2021-12-16 02:21:46

by Wang Weiyang

[permalink] [raw]
Subject: [PATCH -next] mm/memcg: Use struct_size() helper in kzalloc()

Make use of the struct_size() helper instead of an open-coded version, in
order to avoid any potential type mistakes or integer overflows that, in
the worst scenario, could lead to heap overflows.

Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Wang Weiyang <[email protected]>
---
mm/memcontrol.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index 54afa29145e8..ec4b677cdcad 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -5129,15 +5129,11 @@ static void mem_cgroup_free(struct mem_cgroup *memcg)
static struct mem_cgroup *mem_cgroup_alloc(void)
{
struct mem_cgroup *memcg;
- unsigned int size;
int node;
int __maybe_unused i;
long error = -ENOMEM;

- size = sizeof(struct mem_cgroup);
- size += nr_node_ids * sizeof(struct mem_cgroup_per_node *);
-
- memcg = kzalloc(size, GFP_KERNEL);
+ memcg = kzalloc(struct_size(memcg, nodeinfo, nr_node_ids), GFP_KERNEL);
if (!memcg)
return ERR_PTR(error);

--
2.17.1



2021-12-16 09:45:19

by Muchun Song

[permalink] [raw]
Subject: Re: [PATCH -next] mm/memcg: Use struct_size() helper in kzalloc()

On Thu, Dec 16, 2021 at 10:21 AM Wang Weiyang <[email protected]> wrote:
>
> Make use of the struct_size() helper instead of an open-coded version, in
> order to avoid any potential type mistakes or integer overflows that, in
> the worst scenario, could lead to heap overflows.
>
> Link: https://github.com/KSPP/linux/issues/160
> Signed-off-by: Wang Weiyang <[email protected]>

Reviewed-by: Muchun Song <[email protected]>

2021-12-16 11:26:43

by Johannes Weiner

[permalink] [raw]
Subject: Re: [PATCH -next] mm/memcg: Use struct_size() helper in kzalloc()

On Thu, Dec 16, 2021 at 10:20:24AM +0800, Wang Weiyang wrote:
> Make use of the struct_size() helper instead of an open-coded version, in
> order to avoid any potential type mistakes or integer overflows that, in
> the worst scenario, could lead to heap overflows.
>
> Link: https://github.com/KSPP/linux/issues/160
> Signed-off-by: Wang Weiyang <[email protected]>

Acked-by: Johannes Weiner <[email protected]>