On September 17, 2023 5:25:10 PM PDT, Xiubo Li <xiubli@xxxxxxxxxx> wrote:
>
>On 9/16/23 04:15, Kees Cook wrote:
> > [...]
>> Additionally, since the element count member must be set before accessing
>> the annotated flexible array member, move its initialization earlier.
>>
>> [...]
>> diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
>> index faabad6603db..f263f7e91a21 100644
>> --- a/net/ceph/mon_client.c
>> +++ b/net/ceph/mon_client.c
>> @@ -1136,6 +1136,7 @@ static int build_initial_monmap(struct ceph_mon_client *monc)
>> GFP_KERNEL);
>> if (!monc->monmap)
>> return -ENOMEM;
>> + monc->monmap->num_mon = num_mon;
>> for (i = 0; i < num_mon; i++) {
>> struct ceph_entity_inst *inst = &monc->monmap->mon_inst[i];
>> @@ -1147,7 +1148,6 @@ static int build_initial_monmap(struct ceph_mon_client *monc)
>> inst->name.type = CEPH_ENTITY_TYPE_MON;
>> inst->name.num = cpu_to_le64(i);
>> }
>> - monc->monmap->num_mon = num_mon;
>
>BTW, is this change related ?
Yes, this is needed so that the __counted_by size is set before accessing the flexible array.
>
>> return 0;
>> }
>>
>
>Else LGTM.
>
>Reviewed-by: Xiubo Li <xiubli@xxxxxxxxxx>
Thanks!
--
Kees Cook
