tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

treewide: Replace 0-element memcpy() destinations with flexible arrays

The 0-element arrays that are used as memcpy() destinations are actually
flexible arrays. Adjust their structures accordingly so that memcpy()
can better reason able their destination size (i.e. they need to be seen
as "unknown" length rather than "zero").

In some cases, use of the DECLARE_FLEX_ARRAY() helper is needed when a
flexible array is alone in a struct.

Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Nilesh Javali <njavali@marvell.com>
Cc: Manish Rangankar <mrangankar@marvell.com>
Cc: GR-QLogic-Storage-Upstream@marvell.com
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Phillip Potter <phil@philpotter.co.uk>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Florian Schilhabel <florian.c.schilhabel@googlemail.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: Fabio Aiuto <fabioaiuto83@gmail.com>
Cc: Ross Schmidt <ross.schm.dev@gmail.com>
Cc: Marco Cesati <marcocesati@gmail.com>
Cc: ath10k@lists.infradead.org
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-scsi@vger.kernel.org
Cc: linux-staging@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>

Kees Cook 47c66248 fa7845cf

+32 -32
+5 -5
drivers/net/wireless/ath/ath10k/bmi.h
··· 109 109 struct { 110 110 __le32 addr; 111 111 __le32 len; 112 - u8 payload[0]; 112 + u8 payload[]; 113 113 } write_mem; 114 114 struct { 115 115 __le32 addr; ··· 138 138 } rompatch_uninstall; 139 139 struct { 140 140 __le32 count; 141 - __le32 patch_ids[0]; /* length of @count */ 141 + __le32 patch_ids[]; /* length of @count */ 142 142 } rompatch_activate; 143 143 struct { 144 144 __le32 count; 145 - __le32 patch_ids[0]; /* length of @count */ 145 + __le32 patch_ids[]; /* length of @count */ 146 146 } rompatch_deactivate; 147 147 struct { 148 148 __le32 addr; 149 149 } lz_start; 150 150 struct { 151 151 __le32 len; /* max BMI_MAX_DATA_SIZE */ 152 - u8 payload[0]; /* length of @len */ 152 + u8 payload[]; /* length of @len */ 153 153 } lz_data; 154 154 struct { 155 155 u8 name[BMI_NVRAM_SEG_NAME_SZ]; ··· 160 160 161 161 union bmi_resp { 162 162 struct { 163 - u8 payload[0]; 163 + DECLARE_FLEX_ARRAY(u8, payload); 164 164 } read_mem; 165 165 struct { 166 166 __le32 result;
+2 -2
drivers/scsi/qla4xxx/ql4_def.h
··· 366 366 struct { 367 367 enum iscsi_host_event_code code; 368 368 uint32_t data_size; 369 - uint8_t data[0]; 369 + uint8_t data[]; 370 370 } aen; 371 371 struct { 372 372 uint32_t status; 373 373 uint32_t pid; 374 374 uint32_t data_size; 375 - uint8_t data[0]; 375 + uint8_t data[]; 376 376 } ping; 377 377 } u; 378 378 };
+3 -3
drivers/staging/r8188eu/include/ieee80211.h
··· 185 185 struct { 186 186 u32 len; 187 187 u8 reserved[32]; 188 - u8 data[0]; 188 + u8 data[]; 189 189 } wpa_ie; 190 190 struct { 191 191 int command; ··· 198 198 u8 idx; 199 199 u8 seq[8]; /* sequence counter (set: RX, get: TX) */ 200 200 u16 key_len; 201 - u8 key[0]; 201 + u8 key[]; 202 202 } crypt; 203 203 #ifdef CONFIG_88EU_AP_MODE 204 204 struct { ··· 210 210 } add_sta; 211 211 struct { 212 212 u8 reserved[2];/* for set max_num_sta */ 213 - u8 buf[0]; 213 + u8 buf[]; 214 214 } bcn_ie; 215 215 #endif 216 216
+2 -2
drivers/staging/rtl8712/ieee80211.h
··· 78 78 struct { 79 79 u32 len; 80 80 u8 reserved[32]; 81 - u8 data[0]; 81 + u8 data[]; 82 82 } wpa_ie; 83 83 struct { 84 84 int command; ··· 91 91 u8 idx; 92 92 u8 seq[8]; /* sequence counter (set: RX, get: TX) */ 93 93 u16 key_len; 94 - u8 key[0]; 94 + u8 key[]; 95 95 } crypt; 96 96 } u; 97 97 };
+3 -3
drivers/staging/rtl8723bs/include/ieee80211.h
··· 172 172 struct { 173 173 u32 len; 174 174 u8 reserved[32]; 175 - u8 data[0]; 175 + u8 data[]; 176 176 } wpa_ie; 177 177 struct{ 178 178 int command; ··· 185 185 u8 idx; 186 186 u8 seq[8]; /* sequence counter (set: RX, get: TX) */ 187 187 u16 key_len; 188 - u8 key[0]; 188 + u8 key[]; 189 189 } crypt; 190 190 struct { 191 191 u16 aid; ··· 196 196 } add_sta; 197 197 struct { 198 198 u8 reserved[2];/* for set max_num_sta */ 199 - u8 buf[0]; 199 + u8 buf[]; 200 200 } bcn_ie; 201 201 } u; 202 202 };
+15 -15
include/linux/ieee80211.h
··· 1143 1143 __le16 auth_transaction; 1144 1144 __le16 status_code; 1145 1145 /* possibly followed by Challenge text */ 1146 - u8 variable[0]; 1146 + u8 variable[]; 1147 1147 } __packed auth; 1148 1148 struct { 1149 1149 __le16 reason_code; ··· 1152 1152 __le16 capab_info; 1153 1153 __le16 listen_interval; 1154 1154 /* followed by SSID and Supported rates */ 1155 - u8 variable[0]; 1155 + u8 variable[]; 1156 1156 } __packed assoc_req; 1157 1157 struct { 1158 1158 __le16 capab_info; 1159 1159 __le16 status_code; 1160 1160 __le16 aid; 1161 1161 /* followed by Supported rates */ 1162 - u8 variable[0]; 1162 + u8 variable[]; 1163 1163 } __packed assoc_resp, reassoc_resp; 1164 1164 struct { 1165 1165 __le16 capab_info; 1166 1166 __le16 status_code; 1167 - u8 variable[0]; 1167 + u8 variable[]; 1168 1168 } __packed s1g_assoc_resp, s1g_reassoc_resp; 1169 1169 struct { 1170 1170 __le16 capab_info; 1171 1171 __le16 listen_interval; 1172 1172 u8 current_ap[ETH_ALEN]; 1173 1173 /* followed by SSID and Supported rates */ 1174 - u8 variable[0]; 1174 + u8 variable[]; 1175 1175 } __packed reassoc_req; 1176 1176 struct { 1177 1177 __le16 reason_code; ··· 1182 1182 __le16 capab_info; 1183 1183 /* followed by some of SSID, Supported rates, 1184 1184 * FH Params, DS Params, CF Params, IBSS Params, TIM */ 1185 - u8 variable[0]; 1185 + u8 variable[]; 1186 1186 } __packed beacon; 1187 1187 struct { 1188 1188 /* only variable items: SSID, Supported rates */ 1189 - u8 variable[0]; 1189 + DECLARE_FLEX_ARRAY(u8, variable); 1190 1190 } __packed probe_req; 1191 1191 struct { 1192 1192 __le64 timestamp; ··· 1194 1194 __le16 capab_info; 1195 1195 /* followed by some of SSID, Supported rates, 1196 1196 * FH Params, DS Params, CF Params, IBSS Params */ 1197 - u8 variable[0]; 1197 + u8 variable[]; 1198 1198 } __packed probe_resp; 1199 1199 struct { 1200 1200 u8 category; ··· 1203 1203 u8 action_code; 1204 1204 u8 dialog_token; 1205 1205 u8 status_code; 1206 - u8 variable[0]; 1206 + u8 variable[]; 1207 1207 } __packed wme_action; 1208 1208 struct{ 1209 1209 u8 action_code; 1210 - u8 variable[0]; 1210 + u8 variable[]; 1211 1211 } __packed chan_switch; 1212 1212 struct{ 1213 1213 u8 action_code; 1214 1214 struct ieee80211_ext_chansw_ie data; 1215 - u8 variable[0]; 1215 + u8 variable[]; 1216 1216 } __packed ext_chan_switch; 1217 1217 struct{ 1218 1218 u8 action_code; ··· 1228 1228 __le16 timeout; 1229 1229 __le16 start_seq_num; 1230 1230 /* followed by BA Extension */ 1231 - u8 variable[0]; 1231 + u8 variable[]; 1232 1232 } __packed addba_req; 1233 1233 struct{ 1234 1234 u8 action_code; ··· 1244 1244 } __packed delba; 1245 1245 struct { 1246 1246 u8 action_code; 1247 - u8 variable[0]; 1247 + u8 variable[]; 1248 1248 } __packed self_prot; 1249 1249 struct{ 1250 1250 u8 action_code; 1251 - u8 variable[0]; 1251 + u8 variable[]; 1252 1252 } __packed mesh_action; 1253 1253 struct { 1254 1254 u8 action; ··· 1292 1292 u8 toa[6]; 1293 1293 __le16 tod_error; 1294 1294 __le16 toa_error; 1295 - u8 variable[0]; 1295 + u8 variable[]; 1296 1296 } __packed ftm; 1297 1297 struct { 1298 1298 u8 action_code;
+2 -2
include/uapi/linux/dlm_device.h
··· 45 45 void __user *bastaddr; 46 46 struct dlm_lksb __user *lksb; 47 47 char lvb[DLM_USER_LVB_LEN]; 48 - char name[0]; 48 + char name[]; 49 49 }; 50 50 51 51 struct dlm_lspace_params { 52 52 __u32 flags; 53 53 __u32 minor; 54 - char name[0]; 54 + char name[]; 55 55 }; 56 56 57 57 struct dlm_purge_params {