[next] bpf: Use struct_size() in kzalloc()

Message ID	20210513215049.GA215271@embeddedor (mailing list archive)
State	Accepted
Commit	fe0bdaec8dea9912b95296d758422d95aa57fac0
Delegated to:	Netdev Maintainers
Headers	show Return-Path: <bpf-owner@kernel.org> Date: Thu, 13 May 2021 16:50:49 -0500 From: "Gustavo A. R. Silva" <gustavoars@kernel.org> To: "David S. Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Andrii Nakryiko <andrii@kernel.org>, Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>, John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org> Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" <gustavoars@kernel.org>, linux-hardening@vger.kernel.org Subject: [PATCH][next] bpf: Use struct_size() in kzalloc() Message-ID: <20210513215049.GA215271@embeddedor> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: bulk
Series	[next] bpf: Use struct_size() in kzalloc() \| expand [next] bpf: Use struct_size() in kzalloc()

Message ID

20210513215049.GA215271@embeddedor (mailing list archive)

State

Accepted

Commit

fe0bdaec8dea9912b95296d758422d95aa57fac0

Delegated to:

Netdev Maintainers

Headers

show

Return-Path: <bpf-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4C99AC43460
	for <bpf@archiver.kernel.org>; Thu, 13 May 2021 21:50:15 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 2B43561438
	for <bpf@archiver.kernel.org>; Thu, 13 May 2021 21:50:15 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233575AbhEMVvY (ORCPT <rfc822;bpf@archiver.kernel.org>);
        Thu, 13 May 2021 17:51:24 -0400
Received: from mail.kernel.org ([198.145.29.99]:60570 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S233485AbhEMVvX (ORCPT <rfc822;bpf@vger.kernel.org>);
        Thu, 13 May 2021 17:51:23 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 78AF1613F7;
        Thu, 13 May 2021 21:50:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1620942613;
        bh=jylMkVVffJcfLoicOnx1jFxnRZpA8OtO3GY3fkMHtGc=;
        h=Date:From:To:Cc:Subject:From;
        b=U8qdmD7iZmqF7v+/Q04eb+HdSftHkOzszJsUncPUUej934a8o41tC9LCyfF/06eP4
         gF+vWMiKdeAwIctsNBfezYXRYDHdXGcWq+oYc4k2YiI6tHD8KLJymQ80Eq/01b1u1u
         IKgQBooUyB/xIEQzoSUfhsu+Pr2SduOoWnGR+IooJdt5h7h/rul/R4cjU2/TcdCr4H
         Q7pOrhq+fHGHSsVGSKGVQsnZSTNcVrkGHSGVyubE0qQksrIRzpFOWnGyOa/O/82I/A
         S+tAIEkEfvux2FOPsO2SA0OfjgELA4HvL7pKEL/pdimSo2Be2lptQiPBT13/WV4CRA
         9mc5kiJyDxkzQ==
Date: Thu, 13 May 2021 16:50:49 -0500
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>
Cc: netdev@vger.kernel.org, bpf@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        linux-hardening@vger.kernel.org
Subject: [PATCH][next] bpf: Use struct_size() in kzalloc()
Message-ID: <20210513215049.GA215271@embeddedor>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Precedence: bulk
List-ID: <bpf.vger.kernel.org>
X-Mailing-List: bpf@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

Series

[next] bpf: Use struct_size() in kzalloc() | expand

Checks

Context	Check	Description
netdev/cover_letter	success	Link
netdev/fixes_present	success	Link
netdev/patch_count	success	Link
netdev/tree_selection	success	Guessed tree name to be net-next
netdev/subject_prefix	warning	Target tree name not specified in the subject
netdev/cc_maintainers	success	CCed 12 of 12 maintainers
netdev/source_inline	success	Was 0 now: 0
netdev/verify_signedoff	success	Link
netdev/module_param	success	Was 0 now: 0
netdev/build_32bit	success	Errors and warnings before: 4 this patch: 4
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/verify_fixes	success	Link
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/build_allmodconfig_warn	success	Errors and warnings before: 4 this patch: 4
netdev/header_inline	success	Link

Context

Check

Description

netdev/cover_letter

success

Link

netdev/fixes_present

success

Link

netdev/patch_count

success

Link

netdev/tree_selection

success

Guessed tree name to be net-next

netdev/subject_prefix

warning

Target tree name not specified in the subject

netdev/cc_maintainers

success

CCed 12 of 12 maintainers

netdev/source_inline

success

Was 0 now: 0

netdev/verify_signedoff

success

Link

netdev/module_param

success

Was 0 now: 0

netdev/build_32bit

success

Errors and warnings before: 4 this patch: 4

netdev/kdoc

success

Errors and warnings before: 0 this patch: 0

netdev/verify_fixes

success

Link

netdev/checkpatch

success

total: 0 errors, 0 warnings, 0 checks, 9 lines checked

netdev/build_allmodconfig_warn

success

Errors and warnings before: 4 this patch: 4

netdev/header_inline

success

Link

Commit Message

Gustavo A. R. Silva May 13, 2021, 9:50 p.m. UTC

Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows
that, in the worst scenario, could lead to heap overflows.

This code was detected with the help of Coccinelle and, audited and
fixed manually.

Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 net/core/bpf_sk_storage.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Gustavo A. R. Silva May 13, 2021, 11:06 p.m. UTC | #1

On 5/13/21 18:00, patchwork-bot+netdevbpf@kernel.org wrote:
> Hello:
> 
> This patch was applied to netdev/net-next.git (refs/heads/master):

[..]

> Here is the summary with links:
>   - [next] bpf: Use struct_size() in kzalloc()
>     https://git.kernel.org/netdev/net-next/c/fe0bdaec8dea

Awesome. :)

Thanks, Dave.
--
Gustavo

diff --git a/net/core/bpf_sk_storage.c b/net/core/bpf_sk_storage.c
index cc3712ad8716..f564f82e91d9 100644
--- a/net/core/bpf_sk_storage.c
+++ b/net/core/bpf_sk_storage.c
@@ -524,8 +524,7 @@  bpf_sk_storage_diag_alloc(const struct nlattr *nla_stgs)
 			nr_maps++;
 	}
 
-	diag = kzalloc(sizeof(*diag) + sizeof(diag->maps[0]) * nr_maps,
-		       GFP_KERNEL);
+	diag = kzalloc(struct_size(diag, maps, nr_maps), GFP_KERNEL);
 	if (!diag)
 		return ERR_PTR(-ENOMEM);