> Cc: Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com>
> Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
> Cc: MPT-FusionLinux.pdl@broadcom.com
> Cc: linux-scsi@vger.kernel.org
> Cc: linux-hardening@vger.kernel.org
> ---
> drivers/message/fusion/lsi/mpi_cnfg.h | 10 +---------
> 1 file changed, 1 insertion(+), 9 deletions(-)
>
> diff --git a/drivers/message/fusion/lsi/mpi_cnfg.h b/drivers/message/fusion/lsi/mpi_cnfg.h
> index 7713c74e515b..bac49c162165 100644
> --- a/drivers/message/fusion/lsi/mpi_cnfg.h
> +++ b/drivers/message/fusion/lsi/mpi_cnfg.h
> @@ -1056,21 +1056,13 @@ typedef struct _IOC_3_PHYS_DISK
> } IOC_3_PHYS_DISK, MPI_POINTER PTR_IOC_3_PHYS_DISK,
> Ioc3PhysDisk_t, MPI_POINTER pIoc3PhysDisk_t;
>
> -/*
> - * Host code (drivers, BIOS, utilities, etc.) should leave this define set to
> - * one and check Header.PageLength at runtime.
> - */
> -#ifndef MPI_IOC_PAGE_3_PHYSDISK_MAX
> -#define MPI_IOC_PAGE_3_PHYSDISK_MAX (1)
> -#endif
> -
> typedef struct _CONFIG_PAGE_IOC_3
> {
> CONFIG_PAGE_HEADER Header; /* 00h */
> U8 NumPhysDisks; /* 04h */
> U8 Reserved1; /* 05h */
> U16 Reserved2; /* 06h */
> - IOC_3_PHYS_DISK PhysDisk[MPI_IOC_PAGE_3_PHYSDISK_MAX]; /* 08h */
> + IOC_3_PHYS_DISK PhysDisk[] __counted_by(NumPhysDisks); /* 08h */
> } CONFIG_PAGE_IOC_3, MPI_POINTER PTR_CONFIG_PAGE_IOC_3,
> IOCPage3_t, MPI_POINTER pIOCPage3_t;
>
© 2016 - 2025 Red Hat, Inc.