| Message ID | 20220525012617.6915-1-guozihua@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3] keys: Use struct_size and size_add helper with alloc | expand |
On Wed, 2022-05-25 at 09:26 +0800, GUO Zihua wrote: > Use struct_size helper for calculating size of flexible struct, following > the best practice. > > Note: HASH_SIZE here is a SHA256_DIGEST_SIZE whoes value is 32, so ~~~~~ > adding 1 should be fine here. Where? '1' is without a context. I don't really know how to interpret this sentence. > > Link: https://lore.kernel.org/all/CAHk-=wiGWjxs7EVUpccZEi6esvjpHJdgHQ=vtUeJ5crL62hx9A@mail.gmail.com/ > Signed-off-by: GUO Zihua <guozihua@huawei.com> > > --- > > v3: > Update commit message format according to Jarkko's feedback. > v2: > Update the commit message, removing the part about "potential issue" > following Jarkko's suggestion. > > --- > security/keys/encrypted-keys/encrypted.c | 7 +++++-- > security/keys/user_defined.c | 2 +- > 2 files changed, 6 insertions(+), 3 deletions(-) > > diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c > index e05cfc2e49ae..37349580e855 100644 > --- a/security/keys/encrypted-keys/encrypted.c > +++ b/security/keys/encrypted-keys/encrypted.c > @@ -613,6 +613,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, > long dlen; > int i; > int ret; > + size_t epayload_datalen = 0; > > ret = kstrtol(datalen, 10, &dlen); > if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE) > @@ -667,8 +668,10 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, > if (ret < 0) > return ERR_PTR(ret); > > - epayload = kzalloc(sizeof(*epayload) + payload_datalen + > - datablob_len + HASH_SIZE + 1, GFP_KERNEL); > + epayload_datalen = size_add(payload_datalen, datablob_len); > + epayload_datalen = size_add(epayload_datalen, HASH_SIZE + 1); > + epayload = kzalloc(struct_size(epayload, payload_data, > + epayload_datalen), GFP_KERNEL); > if (!epayload) > return ERR_PTR(-ENOMEM); > > diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c > index 749e2a4dcb13..334fed36e9f3 100644 > --- a/security/keys/user_defined.c > +++ b/security/keys/user_defined.c > @@ -64,7 +64,7 @@ int user_preparse(struct key_preparsed_payload *prep) > if (datalen <= 0 || datalen > 32767 || !prep->data) > return -EINVAL; > > - upayload = kmalloc(sizeof(*upayload) + datalen, GFP_KERNEL); > + upayload = kmalloc(struct_size(upayload, data, datalen), GFP_KERNEL); > if (!upayload) > return -ENOMEM; > BR, Jarkko
On 2022/5/26 9:06, Jarkko Sakkinen wrote: > On Wed, 2022-05-25 at 09:26 +0800, GUO Zihua wrote: >> Use struct_size helper for calculating size of flexible struct, following >> the best practice. >> >> Note: HASH_SIZE here is a SHA256_DIGEST_SIZE whoes value is 32, so > ~~~~~ > >> adding 1 should be fine here. > > Where? '1' is without a context. I don't really know how to interpret > this sentence. Hi Jarkko, The original code computes the size for kzalloc with open-coded HASH_SIZE + 1. Although the best practice for size computation suggest that we should be using size_add(). I figure it's a bit redundant here as the purpose of size_add() is to avoid size overflow and adding 32 with 1 will not trigger a size overflow. Maybe I should just use size_add() anyway? Please lemme know and I'll update the patch or the commit message. > >> >> Link: https://lore.kernel.org/all/CAHk-=wiGWjxs7EVUpccZEi6esvjpHJdgHQ=vtUeJ5crL62hx9A@mail.gmail.com/ >> Signed-off-by: GUO Zihua <guozihua@huawei.com> >> >> --- >> >> v3: >> Update commit message format according to Jarkko's feedback. >> v2: >> Update the commit message, removing the part about "potential issue" >> following Jarkko's suggestion. >> >> --- >> security/keys/encrypted-keys/encrypted.c | 7 +++++-- >> security/keys/user_defined.c | 2 +- >> 2 files changed, 6 insertions(+), 3 deletions(-) >> >> diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c >> index e05cfc2e49ae..37349580e855 100644 >> --- a/security/keys/encrypted-keys/encrypted.c >> +++ b/security/keys/encrypted-keys/encrypted.c >> @@ -613,6 +613,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, >> long dlen; >> int i; >> int ret; >> + size_t epayload_datalen = 0; >> >> ret = kstrtol(datalen, 10, &dlen); >> if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE) >> @@ -667,8 +668,10 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, >> if (ret < 0) >> return ERR_PTR(ret); >> >> - epayload = kzalloc(sizeof(*epayload) + payload_datalen + >> - datablob_len + HASH_SIZE + 1, GFP_KERNEL); >> + epayload_datalen = size_add(payload_datalen, datablob_len); >> + epayload_datalen = size_add(epayload_datalen, HASH_SIZE + 1); BTW, the "here" is here. >> + epayload = kzalloc(struct_size(epayload, payload_data, >> + epayload_datalen), GFP_KERNEL); >> if (!epayload) >> return ERR_PTR(-ENOMEM); >> >> diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c >> index 749e2a4dcb13..334fed36e9f3 100644 >> --- a/security/keys/user_defined.c >> +++ b/security/keys/user_defined.c >> @@ -64,7 +64,7 @@ int user_preparse(struct key_preparsed_payload *prep) >> if (datalen <= 0 || datalen > 32767 || !prep->data) >> return -EINVAL; >> >> - upayload = kmalloc(sizeof(*upayload) + datalen, GFP_KERNEL); >> + upayload = kmalloc(struct_size(upayload, data, datalen), GFP_KERNEL); >> if (!upayload) >> return -ENOMEM; >> > > BR, Jarkko
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index e05cfc2e49ae..37349580e855 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -613,6 +613,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, long dlen; int i; int ret; + size_t epayload_datalen = 0; ret = kstrtol(datalen, 10, &dlen); if (ret < 0 || dlen < MIN_DATA_SIZE || dlen > MAX_DATA_SIZE) @@ -667,8 +668,10 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, if (ret < 0) return ERR_PTR(ret); - epayload = kzalloc(sizeof(*epayload) + payload_datalen + - datablob_len + HASH_SIZE + 1, GFP_KERNEL); + epayload_datalen = size_add(payload_datalen, datablob_len); + epayload_datalen = size_add(epayload_datalen, HASH_SIZE + 1); + epayload = kzalloc(struct_size(epayload, payload_data, + epayload_datalen), GFP_KERNEL); if (!epayload) return ERR_PTR(-ENOMEM); diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 749e2a4dcb13..334fed36e9f3 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -64,7 +64,7 @@ int user_preparse(struct key_preparsed_payload *prep) if (datalen <= 0 || datalen > 32767 || !prep->data) return -EINVAL; - upayload = kmalloc(sizeof(*upayload) + datalen, GFP_KERNEL); + upayload = kmalloc(struct_size(upayload, data, datalen), GFP_KERNEL); if (!upayload) return -ENOMEM;
Use struct_size helper for calculating size of flexible struct, following the best practice. Note: HASH_SIZE here is a SHA256_DIGEST_SIZE whoes value is 32, so adding 1 should be fine here. Link: https://lore.kernel.org/all/CAHk-=wiGWjxs7EVUpccZEi6esvjpHJdgHQ=vtUeJ5crL62hx9A@mail.gmail.com/ Signed-off-by: GUO Zihua <guozihua@huawei.com> --- v3: Update commit message format according to Jarkko's feedback. v2: Update the commit message, removing the part about "potential issue" following Jarkko's suggestion. --- security/keys/encrypted-keys/encrypted.c | 7 +++++-- security/keys/user_defined.c | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-)