Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp695665iob;
        Wed, 18 May 2022 10:49:53 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzQ+sfevdSl3C4UbpsxHbmpZVdv7HzsmU68e1u2IFTjHiKIMH8if9zZknYo/GF5O9avcswm
X-Received: by 2002:a63:384c:0:b0:3f5:cc47:8a40 with SMTP id h12-20020a63384c000000b003f5cc478a40mr465327pgn.587.1652896193361;
        Wed, 18 May 2022 10:49:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652896193; cv=none;
        d=google.com; s=arc-20160816;
        b=Eg1nd5aNALL/+6wwGv+mxEFLtiHqQuYtM3tPrzySHEyeAsgvo+dGDvxO30TvJQ6K15
         rN2hhGaTV5M1hfqyBbLQw8iJ9oLpbuQG5ZA6cSc7ICwBaYOlmxO7+iKg3u+XWRd8qE6k
         5W9t2U5DzThjKJdNPbOqr/HJDGZRCSC1Ij+PVmzSh6hYv6OcH2x+Iqu4UYKQwbMnI0wN
         FtQwFRENe2sg9LwoddH0WHhyhKgR/WJMl8smMU6QlbKNWrJ8qF5TanrCUOM7rqbNmhzo
         njtfnK/wjrwMySavv/4nvOAX9Mwyyp0NPiKq05Ft0o9a68xkZ8Cj3OUxGG2fgJmCE43S
         90XA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=2ozd40mTnsY9S/VwIXBt0eam1bNkMyG5tbTHI28ecpc=;
        b=WkxUXhJezBfnOm2Z36pygchK4lCqBCsDPAr3XbWHFAu7mzAgrGBdElVvCReNm5dTZQ
         ljB1U7Cicc3JSjwwTuxz69KzOnHW9+dFbHK1tj+wteXbhBHXOwiyoJIXtG91h8qjZOcg
         MszQhW84yF9JD6Mpf7LaZBWXZteowbmiEGC8b+9uMno+pTtfpkd9aTu5RVtdc1W9erSw
         HbfCPKQtzWxE9B79+/Wd3sWX97FGh5GyNgX55zC08YmwriPO23KJjcDneaMCy6yPKh0d
         3FWTce30XVnPKsr2oW8uX4d3ZLZsmLutGIl3m/u9SNbLfaoEXp1rTwyLKwcryrsy85S2
         mI9A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ie3JiPoA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id t19-20020a63dd13000000b003c642710cc1si3138410pgg.725.2022.05.18.10.49.52
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 May 2022 10:49:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ie3JiPoA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id B200A219C2E;
	Wed, 18 May 2022 10:48:30 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241094AbiERRsX (ORCPT <rfc822;recursive.nomad@gmail.com>
        + 99 others); Wed, 18 May 2022 13:48:23 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49622 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241006AbiERRsU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 18 May 2022 13:48:20 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A789D219C1F;
        Wed, 18 May 2022 10:48:19 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 69720B81F31;
        Wed, 18 May 2022 17:48:18 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F4F8C385A9;
        Wed, 18 May 2022 17:48:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1652896097;
        bh=XnOSY/YWP/OcJnztugs91qjWrXuN8mOlfPqK9qsZjd0=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=ie3JiPoAx1hbI3cG/vRTzx2XlMNlsoEGVcxmuEY2S3MqzNQ5wERZ6TIsmcYfQb5le
         vd1Hu/CInDcejHu01Fwfq9iC795FjQKIz9OXYareDzgcURmHvh2IZuUElUBBamYeDI
         VPV2K+EnuEG8ppBWZ6XE1CXtQ3qAtYdK5eNhjzHtJJVnZuDmG5JGROD33YkWgnhBy9
         NHAWV++vvXKXzXxNVJ29xBBypCrgj6QlsVEypachZ09KY3HJuv0gcUu0EhnndgB8pj
         BZsCbtTha6jWoRFo/C4sRYohCqoFRLVfkRcVZ/EkowTx3HH+MJC7dlPv8+5Ax9V9iL
         kV1YktTGLyKvg==
Date:   Wed, 18 May 2022 10:48:15 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     Zhang Jianhua <chris.zjh@huawei.com>
Cc:     tytso@mit.edu, linux-fscrypt@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH -next] fs-verity: Use struct_size() helper in
 fsverity_ioctl_measure()
Message-ID: <YoUxX7iDBczYwGHC@sol.localdomain>
References: <20220518093829.2248801-1-chris.zjh@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220518093829.2248801-1-chris.zjh@huawei.com>
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, May 18, 2022 at 05:38:29PM +0800, Zhang Jianhua wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worst scenario, could lead to heap overflows.
> 
> Also, address the following sparse warnings:
> fs/verity/measure.c:48:9: warning: using sizeof on a flexible structure
> fs/verity/measure.c:52:38: warning: using sizeof on a flexible structure
> 
> Signed-off-by: Zhang Jianhua <chris.zjh@huawei.com>
> ---
>  fs/verity/measure.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/verity/measure.c b/fs/verity/measure.c
> index e99c00350c28..4a388116d0de 100644
> --- a/fs/verity/measure.c
> +++ b/fs/verity/measure.c
> @@ -27,6 +27,7 @@ int fsverity_ioctl_measure(struct file *filp, void __user *_uarg)
>  	const struct fsverity_info *vi;
>  	const struct fsverity_hash_alg *hash_alg;
>  	struct fsverity_digest arg;
> +	size_t arg_size = struct_size(&arg, digest, 0);
>  
>  	vi = fsverity_get_info(inode);
>  	if (!vi)
> @@ -44,11 +45,11 @@ int fsverity_ioctl_measure(struct file *filp, void __user *_uarg)
>  	if (arg.digest_size < hash_alg->digest_size)
>  		return -EOVERFLOW;
>  
> -	memset(&arg, 0, sizeof(arg));
> +	memset(&arg, 0, arg_size);
>  	arg.digest_algorithm = hash_alg - fsverity_hash_algs;
>  	arg.digest_size = hash_alg->digest_size;
>  
> -	if (copy_to_user(uarg, &arg, sizeof(arg)))
> +	if (copy_to_user(uarg, &arg, arg_size))
>  		return -EFAULT;

'arg' is just a stack variable that doesn't use the flexible array field.  So
this change on its own is pretty pointless and just obfuscates the code.

If it's nevertheless worth it to get rid of the sparse warning, to make the
wider codebase clean of this class of warning, we could still do it anyway.  But
please make the commit message correctly say that the purpose is just to
eliminate the sparse warning, and don't incorrectly claim that the code "could
lead to heap overflows".

- Eric