2022-05-19 08:44:48

by Lin Yujun

[permalink] [raw]
Subject: [PATCH -next v2] x86/events:Use struct_size() helper in kzalloc()

Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows that,
in the worst scenario, could lead to heap overflows.

Signed-off-by: Lin Yujun <[email protected]>
---
arch/x86/events/rapl.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/arch/x86/events/rapl.c b/arch/x86/events/rapl.c
index 77e3a47af5ad..8da003e02010 100644
--- a/arch/x86/events/rapl.c
+++ b/arch/x86/events/rapl.c
@@ -683,10 +683,8 @@ static const struct attribute_group *rapl_attr_update[] = {
static int __init init_rapl_pmus(void)
{
int maxdie = topology_max_packages() * topology_max_die_per_package();
- size_t size;

- size = sizeof(*rapl_pmus) + maxdie * sizeof(struct rapl_pmu *);
- rapl_pmus = kzalloc(size, GFP_KERNEL);
+ rapl_pmus = kzalloc(struct_size(rapl_pmus, pmus, maxdie), GFP_KERNEL);
if (!rapl_pmus)
return -ENOMEM;

--
2.17.1



2022-05-19 12:57:40

by Peter Zijlstra

[permalink] [raw]
Subject: Re: [PATCH -next v2] x86/events:Use struct_size() helper in kzalloc()

On Thu, May 19, 2022 at 10:36:00AM +0800, Lin Yujun wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worst scenario, could lead to heap overflows.
>
> Signed-off-by: Lin Yujun <[email protected]>
> ---
> arch/x86/events/rapl.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/arch/x86/events/rapl.c b/arch/x86/events/rapl.c
> index 77e3a47af5ad..8da003e02010 100644
> --- a/arch/x86/events/rapl.c
> +++ b/arch/x86/events/rapl.c
> @@ -683,10 +683,8 @@ static const struct attribute_group *rapl_attr_update[] = {
> static int __init init_rapl_pmus(void)
> {
> int maxdie = topology_max_packages() * topology_max_die_per_package();
> - size_t size;
>
> - size = sizeof(*rapl_pmus) + maxdie * sizeof(struct rapl_pmu *);
> - rapl_pmus = kzalloc(size, GFP_KERNEL);
> + rapl_pmus = kzalloc(struct_size(rapl_pmus, pmus, maxdie), GFP_KERNEL);

So I really hate that thing; it's pointless obfuscation. If you're
really worried about the type confusion, write it like:

size = sizeof(*rapl_pmus) + sizeof(rapl_pmus->pmus[0]) * maxdie;

or something. Otherwise, just go away.