[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <SN6PR2101MB1693AFDA151C35DE148FECAAD7299@SN6PR2101MB1693.namprd21.prod.outlook.com>
Date: Mon, 17 Oct 2022 15:15:04 +0000
From: "Michael Kelley (LINUX)" <mikelley@...rosoft.com>
To: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@...il.com>,
KY Srinivasan <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>,
Jiri Kosina <jikos@...nel.org>,
Benjamin Tissoires <benjamin.tissoires@...hat.com>,
"linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
"linux-input@...r.kernel.org" <linux-input@...r.kernel.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>
Subject: RE: [PATCH] [next] HID: hyperv: Replace one-element array with
flexible-array member
From: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@...il.com> Sent: Monday, October 17, 2022 12:51 AM
>
> One-element arrays are deprecated, and we are replacing them with
> flexible array members instead. So, replace one-element array with
> flexible-array member in structs synthhid_msg, synthhid_input_report,
> pipe_prt_msg and refactor the rest of the code accordingly.
>
> This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
> routines on memcpy() and help us make progress towards globally
> enabling -fstrict-flex-arrays=3 [1].
>
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/210
> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1]
>
> Signed-off-by: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@...il.com>
> ---
> drivers/hid/hid-hyperv.c | 17 +++++++----------
> 1 file changed, 7 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c
> index e0bc73124196..208cf8d981a5 100644
> --- a/drivers/hid/hid-hyperv.c
> +++ b/drivers/hid/hid-hyperv.c
> @@ -61,7 +61,7 @@ struct synthhid_msg_hdr {
>
> struct synthhid_msg {
> struct synthhid_msg_hdr header;
> - char data[1]; /* Enclosed message */
> + char data[]; /* Enclosed message */
> };
>
> union synthhid_version {
> @@ -99,7 +99,7 @@ struct synthhid_device_info_ack {
>
> struct synthhid_input_report {
> struct synthhid_msg_hdr header;
> - char buffer[1];
> + char buffer[];
> };
>
> #pragma pack(pop)
> @@ -118,7 +118,7 @@ enum pipe_prot_msg_type {
> struct pipe_prt_msg {
> enum pipe_prot_msg_type type;
> u32 size;
> - char data[1];
> + char data[];
> };
>
> struct mousevsc_prt_msg {
> @@ -232,7 +232,7 @@ static void mousevsc_on_receive_device_info(struct
> mousevsc_dev *input_device,
>
> ret = vmbus_sendpacket(input_device->device->channel,
> &ack,
> - sizeof(struct pipe_prt_msg) - sizeof(unsigned char) +
> + sizeof(struct pipe_prt_msg) +
> sizeof(struct synthhid_device_info_ack),
> (unsigned long)&ack,
> VM_PKT_DATA_INBAND,
> @@ -271,16 +271,14 @@ static void mousevsc_on_receive(struct hv_device *device,
> * malicious/buggy hypervisor/host, add a check here to
> * ensure we don't corrupt memory.
> */
> - if ((pipe_msg->size + sizeof(struct pipe_prt_msg)
> - - sizeof(unsigned char))
> + if (struct_size(pipe_msg, data, pipe_msg->size)
> > sizeof(struct mousevsc_prt_msg)) {
> WARN_ON(1);
> break;
> }
>
> memcpy(&input_dev->protocol_resp, pipe_msg,
> - pipe_msg->size + sizeof(struct pipe_prt_msg) -
> - sizeof(unsigned char));
> + struct_size(pipe_msg, data, pipe_msg->size));
> complete(&input_dev->wait_event);
> break;
>
> @@ -359,8 +357,7 @@ static int mousevsc_connect_to_vsp(struct hv_device *device)
> request->request.version_requested.version = SYNTHHID_INPUT_VERSION;
>
> ret = vmbus_sendpacket(device->channel, request,
> - sizeof(struct pipe_prt_msg) -
> - sizeof(unsigned char) +
> + sizeof(struct pipe_prt_msg) +
> sizeof(struct synthhid_protocol_request),
> (unsigned long)request,
> VM_PKT_DATA_INBAND,
> --
> 2.37.3
Reviewed-by: Michael Kelley <mikelley@...rosoft.com>
Powered by blists - more mailing lists