Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1241818imu; Wed, 16 Jan 2019 15:30:29 -0800 (PST) X-Google-Smtp-Source: ALg8bN5tw/x+8XCAAVH6BKu9c6xQUTqPX/ZVT/1g4r+ymOONUfJEKPPaxBCymISHemYNZhA3omU/ X-Received: by 2002:a17:902:4222:: with SMTP id g31mr12424697pld.240.1547681429510; Wed, 16 Jan 2019 15:30:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547681429; cv=none; d=google.com; s=arc-20160816; b=idZ0BcIod8U6G0PMrF4FOz3ZEy6bFfnJQUclHSrS28/UjgIkMueEfGjysNAbG1Besm moiPX3xhIpcVIUJr7ADzVSwbF1w0IQRkP6sgMjS+3dqUHnB1Jx9mN/n6nYxDD7HZLNq0 z9bY5tUAJrOAnaB+Idok/cCFOxKf9RAR+lhj7mzlbYeFHLH1KfCaN8I1ccN8zYkEiOlw FDeVxEg33zHFg+lP1eSpW1Zm+L1U1FKY9xACHBL1TUt9n+GEFArKp5cgMyyXGw4ZzSjV pkmIFV3I5a0/0NDNmRa47HEnbThwx3FMqipKU8hWlRBMYfX1zmLR1pm/nV9Hsot75gTa fqXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=HlokJyOefn5Q9TmqNwrZ28jIq1/Ymovqh83AYFL9Qdk=; b=eyGKPA3OXO5RzivZuC5jcSqAJvOWMOi0wX+OiMiJPvNZ243dSrDxja9osQVVqI+EJ3 7LeH+BM7KihJgNX+YyMpp4yBDnHmc4ryOR4+9QJoUv5Tq3pvIcQXnnn4O3SZmXIBONBC AJL2323nX1mI5GWz70aN6SEQMhN9ar45kw68Ns4IT1PF3NpMj6j0RzCpjVMdMylX57r4 /fws35SEnuJRxx7qfbU+5lREK92ycK8FDm2AUE2yD2TVLJFS9A8YyJzYclKslZru21Tt 0DevoM3+xljZOaj1lRmH8Rgfiu73Jxs/hQejOtetrb/ifrQIOT++DzDj4v8nlHIzd/pt 0obQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w185si6355017pgb.588.2019.01.16.15.30.13; Wed, 16 Jan 2019 15:30:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727598AbfAPRqi (ORCPT + 99 others); Wed, 16 Jan 2019 12:46:38 -0500 Received: from gateway30.websitewelcome.com ([192.185.179.30]:13496 "EHLO gateway30.websitewelcome.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726891AbfAPRqh (ORCPT ); Wed, 16 Jan 2019 12:46:37 -0500 Received: from cm10.websitewelcome.com (cm10.websitewelcome.com [100.42.49.4]) by gateway30.websitewelcome.com (Postfix) with ESMTP id AF017F18E for ; Wed, 16 Jan 2019 11:46:35 -0600 (CST) Received: from gator4166.hostgator.com ([108.167.133.22]) by cmsmtp with SMTP id jpGtgRnjy2PzOjpGtg4DrK; Wed, 16 Jan 2019 11:46:35 -0600 X-Authority-Reason: nr=8 Received: from [189.250.130.205] (port=34128 helo=[192.168.43.131]) by gator4166.hostgator.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from ) id 1gjpGs-001OZt-PY; Wed, 16 Jan 2019 11:46:35 -0600 Subject: Re: [PATCH] powerpc/ps3: Use struct_size() in kzalloc() To: Geoff Levand , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org References: <20190108210010.GA980@embeddedor> <595f7b4b-9e26-ae72-de5f-270dce677c65@infradead.org> From: "Gustavo A. R. Silva" Message-ID: <0673a5d1-5b4b-b432-6fc9-ff020ee0ba5e@embeddedor.com> Date: Wed, 16 Jan 2019 11:46:29 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <595f7b4b-9e26-ae72-de5f-270dce677c65@infradead.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator4166.hostgator.com X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - embeddedor.com X-BWhitelist: no X-Source-IP: 189.250.130.205 X-Source-L: No X-Exim-ID: 1gjpGs-001OZt-PY X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: ([192.168.43.131]) [189.250.130.205]:34128 X-Source-Auth: gustavo@embeddedor.com X-Email-Count: 6 X-Source-Cap: Z3V6aWRpbmU7Z3V6aWRpbmU7Z2F0b3I0MTY2Lmhvc3RnYXRvci5jb20= X-Local-Domain: yes Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Geoff, On 1/16/19 11:21 AM, Geoff Levand wrote: > Hi Gustavo, > > On 1/8/19 1:00 PM, Gustavo A. R. Silva wrote: >> One of the more common cases of allocation size calculations is finding the >> size of a structure that has a zero-sized array at the end, along with memory >> for some number of elements for that array. For example: >> >> struct foo { >> int stuff; >> void *entry[]; >> }; >> >> instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL); >> >> Instead of leaving these open-coded and prone to type mistakes, we can now >> use the new struct_size() helper: >> >> instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL); >> >> This code was detected with the help of Coccinelle. >> >> Signed-off-by: Gustavo A. R. Silva >> --- >> arch/powerpc/platforms/ps3/device-init.c | 4 +--- >> 1 file changed, 1 insertion(+), 3 deletions(-) >> >> diff --git a/arch/powerpc/platforms/ps3/device-init.c b/arch/powerpc/platforms/ps3/device-init.c >> index e7075aaff1bb..59587b75493d 100644 >> --- a/arch/powerpc/platforms/ps3/device-init.c >> +++ b/arch/powerpc/platforms/ps3/device-init.c >> @@ -354,9 +354,7 @@ static int ps3_setup_storage_dev(const struct ps3_repository_device *repo, >> repo->dev_index, repo->dev_type, port, blk_size, num_blocks, >> num_regions); >> >> - p = kzalloc(sizeof(struct ps3_storage_device) + >> - num_regions * sizeof(struct ps3_storage_region), >> - GFP_KERNEL); >> + p = kzalloc(struct_size(p, regions, num_regions), GFP_KERNEL); >> if (!p) { >> result = -ENOMEM; >> goto fail_malloc; > It seems to me the motivation for this change is just to have a > code change. As I've said for other similar patches, I'm reluctant > to accept such trivial changes to the PS3 code because it makes > it harder for me to maintain the code in the long term. When I > need to do a git bisect to track down a problem I generally have > a set of debugging patches that I apply on top of the bisect. A > change to the code like this creates the potential for a patch > conflict that I then need to manually edit to resolve. > This patch is part of a treewide effort aimed at preventing potential integer overflows during allocation. As the commit log says, the intention is to promote the use of struct_size instead of an open-coded form that can be prone to mistakes. This macro is a defense-in-depth strategy against overflows and it is a good idea to use it as widely as possible. I'm not stopping to see how old the code is. I'm only focusing on the particular context of the memory allocation to understand what is the name of the zero-sized array that should be used for struct_size(), and if this macro can accurately replace the open-coded form. > If this change was for relatively new code, or better, for a patch > that was submitted but not yet merged, then my feelings would be > different. I think it would be really useful to have something > that scans patches in patchwork. > I understand your point. Thanks -- Gustavo