diff mbox series

ima: use struct_size() in kzalloc()

Message ID 20190529165343.GA2584@embeddedor (mailing list archive)
State New, archived
Headers show
Series ima: use struct_size() in kzalloc() | expand

Commit Message

Gustavo A. R. Silva May 29, 2019, 4:53 p.m. UTC 
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:

struct foo {
   int stuff;
   struct boo entry[];
};

instance = kzalloc(sizeof(struct foo) + count * sizeof(struct boo), GFP_KERNEL);

Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:

instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
 security/integrity/ima/ima_template.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Comments

Gustavo A. R. Silva Aug. 28, 2019, 6:29 p.m. UTC | #1 
Hi all,

Friendly ping:

Who can take this, please?

Thanks
--
Gustavo

On 5/29/19 11:53 AM, Gustavo A. R. Silva wrote:
> One of the more common cases of allocation size calculations is finding
> the size of a structure that has a zero-sized array at the end, along
> with memory for some number of elements for that array. For example:
> 
> struct foo {
>    int stuff;
>    struct boo entry[];
> };
> 
> instance = kzalloc(sizeof(struct foo) + count * sizeof(struct boo), GFP_KERNEL);
> 
> Instead of leaving these open-coded and prone to type mistakes, we can
> now use the new struct_size() helper:
> 
> instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
> 
> This code was detected with the help of Coccinelle.
> 
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
>  security/integrity/ima/ima_template.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
> index b631b8bc7624..b945dff2ed14 100644
> --- a/security/integrity/ima/ima_template.c
> +++ b/security/integrity/ima/ima_template.c
> @@ -281,9 +281,8 @@ static int ima_restore_template_data(struct ima_template_desc *template_desc,
>  	int ret = 0;
>  	int i;
>  
> -	*entry = kzalloc(sizeof(**entry) +
> -		    template_desc->num_fields * sizeof(struct ima_field_data),
> -		    GFP_NOFS);
> +	*entry = kzalloc(struct_size(*entry, template_data,
> +				     template_desc->num_fields), GFP_NOFS);
>  	if (!*entry)
>  		return -ENOMEM;
>  
>
Mimi Zohar Aug. 28, 2019, 6:46 p.m. UTC | #2 
On Wed, 2019-08-28 at 13:29 -0500, Gustavo A. R. Silva wrote:
> Hi all,
> 
> Friendly ping:
> 
> Who can take this, please?

Thank you for the reminder.  I'm just getting back from LSS and a very
short vacation.  I'll look at it shortly.

Mimi
Gustavo A. R. Silva Aug. 28, 2019, 6:51 p.m. UTC | #3 
On 8/28/19 1:46 PM, Mimi Zohar wrote:
> On Wed, 2019-08-28 at 13:29 -0500, Gustavo A. R. Silva wrote:
>> Hi all,
>>
>> Friendly ping:
>>
>> Who can take this, please?
> 
> Thank you for the reminder.  I'm just getting back from LSS and a very
> short vacation.  I'll look at it shortly.
> 

Thanks, Mimi.

--
Gustavo
Mimi Zohar Aug. 29, 2019, 3:45 a.m. UTC | #4 
Hi Gustavo,

On Wed, 2019-08-28 at 13:29 -0500, Gustavo A. R. Silva wrote:
> On 5/29/19 11:53 AM, Gustavo A. R. Silva wrote:
> > One of the more common cases of allocation size calculations is finding
> > the size of a structure that has a zero-sized array at the end, along
> > with memory for some number of elements for that array. For example:
> > 
> > struct foo {
> >    int stuff;
> >    struct boo entry[];
> > };
> > 
> > instance = kzalloc(sizeof(struct foo) + count * sizeof(struct boo), GFP_KERNEL);
> > 
> > Instead of leaving these open-coded and prone to type mistakes, we can
> > now use the new struct_size() helper:
> > 
> > instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
> > 
> > This code was detected with the help of Coccinelle.
> > 
> > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> > ---
> >  security/integrity/ima/ima_template.c | 5 ++---
> >  1 file changed, 2 insertions(+), 3 deletions(-)
> > 
> > diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
> > index b631b8bc7624..b945dff2ed14 100644
> > --- a/security/integrity/ima/ima_template.c
> > +++ b/security/integrity/ima/ima_template.c
> > @@ -281,9 +281,8 @@ static int ima_restore_template_data(struct ima_template_desc *template_desc,
> >  	int ret = 0;
> >  	int i;
> >  
> > -	*entry = kzalloc(sizeof(**entry) +
> > -		    template_desc->num_fields * sizeof(struct ima_field_data),
> > -		    GFP_NOFS);
> > +	*entry = kzalloc(struct_size(*entry, template_data,
> > +				     template_desc->num_fields), GFP_NOFS);
> >  	if (!*entry)
> >  		return -ENOMEM;
> >  
> > 

The same usage exists in ima_api.c: ima_alloc_init_template().  Did
you want to make the change there as well?

thanks,

Mimi
Gustavo A. R. Silva Aug. 29, 2019, 5:16 p.m. UTC | #5 
Hi Mimi,

On 8/28/19 10:45 PM, Mimi Zohar wrote:

> 
> The same usage exists in ima_api.c: ima_alloc_init_template().  Did
> you want to make the change there as well?
> 

Yep. I'll write a patch for that one too.

Thanks
--
Gustavo
diff mbox series

Patch

diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index b631b8bc7624..b945dff2ed14 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -281,9 +281,8 @@  static int ima_restore_template_data(struct ima_template_desc *template_desc,
 	int ret = 0;
 	int i;
 
-	*entry = kzalloc(sizeof(**entry) +
-		    template_desc->num_fields * sizeof(struct ima_field_data),
-		    GFP_NOFS);
+	*entry = kzalloc(struct_size(*entry, template_data,
+				     template_desc->num_fields), GFP_NOFS);
 	if (!*entry)
 		return -ENOMEM;