[PATCH] divide by 3*sizeof(u32) when computing array_size

Tue Jul 13 02:19:54 PDT 2021

On Tue, Jul 13, 2021 at 08:30:53AM +0200, Uwe Kleine-König wrote:
> Hello Salah,
> 
> On Tue, Jul 13, 2021 at 12:19:10AM +0100, Salah Triki wrote:
> > Divide by 3*sizeof(u32) when computing array_size, since stm32_breakinput
> > has 3 fields of type u32.
> > 
> > Signed-off-by: Salah Triki <salah.triki at gmail.com>
> > ---
> >  drivers/pwm/pwm-stm32.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/drivers/pwm/pwm-stm32.c b/drivers/pwm/pwm-stm32.c
> > index 794ca5b02968..fb21bc2b2dd6 100644
> > --- a/drivers/pwm/pwm-stm32.c
> > +++ b/drivers/pwm/pwm-stm32.c
> > @@ -544,7 +544,7 @@ static int stm32_pwm_probe_breakinputs(struct stm32_pwm *priv,
> >  		return -EINVAL;
> >  
> >  	priv->num_breakinputs = nb;
> > -	array_size = nb * sizeof(struct stm32_breakinput) / sizeof(u32);
> > +	array_size = nb * sizeof(struct stm32_breakinput) / (3 * sizeof(u32));
> >  	ret = of_property_read_u32_array(np, "st,breakinput",
> >  					 (u32 *)priv->breakinputs, array_size);
> >  	if (ret)
> 
> I agree with Philipp here; this looks strange and needs a better
> description.
> 
> Looking a bit more in details:
> 
>  - priv->breakinputs has type struct stm32_breakinput[MAX_BREAKINPUT]
>  - nb is in [0 .. MAX_BREAKINPUT]
>  - sizeof(struct stm32_breakinput) == 3 * sizeof(u32)
>  - of_property_read_u32_array reads $array_size u32 quantities
> 
> so to read $nb members of type stm32_breakinput array_size must be a
> multiple of 3 which isn't given any more after your patch. This makes me
> believe your suggested change to be wrong.

I concur with your analysis. "array_size" is the number of u32 values
to read from DT. It is not the number of entries in priv->breakinputs.

I would also note that the code relies on there being no padding in
struct stm32_breakinput - it should be noted that a strict
interpretation of the C standard allows padding to be added anywhere
to a structure - at the start, end or between members.

Some further thoughts... DT is effectively an interface (we maintain
definitions of what we expect.) The way the code is structured,
"struct stm32_breakinput" defines that interface. Maybe this should
be commented, and maybe there should be a build time assert that
"sizeof(struct stm32_breakinput)" is "3 * sizeof(u32)" since the
code is relying on that property?

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!