[PATCH] mei: Cast the cb->ext_hdr allocation type

[PATCH] mei: Cast the cb->ext_hdr allocation type

[Kees Cook]

In preparation for making the kmalloc family of allocators type aware,
we need to make sure that the returned type from the allocation matches
the type of the variable being assigned. (Before, the allocator would
always return "void *", which can be implicitly cast to any pointer type.)

The assigned type is "struct mei_ext_hdr *", but the returned type will
be "struct mei_ext_hdr_gsc_f2h *", which is a larger allocation size.
This is by design as struct mei_ext_hdr_gsc_f2h contains struct
mei_ext_hdr as its first member. Cast the allocation to the match the
assignment.

Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Alexander Usyskin <alexander.usyskin@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/misc/mei/interrupt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/misc/mei/interrupt.c b/drivers/misc/mei/interrupt.c
index b09b79fedaba..c484f416fae4 100644
--- a/drivers/misc/mei/interrupt.c
+++ b/drivers/misc/mei/interrupt.c
@@ -133,7 +133,7 @@ static int mei_cl_irq_read_msg(struct mei_cl *cl,
 				break;
 			case MEI_EXT_HDR_GSC:
 				gsc_f2h = (struct mei_ext_hdr_gsc_f2h *)ext;
-				cb->ext_hdr = kzalloc(sizeof(*gsc_f2h), GFP_KERNEL);
+				cb->ext_hdr = (struct mei_ext_hdr *)kzalloc(sizeof(*gsc_f2h), GFP_KERNEL);
 				if (!cb->ext_hdr) {
 					cb->status = -ENOMEM;
 					goto discard;
-- 
2.34.1

RE: [PATCH] mei: Cast the cb->ext_hdr allocation type

[Usyskin, Alexander]

> Subject: [PATCH] mei: Cast the cb->ext_hdr allocation type
> 
> In preparation for making the kmalloc family of allocators type aware,
> we need to make sure that the returned type from the allocation matches
> the type of the variable being assigned. (Before, the allocator would
> always return "void *", which can be implicitly cast to any pointer type.)
> 
> The assigned type is "struct mei_ext_hdr *", but the returned type will
> be "struct mei_ext_hdr_gsc_f2h *", which is a larger allocation size.
> This is by design as struct mei_ext_hdr_gsc_f2h contains struct
> mei_ext_hdr as its first member. Cast the allocation to the match the
> assignment.
> 

Acked-by: Alexander Usyskin <alexander.usyskin@intel.com>

> Signed-off-by: Kees Cook <kees@kernel.org>
> ---
> Cc: Alexander Usyskin <alexander.usyskin@intel.com>
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/misc/mei/interrupt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/misc/mei/interrupt.c b/drivers/misc/mei/interrupt.c
> index b09b79fedaba..c484f416fae4 100644
> --- a/drivers/misc/mei/interrupt.c
> +++ b/drivers/misc/mei/interrupt.c
> @@ -133,7 +133,7 @@ static int mei_cl_irq_read_msg(struct mei_cl *cl,
>  				break;
>  			case MEI_EXT_HDR_GSC:
>  				gsc_f2h = (struct mei_ext_hdr_gsc_f2h *)ext;
> -				cb->ext_hdr = kzalloc(sizeof(*gsc_f2h),
> GFP_KERNEL);
> +				cb->ext_hdr = (struct mei_ext_hdr
> *)kzalloc(sizeof(*gsc_f2h), GFP_KERNEL);
>  				if (!cb->ext_hdr) {
>  					cb->status = -ENOMEM;
>  					goto discard;
> --
> 2.34.1