linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] powerpc/ps3: Use struct_size() in kzalloc()
@ 2019-01-08 21:00 Gustavo A. R. Silva
  2019-01-16 17:21 ` Geoff Levand
  2019-01-24  3:40 ` Michael Ellerman
  0 siblings, 2 replies; 5+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-08 21:00 UTC (permalink / raw)
  To: Geoff Levand, Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman
  Cc: linuxppc-dev, linux-kernel, Gustavo A. R. Silva

One of the more common cases of allocation size calculations is finding the
size of a structure that has a zero-sized array at the end, along with memory
for some number of elements for that array. For example:

struct foo {
    int stuff;
    void *entry[];
};

instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);

Instead of leaving these open-coded and prone to type mistakes, we can now
use the new struct_size() helper:

instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
 arch/powerpc/platforms/ps3/device-init.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/arch/powerpc/platforms/ps3/device-init.c b/arch/powerpc/platforms/ps3/device-init.c
index e7075aaff1bb..59587b75493d 100644
--- a/arch/powerpc/platforms/ps3/device-init.c
+++ b/arch/powerpc/platforms/ps3/device-init.c
@@ -354,9 +354,7 @@ static int ps3_setup_storage_dev(const struct ps3_repository_device *repo,
 		 repo->dev_index, repo->dev_type, port, blk_size, num_blocks,
 		 num_regions);
 
-	p = kzalloc(sizeof(struct ps3_storage_device) +
-		    num_regions * sizeof(struct ps3_storage_region),
-		    GFP_KERNEL);
+	p = kzalloc(struct_size(p, regions, num_regions), GFP_KERNEL);
 	if (!p) {
 		result = -ENOMEM;
 		goto fail_malloc;
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] powerpc/ps3: Use struct_size() in kzalloc()
  2019-01-08 21:00 [PATCH] powerpc/ps3: Use struct_size() in kzalloc() Gustavo A. R. Silva
@ 2019-01-16 17:21 ` Geoff Levand
  2019-01-16 17:46   ` Gustavo A. R. Silva
  2019-01-24  3:40 ` Michael Ellerman
  1 sibling, 1 reply; 5+ messages in thread
From: Geoff Levand @ 2019-01-16 17:21 UTC (permalink / raw)
  To: Gustavo A. R. Silva, Benjamin Herrenschmidt, Paul Mackerras,
	Michael Ellerman
  Cc: linuxppc-dev, linux-kernel

Hi Gustavo,

On 1/8/19 1:00 PM, Gustavo A. R. Silva wrote:
> One of the more common cases of allocation size calculations is finding the
> size of a structure that has a zero-sized array at the end, along with memory
> for some number of elements for that array. For example:
> 
> struct foo {
>     int stuff;
>     void *entry[];
> };
> 
> instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
> 
> Instead of leaving these open-coded and prone to type mistakes, we can now
> use the new struct_size() helper:
> 
> instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
> 
> This code was detected with the help of Coccinelle.
> 
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
>  arch/powerpc/platforms/ps3/device-init.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/arch/powerpc/platforms/ps3/device-init.c b/arch/powerpc/platforms/ps3/device-init.c
> index e7075aaff1bb..59587b75493d 100644
> --- a/arch/powerpc/platforms/ps3/device-init.c
> +++ b/arch/powerpc/platforms/ps3/device-init.c
> @@ -354,9 +354,7 @@ static int ps3_setup_storage_dev(const struct ps3_repository_device *repo,
>  		 repo->dev_index, repo->dev_type, port, blk_size, num_blocks,
>  		 num_regions);
>  
> -	p = kzalloc(sizeof(struct ps3_storage_device) +
> -		    num_regions * sizeof(struct ps3_storage_region),
> -		    GFP_KERNEL);
> +	p = kzalloc(struct_size(p, regions, num_regions), GFP_KERNEL);
>  	if (!p) {
>  		result = -ENOMEM;
>  		goto fail_malloc;
It seems to me the motivation for this change is just to have a
code change.  As I've said for other similar patches, I'm reluctant
to accept such trivial changes to the PS3 code because it makes
it harder for me to maintain the code in the long term.  When I
need to do a git bisect to track down a problem I generally have
a set of debugging patches that I apply on top of the bisect.  A
change to the code like this creates the potential for a patch
conflict that I then need to manually edit to resolve.

If this change was for relatively new code, or better, for a patch
that was submitted but not yet merged, then my feelings would be
different.  I think it would be really useful to have something
that scans patches in patchwork.

-Geoff

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] powerpc/ps3: Use struct_size() in kzalloc()
  2019-01-16 17:21 ` Geoff Levand
@ 2019-01-16 17:46   ` Gustavo A. R. Silva
  0 siblings, 0 replies; 5+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-16 17:46 UTC (permalink / raw)
  To: Geoff Levand, Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman
  Cc: linuxppc-dev, linux-kernel

Hi Geoff,

On 1/16/19 11:21 AM, Geoff Levand wrote:
> Hi Gustavo,
> 
> On 1/8/19 1:00 PM, Gustavo A. R. Silva wrote:
>> One of the more common cases of allocation size calculations is finding the
>> size of a structure that has a zero-sized array at the end, along with memory
>> for some number of elements for that array. For example:
>>
>> struct foo {
>>      int stuff;
>>      void *entry[];
>> };
>>
>> instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
>>
>> Instead of leaving these open-coded and prone to type mistakes, we can now
>> use the new struct_size() helper:
>>
>> instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
>>
>> This code was detected with the help of Coccinelle.
>>
>> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
>> ---
>>   arch/powerpc/platforms/ps3/device-init.c | 4 +---
>>   1 file changed, 1 insertion(+), 3 deletions(-)
>>
>> diff --git a/arch/powerpc/platforms/ps3/device-init.c b/arch/powerpc/platforms/ps3/device-init.c
>> index e7075aaff1bb..59587b75493d 100644
>> --- a/arch/powerpc/platforms/ps3/device-init.c
>> +++ b/arch/powerpc/platforms/ps3/device-init.c
>> @@ -354,9 +354,7 @@ static int ps3_setup_storage_dev(const struct ps3_repository_device *repo,
>>   		 repo->dev_index, repo->dev_type, port, blk_size, num_blocks,
>>   		 num_regions);
>>   
>> -	p = kzalloc(sizeof(struct ps3_storage_device) +
>> -		    num_regions * sizeof(struct ps3_storage_region),
>> -		    GFP_KERNEL);
>> +	p = kzalloc(struct_size(p, regions, num_regions), GFP_KERNEL);
>>   	if (!p) {
>>   		result = -ENOMEM;
>>   		goto fail_malloc;
> It seems to me the motivation for this change is just to have a
> code change.  As I've said for other similar patches, I'm reluctant
> to accept such trivial changes to the PS3 code because it makes
> it harder for me to maintain the code in the long term.  When I
> need to do a git bisect to track down a problem I generally have
> a set of debugging patches that I apply on top of the bisect.  A
> change to the code like this creates the potential for a patch
> conflict that I then need to manually edit to resolve.
> 

This patch is part of a treewide effort aimed at preventing potential
integer overflows during allocation. As the commit log says, the
intention is to promote the use of struct_size instead of an
open-coded form that can be prone to mistakes. This macro is a
defense-in-depth strategy against overflows and it is a good idea
to use it as widely as possible.

I'm not stopping to see how old the code is. I'm only focusing on the
particular context of the memory allocation to understand what is the
name of the zero-sized array that should be used for struct_size(),
and if this macro can accurately replace the open-coded form.

> If this change was for relatively new code, or better, for a patch
> that was submitted but not yet merged, then my feelings would be
> different.  I think it would be really useful to have something
> that scans patches in patchwork.
> 

I understand your point.

Thanks
--
Gustavo

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: powerpc/ps3: Use struct_size() in kzalloc()
  2019-01-08 21:00 [PATCH] powerpc/ps3: Use struct_size() in kzalloc() Gustavo A. R. Silva
  2019-01-16 17:21 ` Geoff Levand
@ 2019-01-24  3:40 ` Michael Ellerman
  2019-01-24 17:38   ` Gustavo A. R. Silva
  1 sibling, 1 reply; 5+ messages in thread
From: Michael Ellerman @ 2019-01-24  3:40 UTC (permalink / raw)
  To: Gustavo A. R. Silva, Geoff Levand, Benjamin Herrenschmidt,
	Paul Mackerras
  Cc: linuxppc-dev, linux-kernel, Gustavo A. R. Silva

On Tue, 2019-01-08 at 21:00:10 UTC, "Gustavo A. R. Silva" wrote:
> One of the more common cases of allocation size calculations is finding the
> size of a structure that has a zero-sized array at the end, along with memory
> for some number of elements for that array. For example:
> 
> struct foo {
>     int stuff;
>     void *entry[];
> };
> 
> instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
> 
> Instead of leaving these open-coded and prone to type mistakes, we can now
> use the new struct_size() helper:
> 
> instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
> 
> This code was detected with the help of Coccinelle.
> 
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/31367b9a01d6a3f4f77694bd44f547d6

cheers

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: powerpc/ps3: Use struct_size() in kzalloc()
  2019-01-24  3:40 ` Michael Ellerman
@ 2019-01-24 17:38   ` Gustavo A. R. Silva
  0 siblings, 0 replies; 5+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-24 17:38 UTC (permalink / raw)
  To: Michael Ellerman, Geoff Levand, Benjamin Herrenschmidt, Paul Mackerras
  Cc: linuxppc-dev, linux-kernel



On 1/23/19 9:40 PM, Michael Ellerman wrote:
> On Tue, 2019-01-08 at 21:00:10 UTC, "Gustavo A. R. Silva" wrote:
>> One of the more common cases of allocation size calculations is finding the
>> size of a structure that has a zero-sized array at the end, along with memory
>> for some number of elements for that array. For example:
>>
>> struct foo {
>>     int stuff;
>>     void *entry[];
>> };
>>
>> instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
>>
>> Instead of leaving these open-coded and prone to type mistakes, we can now
>> use the new struct_size() helper:
>>
>> instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
>>
>> This code was detected with the help of Coccinelle.
>>
>> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> 
> Applied to powerpc next, thanks.
> 
> https://git.kernel.org/powerpc/c/31367b9a01d6a3f4f77694bd44f547d6
> 

Thanks, Michael.

--
Gustavo

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-01-24 17:38 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-08 21:00 [PATCH] powerpc/ps3: Use struct_size() in kzalloc() Gustavo A. R. Silva
2019-01-16 17:21 ` Geoff Levand
2019-01-16 17:46   ` Gustavo A. R. Silva
2019-01-24  3:40 ` Michael Ellerman
2019-01-24 17:38   ` Gustavo A. R. Silva

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).