| Message ID | AS8PR02MB7237AC633B0D1D2EBD3C40E98B392@AS8PR02MB7237.eurprd02.prod.outlook.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 3ef4600f12269d489933b3835fe8d43621e4ee6c |
| Headers | show |
| Series | mtd: maps: sa1100-flash: Prefer struct_size over open coded arithmetic | expand |
On Sat, 2024-03-30 at 17:55:35 UTC, Erick Archer wrote: > This is an effort to get rid of all multiplications from allocation > functions in order to prevent integer overflows [1][2]. > > As the "info" variable is a pointer to "struct sa_info" and this > structure ends in a flexible array: > > struct sa_info { > [...] > struct sa_subdev_info subdev[]; > }; > > the preferred way in the kernel is to use the struct_size() helper to > do the arithmetic instead of the calculation "size + size * count" in > the kzalloc() function. > > This way, the code is more readable and safer. > > This code was detected with the help of Coccinelle, and audited and > modified manually. > > Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1] > Link: https://github.com/KSPP/linux/issues/160 [2] > Signed-off-by: Erick Archer <erick.archer@outlook.com> Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git mtd/next, thanks. Miquel
diff --git a/drivers/mtd/maps/sa1100-flash.c b/drivers/mtd/maps/sa1100-flash.c index d4ce2376d33f..ac8a0a19a021 100644 --- a/drivers/mtd/maps/sa1100-flash.c +++ b/drivers/mtd/maps/sa1100-flash.c @@ -153,7 +153,7 @@ static struct sa_info *sa1100_setup_mtd(struct platform_device *pdev, struct flash_platform_data *plat) { struct sa_info *info; - int nr, size, i, ret = 0; + int nr, i, ret = 0; /* * Count number of devices. @@ -167,12 +167,10 @@ static struct sa_info *sa1100_setup_mtd(struct platform_device *pdev, goto out; } - size = sizeof(struct sa_info) + sizeof(struct sa_subdev_info) * nr; - /* * Allocate the map_info structs in one go. */ - info = kzalloc(size, GFP_KERNEL); + info = kzalloc(struct_size(info, subdev, nr), GFP_KERNEL); if (!info) { ret = -ENOMEM; goto out;
This is an effort to get rid of all multiplications from allocation functions in order to prevent integer overflows [1][2]. As the "info" variable is a pointer to "struct sa_info" and this structure ends in a flexible array: struct sa_info { [...] struct sa_subdev_info subdev[]; }; the preferred way in the kernel is to use the struct_size() helper to do the arithmetic instead of the calculation "size + size * count" in the kzalloc() function. This way, the code is more readable and safer. This code was detected with the help of Coccinelle, and audited and modified manually. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1] Link: https://github.com/KSPP/linux/issues/160 [2] Signed-off-by: Erick Archer <erick.archer@outlook.com> --- Hi, The Coccinelle script used to detect this code pattern is the following: virtual report @rule1@ type t1; type t2; identifier i0; identifier i1; identifier i2; identifier ALLOC =~ "kmalloc|kzalloc|kmalloc_node|kzalloc_node|vmalloc|vzalloc|kvmalloc|kvzalloc"; position p1; @@ i0 = sizeof(t1) + sizeof(t2) * i1; ... i2 = ALLOC@p1(..., i0, ...); @script:python depends on report@ p1 << rule1.p1; @@ msg = "WARNING: verify allocation on line %s" % (p1[0].line) coccilib.report.print_report(p1[0],msg) Regards, Erick --- drivers/mtd/maps/sa1100-flash.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)