linux-hardening.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH][next] bpf: Use struct_size() in kzalloc()
@ 2021-05-13 21:50 Gustavo A. R. Silva
       [not found] ` <162094681128.5074.13510794749219416919.git-patchwork-notify@kernel.org>
  0 siblings, 1 reply; 2+ messages in thread
From: Gustavo A. R. Silva @ 2021-05-13 21:50 UTC (permalink / raw)
  To: David S. Miller, Jakub Kicinski, Alexei Starovoitov,
	Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau, Song Liu,
	Yonghong Song, John Fastabend, KP Singh
  Cc: netdev, bpf, linux-kernel, Gustavo A. R. Silva, linux-hardening

Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows
that, in the worst scenario, could lead to heap overflows.

This code was detected with the help of Coccinelle and, audited and
fixed manually.

Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 net/core/bpf_sk_storage.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/core/bpf_sk_storage.c b/net/core/bpf_sk_storage.c
index cc3712ad8716..f564f82e91d9 100644
--- a/net/core/bpf_sk_storage.c
+++ b/net/core/bpf_sk_storage.c
@@ -524,8 +524,7 @@ bpf_sk_storage_diag_alloc(const struct nlattr *nla_stgs)
 			nr_maps++;
 	}
 
-	diag = kzalloc(sizeof(*diag) + sizeof(diag->maps[0]) * nr_maps,
-		       GFP_KERNEL);
+	diag = kzalloc(struct_size(diag, maps, nr_maps), GFP_KERNEL);
 	if (!diag)
 		return ERR_PTR(-ENOMEM);
 
-- 
2.27.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH][next] bpf: Use struct_size() in kzalloc()
       [not found] ` <162094681128.5074.13510794749219416919.git-patchwork-notify@kernel.org>
@ 2021-05-13 23:06   ` Gustavo A. R. Silva
  0 siblings, 0 replies; 2+ messages in thread
From: Gustavo A. R. Silva @ 2021-05-13 23:06 UTC (permalink / raw)
  To: patchwork-bot+netdevbpf, Gustavo A. R. Silva
  Cc: davem, kuba, ast, daniel, andrii, kafai, songliubraving, yhs,
	john.fastabend, kpsingh, netdev, bpf, linux-kernel,
	linux-hardening



On 5/13/21 18:00, patchwork-bot+netdevbpf@kernel.org wrote:
> Hello:
> 
> This patch was applied to netdev/net-next.git (refs/heads/master):

[..]

> Here is the summary with links:
>   - [next] bpf: Use struct_size() in kzalloc()
>     https://git.kernel.org/netdev/net-next/c/fe0bdaec8dea

Awesome. :)

Thanks, Dave.
--
Gustavo

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-13 23:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-13 21:50 [PATCH][next] bpf: Use struct_size() in kzalloc() Gustavo A. R. Silva
     [not found] ` <162094681128.5074.13510794749219416919.git-patchwork-notify@kernel.org>
2021-05-13 23:06   ` Gustavo A. R. Silva

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).