Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp803475pxj;
        Thu, 13 May 2021 18:04:46 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyKec1076FtlvIuxkqbqyQLiq/qA6zCQdWP4Gh2M+XYi6r5uOeAnpFER1mOGUR0BFnNbiKw
X-Received: by 2002:a05:6e02:507:: with SMTP id d7mr5427904ils.19.1620954286465;
        Thu, 13 May 2021 18:04:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620954286; cv=none;
        d=google.com; s=arc-20160816;
        b=BnHugcdj03VdalnwXWUMRkRbrGNIkhg2alyrBTHG5TcPziN+NTDRlUIAHlsRNf3uIh
         g7ZI9ePuFGL9J3onzrcD3dyLH8Ro5tyZPU/TfoJ7qJTBIAhiFVfj4ysH53eS7aSzx+b/
         Q+pvT5MCAZkVpeYNJMIjydmz9xrEgztky3f+LBCd++bjk/9tUzANTBe+DwjT3UJUYtlr
         m3TM0qpjJ+zbhLw4MyF0tARwypoUOYZwJZp/3xFehd9bhHV9WA2zi1SI4pTvm2PXyKTP
         dry7NCLHdcwvsgWIdGnAz4FSGp8o5MOiy0zaYhQFBhSZpziIDtXsH36fPJdb/QQnH9+h
         WXoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-disposition:mime-version:message-id
         :subject:cc:to:from:date:dkim-signature;
        bh=ZCXrtGYAvGRuLBnXTBCMwTaymnQjqBypUSboSurO3H0=;
        b=sJOBeUe1J1LyO9mWq8jL0OxxgDBaChlTsgM0sw+bMIWYfbMHepJ2hBKqMNcfIG/Tad
         LGKcs7WvhRorY7kBCd1oIh6G2iMcX+7L8tsH/TcAPXiQCbKJwcvoWiEqt2UlCe6Q+dbt
         LZ74igs2Xcn8HTmfGKmGou7VCxiaFwp+Ad86zsBfWO8OfZzTPmgH1YHHcnToL2+q+rlf
         B5FECy2HYU2fXoFWc6wtd8MDwawBiKGdD+pkw9SpELIb0pz3G37USMvn8MXsgzVwbhpd
         AQjJTeqDNXXMzkmxnJDFOAbaFweQ9JM9kZU1xduPwV/udH1ixNm9CeEgUcYDd2oOlTxc
         pMgg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=U8qdmD7i;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id h10si5745941ioe.38.2021.05.13.18.04.34;
        Thu, 13 May 2021 18:04:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=U8qdmD7i;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233600AbhEMVvY (ORCPT <rfc822;longbowk@gmail.com> + 99 others);
        Thu, 13 May 2021 17:51:24 -0400
Received: from mail.kernel.org ([198.145.29.99]:60570 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S233485AbhEMVvX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 May 2021 17:51:23 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 78AF1613F7;
        Thu, 13 May 2021 21:50:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1620942613;
        bh=jylMkVVffJcfLoicOnx1jFxnRZpA8OtO3GY3fkMHtGc=;
        h=Date:From:To:Cc:Subject:From;
        b=U8qdmD7iZmqF7v+/Q04eb+HdSftHkOzszJsUncPUUej934a8o41tC9LCyfF/06eP4
         gF+vWMiKdeAwIctsNBfezYXRYDHdXGcWq+oYc4k2YiI6tHD8KLJymQ80Eq/01b1u1u
         IKgQBooUyB/xIEQzoSUfhsu+Pr2SduOoWnGR+IooJdt5h7h/rul/R4cjU2/TcdCr4H
         Q7pOrhq+fHGHSsVGSKGVQsnZSTNcVrkGHSGVyubE0qQksrIRzpFOWnGyOa/O/82I/A
         S+tAIEkEfvux2FOPsO2SA0OfjgELA4HvL7pKEL/pdimSo2Be2lptQiPBT13/WV4CRA
         9mc5kiJyDxkzQ==
Date:   Thu, 13 May 2021 16:50:49 -0500
From:   "Gustavo A. R. Silva" <gustavoars@kernel.org>
To:     "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>
Cc:     netdev@vger.kernel.org, bpf@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        linux-hardening@vger.kernel.org
Subject: [PATCH][next] bpf: Use struct_size() in kzalloc()
Message-ID: <20210513215049.GA215271@embeddedor>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows
that, in the worst scenario, could lead to heap overflows.

This code was detected with the help of Coccinelle and, audited and
fixed manually.

Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 net/core/bpf_sk_storage.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/core/bpf_sk_storage.c b/net/core/bpf_sk_storage.c
index cc3712ad8716..f564f82e91d9 100644
--- a/net/core/bpf_sk_storage.c
+++ b/net/core/bpf_sk_storage.c
@@ -524,8 +524,7 @@ bpf_sk_storage_diag_alloc(const struct nlattr *nla_stgs)
 			nr_maps++;
 	}
 
-	diag = kzalloc(sizeof(*diag) + sizeof(diag->maps[0]) * nr_maps,
-		       GFP_KERNEL);
+	diag = kzalloc(struct_size(diag, maps, nr_maps), GFP_KERNEL);
 	if (!diag)
 		return ERR_PTR(-ENOMEM);
 
-- 
2.27.0