| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Jul 2020 17:59:22 +0300
From: Tomas Winkler <tomas.winkler@...el.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Alexander Usyskin <alexander.usyskin@...el.com>,
linux-kernel@...r.kernel.org,
Tomas Winkler <tomas.winkler@...el.com>,
"Gustavo A . R . Silva" <gustavoars@...nel.org>,
Arnd Bergmann <arnd@...db.de>
Subject: [char-misc-next 1/6] mei: hbm: use sizeof of variable instead of struct type
There is a possibility of bug when variable type has changed but
corresponding struct passed to the sizeof has not.
Cc: Gustavo A. R. Silva <gustavoars@...nel.org>
Signed-off-by: Tomas Winkler <tomas.winkler@...el.com>
---
drivers/misc/mei/hbm.c | 74 ++++++++++++++++++------------------------
1 file changed, 32 insertions(+), 42 deletions(-)
diff --git a/drivers/misc/mei/hbm.c b/drivers/misc/mei/hbm.c
index a44094cdbc36..308caee86920 100644
--- a/drivers/misc/mei/hbm.c
+++ b/drivers/misc/mei/hbm.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
/*
- * Copyright (c) 2003-2019, Intel Corporation. All rights reserved.
+ * Copyright (c) 2003-2020, Intel Corporation. All rights reserved.
* Intel Management Engine Interface (Intel MEI) Linux driver
*/
#include <linux/export.h>
@@ -257,22 +257,21 @@ int mei_hbm_start_wait(struct mei_device *dev)
int mei_hbm_start_req(struct mei_device *dev)
{
struct mei_msg_hdr mei_hdr;
- struct hbm_host_version_request start_req;
- const size_t len = sizeof(struct hbm_host_version_request);
+ struct hbm_host_version_request req;
int ret;
mei_hbm_reset(dev);
- mei_hbm_hdr(&mei_hdr, len);
+ mei_hbm_hdr(&mei_hdr, sizeof(req));
/* host start message */
- memset(&start_req, 0, len);
- start_req.hbm_cmd = HOST_START_REQ_CMD;
- start_req.host_version.major_version = HBM_MAJOR_VERSION;
- start_req.host_version.minor_version = HBM_MINOR_VERSION;
+ memset(&req, 0, sizeof(req));
+ req.hbm_cmd = HOST_START_REQ_CMD;
+ req.host_version.major_version = HBM_MAJOR_VERSION;
+ req.host_version.minor_version = HBM_MINOR_VERSION;
dev->hbm_state = MEI_HBM_IDLE;
- ret = mei_hbm_write_message(dev, &mei_hdr, &start_req);
+ ret = mei_hbm_write_message(dev, &mei_hdr, &req);
if (ret) {
dev_err(dev->dev, "version message write failed: ret = %d\n",
ret);
@@ -295,13 +294,12 @@ static int mei_hbm_dma_setup_req(struct mei_device *dev)
{
struct mei_msg_hdr mei_hdr;
struct hbm_dma_setup_request req;
- const size_t len = sizeof(struct hbm_dma_setup_request);
unsigned int i;
int ret;
- mei_hbm_hdr(&mei_hdr, len);
+ mei_hbm_hdr(&mei_hdr, sizeof(req));
- memset(&req, 0, len);
+ memset(&req, 0, sizeof(req));
req.hbm_cmd = MEI_HBM_DMA_SETUP_REQ_CMD;
for (i = 0; i < DMA_DSCR_NUM; i++) {
phys_addr_t paddr;
@@ -337,21 +335,19 @@ static int mei_hbm_dma_setup_req(struct mei_device *dev)
static int mei_hbm_enum_clients_req(struct mei_device *dev)
{
struct mei_msg_hdr mei_hdr;
- struct hbm_host_enum_request enum_req;
- const size_t len = sizeof(struct hbm_host_enum_request);
+ struct hbm_host_enum_request req;
int ret;
/* enumerate clients */
- mei_hbm_hdr(&mei_hdr, len);
+ mei_hbm_hdr(&mei_hdr, sizeof(req));
- memset(&enum_req, 0, len);
- enum_req.hbm_cmd = HOST_ENUM_REQ_CMD;
- enum_req.flags |= dev->hbm_f_dc_supported ?
- MEI_HBM_ENUM_F_ALLOW_ADD : 0;
- enum_req.flags |= dev->hbm_f_ie_supported ?
+ memset(&req, 0, sizeof(req));
+ req.hbm_cmd = HOST_ENUM_REQ_CMD;
+ req.flags |= dev->hbm_f_dc_supported ? MEI_HBM_ENUM_F_ALLOW_ADD : 0;
+ req.flags |= dev->hbm_f_ie_supported ?
MEI_HBM_ENUM_F_IMMEDIATE_ENUM : 0;
- ret = mei_hbm_write_message(dev, &mei_hdr, &enum_req);
+ ret = mei_hbm_write_message(dev, &mei_hdr, &req);
if (ret) {
dev_err(dev->dev, "enumeration request write failed: ret = %d.\n",
ret);
@@ -380,7 +376,7 @@ static int mei_hbm_me_cl_add(struct mei_device *dev,
mei_me_cl_rm_by_uuid(dev, uuid);
- me_cl = kzalloc(sizeof(struct mei_me_client), GFP_KERNEL);
+ me_cl = kzalloc(sizeof(*me_cl), GFP_KERNEL);
if (!me_cl)
return -ENOMEM;
@@ -408,14 +404,13 @@ static int mei_hbm_add_cl_resp(struct mei_device *dev, u8 addr, u8 status)
{
struct mei_msg_hdr mei_hdr;
struct hbm_add_client_response resp;
- const size_t len = sizeof(struct hbm_add_client_response);
int ret;
dev_dbg(dev->dev, "adding client response\n");
- mei_hbm_hdr(&mei_hdr, len);
+ mei_hbm_hdr(&mei_hdr, sizeof(resp));
- memset(&resp, 0, sizeof(struct hbm_add_client_response));
+ memset(&resp, 0, sizeof(resp));
resp.hbm_cmd = MEI_HBM_ADD_CLIENT_RES_CMD;
resp.me_addr = addr;
resp.status = status;
@@ -469,11 +464,10 @@ int mei_hbm_cl_notify_req(struct mei_device *dev,
struct mei_msg_hdr mei_hdr;
struct hbm_notification_request req;
- const size_t len = sizeof(struct hbm_notification_request);
int ret;
- mei_hbm_hdr(&mei_hdr, len);
- mei_hbm_cl_hdr(cl, MEI_HBM_NOTIFY_REQ_CMD, &req, len);
+ mei_hbm_hdr(&mei_hdr, sizeof(req));
+ mei_hbm_cl_hdr(cl, MEI_HBM_NOTIFY_REQ_CMD, &req, sizeof(req));
req.start = start;
@@ -580,8 +574,7 @@ static void mei_hbm_cl_notify(struct mei_device *dev,
static int mei_hbm_prop_req(struct mei_device *dev, unsigned long start_idx)
{
struct mei_msg_hdr mei_hdr;
- struct hbm_props_request prop_req;
- const size_t len = sizeof(struct hbm_props_request);
+ struct hbm_props_request req;
unsigned long addr;
int ret;
@@ -591,18 +584,17 @@ static int mei_hbm_prop_req(struct mei_device *dev, unsigned long start_idx)
if (addr == MEI_CLIENTS_MAX) {
dev->hbm_state = MEI_HBM_STARTED;
mei_host_client_init(dev);
-
return 0;
}
- mei_hbm_hdr(&mei_hdr, len);
+ mei_hbm_hdr(&mei_hdr, sizeof(req));
- memset(&prop_req, 0, sizeof(struct hbm_props_request));
+ memset(&req, 0, sizeof(req));
- prop_req.hbm_cmd = HOST_CLIENT_PROPERTIES_REQ_CMD;
- prop_req.me_addr = addr;
+ req.hbm_cmd = HOST_CLIENT_PROPERTIES_REQ_CMD;
+ req.me_addr = addr;
- ret = mei_hbm_write_message(dev, &mei_hdr, &prop_req);
+ ret = mei_hbm_write_message(dev, &mei_hdr, &req);
if (ret) {
dev_err(dev->dev, "properties request write failed: ret = %d\n",
ret);
@@ -628,15 +620,14 @@ int mei_hbm_pg(struct mei_device *dev, u8 pg_cmd)
{
struct mei_msg_hdr mei_hdr;
struct hbm_power_gate req;
- const size_t len = sizeof(struct hbm_power_gate);
int ret;
if (!dev->hbm_f_pg_supported)
return -EOPNOTSUPP;
- mei_hbm_hdr(&mei_hdr, len);
+ mei_hbm_hdr(&mei_hdr, sizeof(req));
- memset(&req, 0, len);
+ memset(&req, 0, sizeof(req));
req.hbm_cmd = pg_cmd;
ret = mei_hbm_write_message(dev, &mei_hdr, &req);
@@ -657,11 +648,10 @@ static int mei_hbm_stop_req(struct mei_device *dev)
{
struct mei_msg_hdr mei_hdr;
struct hbm_host_stop_request req;
- const size_t len = sizeof(struct hbm_host_stop_request);
- mei_hbm_hdr(&mei_hdr, len);
+ mei_hbm_hdr(&mei_hdr, sizeof(req));
- memset(&req, 0, len);
+ memset(&req, 0, sizeof(req));
req.hbm_cmd = HOST_STOP_REQ_CMD;
req.reason = DRIVER_STOP_REQUEST;
--
2.25.4
Powered by blists - more mailing lists