From 542f25a94471570e2594be5b422b9ca572cf88a1 Mon Sep 17 00:00:00 2001 From: Paulo Miguel Almeida Date: Mon, 17 Oct 2022 20:51:22 +1300 Subject: [PATCH 1/2] HID: hyperv: Replace one-element array with flexible-array member One-element arrays are deprecated, and we are replacing them with flexible array members instead. So, replace one-element array with flexible-array member in structs synthhid_msg, synthhid_input_report, pipe_prt_msg and refactor the rest of the code accordingly. This helps with the ongoing efforts to tighten the FORTIFY_SOURCE routines on memcpy() and help us make progress towards globally enabling -fstrict-flex-arrays=3 [1]. Link: https://github.com/KSPP/linux/issues/79 Link: https://github.com/KSPP/linux/issues/210 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1] Signed-off-by: Paulo Miguel Almeida Reviewed-by: Benjamin Tissoires Reviewed-by: Michael Kelley Signed-off-by: Jiri Kosina --- drivers/hid/hid-hyperv.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index e0bc73124196..208cf8d981a5 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -61,7 +61,7 @@ struct synthhid_msg_hdr { struct synthhid_msg { struct synthhid_msg_hdr header; - char data[1]; /* Enclosed message */ + char data[]; /* Enclosed message */ }; union synthhid_version { @@ -99,7 +99,7 @@ struct synthhid_device_info_ack { struct synthhid_input_report { struct synthhid_msg_hdr header; - char buffer[1]; + char buffer[]; }; #pragma pack(pop) @@ -118,7 +118,7 @@ enum pipe_prot_msg_type { struct pipe_prt_msg { enum pipe_prot_msg_type type; u32 size; - char data[1]; + char data[]; }; struct mousevsc_prt_msg { @@ -232,7 +232,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, ret = vmbus_sendpacket(input_device->device->channel, &ack, - sizeof(struct pipe_prt_msg) - sizeof(unsigned char) + + sizeof(struct pipe_prt_msg) + sizeof(struct synthhid_device_info_ack), (unsigned long)&ack, VM_PKT_DATA_INBAND, @@ -271,16 +271,14 @@ static void mousevsc_on_receive(struct hv_device *device, * malicious/buggy hypervisor/host, add a check here to * ensure we don't corrupt memory. */ - if ((pipe_msg->size + sizeof(struct pipe_prt_msg) - - sizeof(unsigned char)) + if (struct_size(pipe_msg, data, pipe_msg->size) > sizeof(struct mousevsc_prt_msg)) { WARN_ON(1); break; } memcpy(&input_dev->protocol_resp, pipe_msg, - pipe_msg->size + sizeof(struct pipe_prt_msg) - - sizeof(unsigned char)); + struct_size(pipe_msg, data, pipe_msg->size)); complete(&input_dev->wait_event); break; @@ -359,8 +357,7 @@ static int mousevsc_connect_to_vsp(struct hv_device *device) request->request.version_requested.version = SYNTHHID_INPUT_VERSION; ret = vmbus_sendpacket(device->channel, request, - sizeof(struct pipe_prt_msg) - - sizeof(unsigned char) + + sizeof(struct pipe_prt_msg) + sizeof(struct synthhid_protocol_request), (unsigned long)request, VM_PKT_DATA_INBAND, From 6a4628997cfcc1eb1e34943f011d85bae36eadbc Mon Sep 17 00:00:00 2001 From: Paulo Miguel Almeida Date: Mon, 24 Oct 2022 13:57:42 +1300 Subject: [PATCH 2/2] HID: hyperv: remove unused struct synthhid_msg struct synthhid_msg was meant to be a generic representation of the possible protocol messages sent through VMBus. In practice, only the header is read and depending on the message type, a cast to the actual type is done. Also, SYNTHHID_MAX_INPUT_REPORT_SIZE constant isn't used which I suspect is a leftover from the refactoring made while this driver was at the staging folder. This patch removes struct synthhid_msg and refactor the code accordingly. Signed-off-by: Paulo Miguel Almeida Reviewed-by: Michael Kelley Signed-off-by: Jiri Kosina --- drivers/hid/hid-hyperv.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 208cf8d981a5..0be717bb09d4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -22,9 +22,6 @@ struct hv_input_dev_info { unsigned short reserved[11]; }; -/* The maximum size of a synthetic input message. */ -#define SYNTHHID_MAX_INPUT_REPORT_SIZE 16 - /* * Current version * @@ -59,11 +56,6 @@ struct synthhid_msg_hdr { u32 size; }; -struct synthhid_msg { - struct synthhid_msg_hdr header; - char data[]; /* Enclosed message */ -}; - union synthhid_version { struct { u16 minor_version; @@ -251,7 +243,7 @@ static void mousevsc_on_receive(struct hv_device *device, struct vmpacket_descriptor *packet) { struct pipe_prt_msg *pipe_msg; - struct synthhid_msg *hid_msg; + struct synthhid_msg_hdr *hid_msg_hdr; struct mousevsc_dev *input_dev = hv_get_drvdata(device); struct synthhid_input_report *input_report; size_t len; @@ -262,9 +254,9 @@ static void mousevsc_on_receive(struct hv_device *device, if (pipe_msg->type != PIPE_MESSAGE_DATA) return; - hid_msg = (struct synthhid_msg *)pipe_msg->data; + hid_msg_hdr = (struct synthhid_msg_hdr *)pipe_msg->data; - switch (hid_msg->header.type) { + switch (hid_msg_hdr->type) { case SYNTH_HID_PROTOCOL_RESPONSE: /* * While it will be impossible for us to protect against @@ -309,7 +301,7 @@ static void mousevsc_on_receive(struct hv_device *device, break; default: pr_err("unsupported hid msg type - type %d len %d\n", - hid_msg->header.type, hid_msg->header.size); + hid_msg_hdr->type, hid_msg_hdr->size); break; }