| Message ID | 7a20160628fa586a74936c9212102dbf896e7332.1692543738.git.christophe.jaillet@wanadoo.fr (mailing list archive) |
|---|---|
| State | Rejected |
| Headers | show |
| Series | tracing/user_events: Fix an erroneous usage of struct_size() | expand |
On Sun, 20 Aug 2023 17:02:42 +0200 Christophe JAILLET <christophe.jaillet@wanadoo.fr> wrote: > If struct_size() returns a value that does not fit in a 'int', the size > passed to kzalloc() is wrong. > > Remove the intermediate 'size' variable and use struct_size() directly. > > Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace") > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> > --- > I don't know if 'size' can get bigger than a int in the real world, but the > change looks safe in any cases. > > On x86_64, looking at the .s files, the previous code had an extra: > movslq %r13d, %r13 > which really looks wrong to me. If size is bigger than int, then we have much bigger problems than this allocation. That means count is over 2 billion, and the kzalloc() will fail regardless. This is an unneeded change. -- Steve > --- > kernel/trace/trace_events_user.c | 8 +++----- > 1 file changed, 3 insertions(+), 5 deletions(-) > > diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c > index 33cb6af31f39..67cc71a872b0 100644 > --- a/kernel/trace/trace_events_user.c > +++ b/kernel/trace/trace_events_user.c > @@ -2153,7 +2153,7 @@ static int user_events_ref_add(struct user_event_file_info *info, > { > struct user_event_group *group = info->group; > struct user_event_refs *refs, *new_refs; > - int i, size, count = 0; > + int i, count = 0; > > refs = rcu_dereference_protected(info->refs, > lockdep_is_held(&group->reg_mutex)); > @@ -2166,10 +2166,8 @@ static int user_events_ref_add(struct user_event_file_info *info, > return i; > } > > - size = struct_size(refs, events, count + 1); > - > - new_refs = kzalloc(size, GFP_KERNEL_ACCOUNT); > - > + new_refs = kzalloc(struct_size(refs, events, count + 1), > + GFP_KERNEL_ACCOUNT); > if (!new_refs) > return -ENOMEM; >
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 33cb6af31f39..67cc71a872b0 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -2153,7 +2153,7 @@ static int user_events_ref_add(struct user_event_file_info *info, { struct user_event_group *group = info->group; struct user_event_refs *refs, *new_refs; - int i, size, count = 0; + int i, count = 0; refs = rcu_dereference_protected(info->refs, lockdep_is_held(&group->reg_mutex)); @@ -2166,10 +2166,8 @@ static int user_events_ref_add(struct user_event_file_info *info, return i; } - size = struct_size(refs, events, count + 1); - - new_refs = kzalloc(size, GFP_KERNEL_ACCOUNT); - + new_refs = kzalloc(struct_size(refs, events, count + 1), + GFP_KERNEL_ACCOUNT); if (!new_refs) return -ENOMEM;
If struct_size() returns a value that does not fit in a 'int', the size passed to kzalloc() is wrong. Remove the intermediate 'size' variable and use struct_size() directly. Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> --- I don't know if 'size' can get bigger than a int in the real world, but the change looks safe in any cases. On x86_64, looking at the .s files, the previous code had an extra: movslq %r13d, %r13 which really looks wrong to me. --- kernel/trace/trace_events_user.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)