@@ -1077,21 +1077,13 @@ typedef struct _IOC_4_SEP
} IOC_4_SEP, MPI_POINTER PTR_IOC_4_SEP,
Ioc4Sep_t, MPI_POINTER pIoc4Sep_t;
-/*
- * Host code (drivers, BIOS, utilities, etc.) should leave this define set to
- * one and check Header.PageLength at runtime.
- */
-#ifndef MPI_IOC_PAGE_4_SEP_MAX
-#define MPI_IOC_PAGE_4_SEP_MAX (1)
-#endif
-
typedef struct _CONFIG_PAGE_IOC_4
{
CONFIG_PAGE_HEADER Header; /* 00h */
U8 ActiveSEP; /* 04h */
U8 MaxSEP; /* 05h */
U16 Reserved1; /* 06h */
- IOC_4_SEP SEP[MPI_IOC_PAGE_4_SEP_MAX]; /* 08h */
+ IOC_4_SEP SEP[] __counted_by(ActiveSEP); /* 08h */
} CONFIG_PAGE_IOC_4, MPI_POINTER PTR_CONFIG_PAGE_IOC_4,
IOCPage4_t, MPI_POINTER pIOCPage4_t;
Replace the deprecated[1] use of a 1-element array in struct _CONFIG_PAGE_IOC_4 with a modern flexible array. Additionally add __counted_by annotation since SEP is only ever accessed after updating ACtiveSEP: lsi/mpi_cnfg.h: IOC_4_SEP SEP[] __counted_by(ActiveSEP); /* 08h */ mptsas.c: ii = IOCPage4Ptr->ActiveSEP++; mptsas.c: IOCPage4Ptr->SEP[ii].SEPTargetID = id; mptsas.c: IOCPage4Ptr->SEP[ii].SEPBus = channel; No binary differences are present after this conversion. Link: https://github.com/KSPP/linux/issues/79 [1] Signed-off-by: Kees Cook <kees@kernel.org> --- Cc: Sathya Prakash <sathya.prakash@broadcom.com> Cc: Sreekanth Reddy <sreekanth.reddy@broadcom.com> Cc: Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com> Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> Cc: MPT-FusionLinux.pdl@broadcom.com Cc: linux-scsi@vger.kernel.org Cc: linux-hardening@vger.kernel.org --- drivers/message/fusion/lsi/mpi_cnfg.h | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-)