| Message ID | 20240310110226.6366-1-erick.archer@gmx.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Headers | show |
| Series | [v2] bcachefs: Prefer struct_size over open coded arithmetic | expand |
On Sun, Mar 10, 2024 at 12:02:26PM +0100, Erick Archer wrote: > This is an effort to get rid of all multiplications from allocation > functions in order to prevent integer overflows [1][2]. > > As the "op" variable is a pointer to "struct promote_op" and this > structure ends in a flexible array: > > struct promote_op { > [...] > struct bio_vec bi_inline_vecs[]; > }; > > and the "t" variable is a pointer to "struct journal_seq_blacklist_table" > and this structure also ends in a flexible array: > > struct journal_seq_blacklist_table { > [...] > struct journal_seq_blacklist_table_entry { > u64 start; > u64 end; > bool dirty; > } entries[]; > }; > > the preferred way in the kernel is to use the struct_size() helper to > do the arithmetic instead of the argument "size + size * count" in the > kzalloc() functions. > > This way, the code is more readable and safer. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1] > Link: https://github.com/KSPP/linux/issues/160 [2] > Signed-off-by: Erick Archer <erick.archer@gmx.com> applied
diff --git a/fs/bcachefs/io_read.c b/fs/bcachefs/io_read.c index dce136cd2271..01beab55c6b3 100644 --- a/fs/bcachefs/io_read.c +++ b/fs/bcachefs/io_read.c @@ -174,7 +174,7 @@ static struct promote_op *__promote_alloc(struct btree_trans *trans, if (!bch2_write_ref_tryget(c, BCH_WRITE_REF_promote)) return ERR_PTR(-BCH_ERR_nopromote_no_writes); - op = kzalloc(sizeof(*op) + sizeof(struct bio_vec) * pages, GFP_KERNEL); + op = kzalloc(struct_size(op, bi_inline_vecs, pages), GFP_KERNEL); if (!op) { ret = -BCH_ERR_nopromote_enomem; goto err; diff --git a/fs/bcachefs/journal_seq_blacklist.c b/fs/bcachefs/journal_seq_blacklist.c index 024c9b1b323f..2c2490aa15fe 100644 --- a/fs/bcachefs/journal_seq_blacklist.c +++ b/fs/bcachefs/journal_seq_blacklist.c @@ -165,8 +165,7 @@ int bch2_blacklist_table_initialize(struct bch_fs *c) if (!bl) return 0; - t = kzalloc(sizeof(*t) + sizeof(t->entries[0]) * nr, - GFP_KERNEL); + t = kzalloc(struct_size(t, entries, nr), GFP_KERNEL); if (!t) return -BCH_ERR_ENOMEM_blacklist_table_init;
This is an effort to get rid of all multiplications from allocation functions in order to prevent integer overflows [1][2]. As the "op" variable is a pointer to "struct promote_op" and this structure ends in a flexible array: struct promote_op { [...] struct bio_vec bi_inline_vecs[]; }; and the "t" variable is a pointer to "struct journal_seq_blacklist_table" and this structure also ends in a flexible array: struct journal_seq_blacklist_table { [...] struct journal_seq_blacklist_table_entry { u64 start; u64 end; bool dirty; } entries[]; }; the preferred way in the kernel is to use the struct_size() helper to do the arithmetic instead of the argument "size + size * count" in the kzalloc() functions. This way, the code is more readable and safer. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1] Link: https://github.com/KSPP/linux/issues/160 [2] Signed-off-by: Erick Archer <erick.archer@gmx.com> --- Changes in v2: - Merge the two patches in one single patch (Kent Overstreet). Previous versions: v1 -> https://lore.kernel.org/linux-hardening/20240224145924.7468-1-erick.archer@gmx.com/ v1 -> https://lore.kernel.org/linux-hardening/20240224151658.8272-1-erick.archer@gmx.com/ --- fs/bcachefs/io_read.c | 2 +- fs/bcachefs/journal_seq_blacklist.c | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) -- 2.25.1