Re: [PATCH 1/2] USB: EHCI: Add register array bounds to HCS ports

[Alan Stern]

On Wed, Aug 18, 2021 at 12:48:17PM +0300, Andy Shevchenko wrote:
> On Wed, Aug 18, 2021 at 7:30 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > The original EHCI register struct used a trailing 0-element array for
> > addressing the N_PORTS-many available registers. However, after
> > commit a46af4ebf9ff ("USB: EHCI: define extension registers like normal ones")
> > the 0-element array started to overlap the USBMODE extension register.
> >
> > To avoid future compile-time warnings about accessing indexes within a
> > 0-element array, rearrange the struct to actually describe the expected
> > layout (max 15 registers) with a union. All offsets remain the same, and
> > bounds checking becomes possible on accesses to port_status and hostpc.
> 
> ...
> 
> >         /* HOSTPC: offset 0x84 */
> > -       u32             hostpc[0];      /* HOSTPC extension */
> > +       u32             hostpc[HCS_N_PORTS_MAX];
> >  #define HOSTPC_PHCD    (1<<22)         /* Phy clock disable */
> >  #define HOSTPC_PSPD    (3<<25)         /* Port speed detection */
> >
> > -       u32             reserved5[17];
> > +       u32             reserved5[2];
> 
> Shouldn't it be rather [17 - PORT_MAX]? for accuracy?
> Or also a union approach?

It's okay to use [2] here.  The only purpose is to ensure that the 
following usbmode_ex field is allocated at offset 0xc8; there's no 
special intrinsic meaning to that 17 value.

Alan Stern