Re: [PATCH v2 02/12] scsi: mpt3sas: Make MPI2_CONFIG_PAGE_IO_UNIT_8::Sensor[] a flexible array

From: Kees Cook
Date: Fri Aug 25 2023 - 16:38:12 EST


On Sun, Aug 06, 2023 at 10:05:54AM -0700, James Seo wrote:
> This terminal 1-length variable array can be directly converted into
> a C99 flexible array member.
>
> As all users of MPI2_CONFIG_PAGE_IO_UNIT_8 (Mpi2IOUnitPage8_t) do not
> use Sensor[], no further source changes are required to accommodate
> its reduced sizeof():
>
> - mpt3sas_config.c:mpt3sas_config_get_iounit_pg8() fetches a
> Mpi2IOUnitPage8_t into a caller-provided buffer, assuming
> sizeof(Mpi2IOUnitPage8_t) as the buffer size. It has one caller:
>
> - mpt3sas_base.c:_base_static_config_pages() passes the address of
> the Mpi2IOUnitPage8_t iounit_pg8 member of the per-adapter struct
> (struct MPT3SAS_ADAPTER *ioc) as the buffer. The assumed buffer
> size is therefore correct.
>
> However, the only subsequent use in mpt3sas of the thus populated
> ioc->iounit_pg8 is a little further on in the same function, and
> this use does not involve ioc->iounit_pg8.Sensor[].
>
> Note that iounit_pg8 occurs in the middle of the per-adapter
> struct, not at the end. The per-adapter struct is extensively

This is especially bad/weird. Flex arrays aren't supposed to live there,
so I think it'd be best to avoid this conversion (see below).

> used throughout mpt3sas even if its iounit_pg8 member isn't,
> resulting in an especially large amount of noise when comparing
> binary changes attributable to this commit.

Since the size reduction makes it hard to validate, how about just
leaving it alone? Since nothing is using Sensor[], you could just make
it a single instance:

- MPI2_IOUNIT8_SENSOR
- Sensor[MPI2_IOUNITPAGE8_SENSOR_ENTRIES];/*0x10 */
+ MPI2_IOUNIT8_SENSOR Sensor; /*0x10 */


or leave it as-is (i.e. drop this patch).

>
> Signed-off-by: James Seo <james@xxxxxxxxxx>
> ---
> drivers/scsi/mpt3sas/mpi/mpi2_cnfg.h | 10 +++-------
> 1 file changed, 3 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/scsi/mpt3sas/mpi/mpi2_cnfg.h b/drivers/scsi/mpt3sas/mpi/mpi2_cnfg.h
> index 42d820159c44..12b656bd883d 100644
> --- a/drivers/scsi/mpt3sas/mpi/mpi2_cnfg.h
> +++ b/drivers/scsi/mpt3sas/mpi/mpi2_cnfg.h
> @@ -1200,12 +1200,9 @@ typedef struct _MPI2_IOUNIT8_SENSOR {
> #define MPI2_IOUNIT8_SENSOR_FLAGS_T0_ENABLE (0x0001)
>
> /*
> - *Host code (drivers, BIOS, utilities, etc.) should leave this define set to
> - *one and check the value returned for NumSensors at runtime.
> + *Host code (drivers, BIOS, utilities, etc.) should check the value returned
> + *for NumSensors at runtime before using Sensor[].
> */
> -#ifndef MPI2_IOUNITPAGE8_SENSOR_ENTRIES
> -#define MPI2_IOUNITPAGE8_SENSOR_ENTRIES (1)
> -#endif
>
> typedef struct _MPI2_CONFIG_PAGE_IO_UNIT_8 {
> MPI2_CONFIG_PAGE_HEADER Header; /*0x00 */
> @@ -1214,8 +1211,7 @@ typedef struct _MPI2_CONFIG_PAGE_IO_UNIT_8 {
> U8 NumSensors; /*0x0C */
> U8 PollingInterval; /*0x0D */
> U16 Reserved3; /*0x0E */
> - MPI2_IOUNIT8_SENSOR
> - Sensor[MPI2_IOUNITPAGE8_SENSOR_ENTRIES];/*0x10 */
> + MPI2_IOUNIT8_SENSOR Sensor[]; /*0x10 */
> } MPI2_CONFIG_PAGE_IO_UNIT_8,
> *PTR_MPI2_CONFIG_PAGE_IO_UNIT_8,
> Mpi2IOUnitPage8_t, *pMpi2IOUnitPage8_t;
> --
> 2.39.2
>

--
Kees Cook