Closed GustavoARSilva closed 1 year ago
Replace one-element arrays with flexible-array members in drivers/scsi/bfa/bfa_fc.h:
1545 /* 1546 * FDMI attribute 1547 */ 1548 struct fdmi_attr_s { 1549 __be16 type; 1550 __be16 len; 1551 u8 value[1]; 1552 };
Audit (at least) all these places where the flex arrays are being used:
diff -u -p ./drivers/scsi/bfa/bfa_fcs_lport.c /tmp/nothing/drivers/scsi/bfa/bfa_fcs_lport.c --- ./drivers/scsi/bfa/bfa_fcs_lport.c +++ /tmp/nothing/drivers/scsi/bfa/bfa_fcs_lport.c @@ -1938,7 +1938,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_NODENAME); templen = sizeof(wwn_t); - memcpy(attr->value, &bfa_fcs_lport_get_nwwn(port), templen); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; count++; @@ -1951,7 +1950,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_MANUFACTURER); templen = (u16) strlen(fcs_hba_attr->manufacturer); - memcpy(attr->value, fcs_hba_attr->manufacturer, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -1965,7 +1963,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_SERIALNUM); templen = (u16) strlen(fcs_hba_attr->serial_num); - memcpy(attr->value, fcs_hba_attr->serial_num, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -1979,7 +1976,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_MODEL); templen = (u16) strlen(fcs_hba_attr->model); - memcpy(attr->value, fcs_hba_attr->model, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -1993,7 +1989,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_MODEL_DESC); templen = (u16) strlen(fcs_hba_attr->model_desc); - memcpy(attr->value, fcs_hba_attr->model_desc, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2008,7 +2003,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_HW_VERSION); templen = (u16) strlen(fcs_hba_attr->hw_version); - memcpy(attr->value, fcs_hba_attr->hw_version, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2023,7 +2017,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_DRIVER_VERSION); templen = (u16) strlen(fcs_hba_attr->driver_version); - memcpy(attr->value, fcs_hba_attr->driver_version, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2038,7 +2031,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_ROM_VERSION); templen = (u16) strlen(fcs_hba_attr->option_rom_ver); - memcpy(attr->value, fcs_hba_attr->option_rom_ver, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2050,7 +2042,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_FW_VERSION); templen = (u16) strlen(fcs_hba_attr->fw_version); - memcpy(attr->value, fcs_hba_attr->fw_version, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2065,7 +2056,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_OS_NAME); templen = (u16) strlen(fcs_hba_attr->os_name); - memcpy(attr->value, fcs_hba_attr->os_name, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2080,7 +2070,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_MAX_CT); templen = sizeof(fcs_hba_attr->max_ct_pyld); - memcpy(attr->value, &fcs_hba_attr->max_ct_pyld, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2094,7 +2083,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_NODE_SYM_NAME); templen = sizeof(fcs_hba_attr->node_sym_name); - memcpy(attr->value, &fcs_hba_attr->node_sym_name, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2105,7 +2093,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_VENDOR_ID); templen = sizeof(fcs_hba_attr->vendor_info); - memcpy(attr->value, &fcs_hba_attr->vendor_info, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2116,7 +2103,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_NUM_PORTS); templen = sizeof(fcs_hba_attr->num_ports); - memcpy(attr->value, &fcs_hba_attr->num_ports, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2127,7 +2113,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_FABRIC_NAME); templen = sizeof(fcs_hba_attr->fabric_name); - memcpy(attr->value, &fcs_hba_attr->fabric_name, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2138,7 +2123,6 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struc attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_HBA_ATTRIB_BIOS_VER); templen = sizeof(fcs_hba_attr->bios_ver); - memcpy(attr->value, &fcs_hba_attr->bios_ver, templen); templen = fc_roundup(attr->len, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2270,7 +2254,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_FC4_TYPES); templen = sizeof(fcs_port_attr.supp_fc4_types); - memcpy(attr->value, fcs_port_attr.supp_fc4_types, templen); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; ++count; @@ -2284,7 +2267,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_SUPP_SPEED); templen = sizeof(fcs_port_attr.supp_speed); - memcpy(attr->value, &fcs_port_attr.supp_speed, templen); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; ++count; @@ -2298,7 +2280,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_SPEED); templen = sizeof(fcs_port_attr.curr_speed); - memcpy(attr->value, &fcs_port_attr.curr_speed, templen); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; ++count; @@ -2311,7 +2292,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_FRAME_SIZE); templen = sizeof(fcs_port_attr.max_frm_size); - memcpy(attr->value, &fcs_port_attr.max_frm_size, templen); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; ++count; @@ -2325,7 +2305,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_DEV_NAME); templen = (u16) strlen(fcs_port_attr.os_device_name); - memcpy(attr->value, fcs_port_attr.os_device_name, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2340,7 +2319,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_HOST_NAME); templen = (u16) strlen(fcs_port_attr.host_name); - memcpy(attr->value, fcs_port_attr.host_name, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2353,7 +2331,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_NODE_NAME); templen = sizeof(fcs_port_attr.node_name); - memcpy(attr->value, &fcs_port_attr.node_name, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2364,7 +2341,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_NAME); templen = sizeof(fcs_port_attr.port_name); - memcpy(attr->value, &fcs_port_attr.port_name, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(attr->len) + templen; len += templen; @@ -2377,7 +2353,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_SYM_NAME); templen = sizeof(fcs_port_attr.port_sym_name); - memcpy(attr->value, &fcs_port_attr.port_sym_name, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + @@ -2391,7 +2366,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_TYPE); templen = sizeof(fcs_port_attr.port_type); - memcpy(attr->value, &fcs_port_attr.port_type, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2402,7 +2376,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_SUPP_COS); templen = sizeof(fcs_port_attr.scos); - memcpy(attr->value, &fcs_port_attr.scos, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2413,7 +2386,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_FAB_NAME); templen = sizeof(fcs_port_attr.port_fabric_name); - memcpy(attr->value, &fcs_port_attr.port_fabric_name, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2424,7 +2396,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_FC4_TYPE); templen = sizeof(fcs_port_attr.port_act_fc4_type); - memcpy(attr->value, fcs_port_attr.port_act_fc4_type, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; @@ -2436,7 +2407,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_STATE); templen = sizeof(fcs_port_attr.port_state); - memcpy(attr->value, &fcs_port_attr.port_state, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen; @@ -2447,7 +2417,6 @@ bfa_fcs_lport_fdmi_build_portattr_block( attr = (struct fdmi_attr_s *) curr_ptr; attr->type = cpu_to_be16(FDMI_PORT_ATTRIB_PORT_NUM_RPRT); templen = sizeof(fcs_port_attr.num_ports); - memcpy(attr->value, &fcs_port_attr.num_ports, templen); templen = fc_roundup(templen, sizeof(u32)); curr_ptr += sizeof(attr->type) + sizeof(templen) + templen; len += templen;
https://lore.kernel.org/linux-hardening/Y3P1rEEBq7HzJygq@work/
GustavoARSilva
commented
1 year ago GustavoARSilva
commented
1 year ago
Replace one-element arrays with flexible-array members in drivers/scsi/bfa/bfa_fc.h:
Audit (at least) all these places where the flex arrays are being used: