Re: [PATCH] ALSA: seq: Use flexible array for device arguments

[Takashi Iwai]

On Fri, 29 May 2026 15:12:39 +0200,
Cássio Gabriel wrote:
> 
> snd_seq_device_new() allocates struct snd_seq_device together with a
> caller-specific argument area. SNDRV_SEQ_DEVICE_ARGPTR() reaches that
> area by adding sizeof(struct snd_seq_device) to the object pointer.
> 
> Make the trailing storage explicit with a flexible array and allocate it
> with struct_size(). This makes the object layout self-describing and
> avoids open-coded size arithmetic in the allocation and accessor.
> 
> Reject negative argsize values before calculating the allocation size.
> Current in-tree callers pass either zero or sizeof() values, but the
> function takes an int size argument and should not let a negative value
> flow into unsigned allocation arithmetic.
> 
> Signed-off-by: Cássio Gabriel <cassiogabrielcontato@xxxxxxxxx>
> ---
>  include/sound/seq_device.h | 3 ++-
>  sound/core/seq_device.c    | 5 ++++-
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/include/sound/seq_device.h b/include/sound/seq_device.h
> index a72380c202e9..3137d4c5f5a8 100644
> --- a/include/sound/seq_device.h
> +++ b/include/sound/seq_device.h
> @@ -22,6 +22,7 @@ struct snd_seq_device {
>  	void *private_data;	/* private data for the caller */
>  	void (*private_free)(struct snd_seq_device *device);
>  	struct device dev;
> +	unsigned char args[];	/* driver-specific argument */
>  };
>  
>  #define to_seq_dev(_dev) \
> @@ -64,7 +65,7 @@ void snd_seq_device_load_drivers(void);
>  int snd_seq_device_new(struct snd_card *card, int device, const char *id,
>  		       int argsize, struct snd_seq_device **result);
>  
> -#define SNDRV_SEQ_DEVICE_ARGPTR(dev) (void *)((char *)(dev) + sizeof(struct snd_seq_device))
> +#define SNDRV_SEQ_DEVICE_ARGPTR(dev) ((void *)(dev)->args)
>  
>  int __must_check __snd_seq_driver_register(struct snd_seq_driver *drv,
>  					   struct module *mod);
> diff --git a/sound/core/seq_device.c b/sound/core/seq_device.c
> index 1b062d6b17ea..a7b69ff07261 100644
> --- a/sound/core/seq_device.c
> +++ b/sound/core/seq_device.c
> @@ -234,7 +234,10 @@ int snd_seq_device_new(struct snd_card *card, int device, const char *id,
>  	if (snd_BUG_ON(!id))
>  		return -EINVAL;
>  
> -	dev = kzalloc(sizeof(*dev) + argsize, GFP_KERNEL);
> +	if (argsize < 0)
> +		return -EINVAL;
> +
> +	dev = kzalloc(struct_size(dev, args, argsize), GFP_KERNEL);
>  	if (!dev)
>  		return -ENOMEM;

IIRC, we can use kzalloc_flex() for this kind, too:

	dev = kzalloc_flex(*dev, args, argsize);


thanks,

Takashi