From 202aac1e3fa0ece222a7e6b022cc00ba86978300 Mon Sep 17 00:00:00 2001
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Date: Tue, 11 Mar 2025 08:51:19 +0900
Subject: [PATCH] Bluetooth: hci_conn: Use struct_size() in
 hci_le_big_create_sync()

BugLink: https://bugs.launchpad.net/bugs/2101915

Use struct_size() instead of the open-coded version. Similarly to
this other patch[1].

Link: https://lore.kernel.org/linux-hardening/ZiwwPmCvU25YzWek@neat/ [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
(cherry picked from commit d6bb8782b4b6ec14fb6e336f7f8c6a1ccce613b1)
[koichiroden: pulled for "Bluetooth: ISO: Do not emit LE BIG Create Sync
if previous is pending"]
Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
 net/bluetooth/hci_conn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index ad220c76d35e..a5646254a11a 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -2215,7 +2215,7 @@ int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
 	memcpy(pdu->bis, bis, num_bis);
 
 	return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
-			    sizeof(*pdu) + num_bis, pdu);
+			    struct_size(pdu, bis, num_bis), pdu);
 }
 
 static void create_big_complete(struct hci_dev *hdev, void *data, int err)