wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for
array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

While there, use struct_size() helper, instead of the open-coded
version, to calculate the size for the allocation of the whole
flexible structure, including of course, the flexible-array member.

This code was found with the help of Coccinelle, and audited and
fixed manually.

Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/ZSRXXvWMMkm7qqRW@work

authored by

Gustavo A. R. Silva and committed by

Kalle Valo 2 years ago 5cf47dc1 de8dd096

+2 -3

2 changed files

expand all

drivers

net

wireless

intersil

hostap

hostap_download.c

hostap_wlan.h

+1 -2

drivers/net/wireless/intersil/hostap/hostap_download.c

··· 732 732 goto out; 733 733 } 734 734 735 - dl = kzalloc(sizeof(*dl) + param->num_areas * 736 - sizeof(struct prism2_download_data_area), GFP_KERNEL); 735 + dl = kzalloc(struct_size(dl, data, param->num_areas), GFP_KERNEL); 737 736 if (dl == NULL) { 738 737 ret = -ENOMEM; 739 738 goto out;

+1 -1

drivers/net/wireless/intersil/hostap/hostap_wlan.h

··· 617 617 u32 addr; /* wlan card address */ 618 618 u32 len; 619 619 u8 *data; /* allocated data */ 620 - } data[]; 620 + } data[] __counted_by(num_areas); 621 621 }; 622 622 623 623