One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
struct led_pwm_priv {
...
struct led_pwm_data leds[0];
};
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes.
So, replace the following function:
static inline size_t sizeof_pwm_leds_priv(int num_leds)
{
return sizeof(struct led_pwm_priv) +
(sizeof(struct led_pwm_data) * num_leds);
}
with:
struct_size(priv, leds, count)
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <[email protected]>
---
drivers/leds/leds-pwm.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/drivers/leds/leds-pwm.c b/drivers/leds/leds-pwm.c
index d0e1f2710351..8b6965a563e9 100644
--- a/drivers/leds/leds-pwm.c
+++ b/drivers/leds/leds-pwm.c
@@ -65,12 +65,6 @@ static int led_pwm_set(struct led_classdev *led_cdev,
return 0;
}
-static inline size_t sizeof_pwm_leds_priv(int num_leds)
-{
- return sizeof(struct led_pwm_priv) +
- (sizeof(struct led_pwm_data) * num_leds);
-}
-
static int led_pwm_add(struct device *dev, struct led_pwm_priv *priv,
struct led_pwm *led, struct fwnode_handle *fwnode)
{
@@ -174,7 +168,7 @@ static int led_pwm_probe(struct platform_device *pdev)
if (!count)
return -EINVAL;
- priv = devm_kzalloc(&pdev->dev, sizeof_pwm_leds_priv(count),
+ priv = devm_kzalloc(&pdev->dev, struct_size(priv, leds, count),
GFP_KERNEL);
if (!priv)
return -ENOMEM;
--
2.23.0
On Thu, Aug 29, 2019 at 07:53:20PM -0500, Gustavo A. R. Silva wrote:
> One of the more common cases of allocation size calculations is finding
> the size of a structure that has a zero-sized array at the end, along
> with memory for some number of elements for that array. For example:
>
> struct led_pwm_priv {
> ...
> struct led_pwm_data leds[0];
> };
>
> Make use of the struct_size() helper instead of an open-coded version
> in order to avoid any potential type mistakes.
>
> So, replace the following function:
>
> static inline size_t sizeof_pwm_leds_priv(int num_leds)
> {
> return sizeof(struct led_pwm_priv) +
> (sizeof(struct led_pwm_data) * num_leds);
> }
>
> with:
>
> struct_size(priv, leds, count)
>
> This code was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
-Kees
> ---
> drivers/leds/leds-pwm.c | 8 +-------
> 1 file changed, 1 insertion(+), 7 deletions(-)
>
> diff --git a/drivers/leds/leds-pwm.c b/drivers/leds/leds-pwm.c
> index d0e1f2710351..8b6965a563e9 100644
> --- a/drivers/leds/leds-pwm.c
> +++ b/drivers/leds/leds-pwm.c
> @@ -65,12 +65,6 @@ static int led_pwm_set(struct led_classdev *led_cdev,
> return 0;
> }
>
> -static inline size_t sizeof_pwm_leds_priv(int num_leds)
> -{
> - return sizeof(struct led_pwm_priv) +
> - (sizeof(struct led_pwm_data) * num_leds);
> -}
> -
> static int led_pwm_add(struct device *dev, struct led_pwm_priv *priv,
> struct led_pwm *led, struct fwnode_handle *fwnode)
> {
> @@ -174,7 +168,7 @@ static int led_pwm_probe(struct platform_device *pdev)
> if (!count)
> return -EINVAL;
>
> - priv = devm_kzalloc(&pdev->dev, sizeof_pwm_leds_priv(count),
> + priv = devm_kzalloc(&pdev->dev, struct_size(priv, leds, count),
> GFP_KERNEL);
> if (!priv)
> return -ENOMEM;
> --
> 2.23.0
>
--
Kees Cook
Hi Gustavo,
Thank you for the patch.
On 8/30/19 2:53 AM, Gustavo A. R. Silva wrote:
> One of the more common cases of allocation size calculations is finding
> the size of a structure that has a zero-sized array at the end, along
> with memory for some number of elements for that array. For example:
>
> struct led_pwm_priv {
> ...
> struct led_pwm_data leds[0];
> };
>
> Make use of the struct_size() helper instead of an open-coded version
> in order to avoid any potential type mistakes.
>
> So, replace the following function:
>
> static inline size_t sizeof_pwm_leds_priv(int num_leds)
> {
> return sizeof(struct led_pwm_priv) +
> (sizeof(struct led_pwm_data) * num_leds);
> }
>
> with:
>
> struct_size(priv, leds, count)
>
> This code was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva <[email protected]>
> ---
> drivers/leds/leds-pwm.c | 8 +-------
> 1 file changed, 1 insertion(+), 7 deletions(-)
>
> diff --git a/drivers/leds/leds-pwm.c b/drivers/leds/leds-pwm.c
> index d0e1f2710351..8b6965a563e9 100644
> --- a/drivers/leds/leds-pwm.c
> +++ b/drivers/leds/leds-pwm.c
> @@ -65,12 +65,6 @@ static int led_pwm_set(struct led_classdev *led_cdev,
> return 0;
> }
>
> -static inline size_t sizeof_pwm_leds_priv(int num_leds)
> -{
> - return sizeof(struct led_pwm_priv) +
> - (sizeof(struct led_pwm_data) * num_leds);
> -}
> -
> static int led_pwm_add(struct device *dev, struct led_pwm_priv *priv,
> struct led_pwm *led, struct fwnode_handle *fwnode)
> {
> @@ -174,7 +168,7 @@ static int led_pwm_probe(struct platform_device *pdev)
> if (!count)
> return -EINVAL;
>
> - priv = devm_kzalloc(&pdev->dev, sizeof_pwm_leds_priv(count),
> + priv = devm_kzalloc(&pdev->dev, struct_size(priv, leds, count),
> GFP_KERNEL);
> if (!priv)
> return -ENOMEM;
>
Applied.
--
Best regards,
Jacek Anaszewski