On Mon, Jun 10, 2019 at 10:04:12AM -0500, Gustavo A. R. Silva wrote:
> One of the more common cases of allocation size calculations is finding
> the size of a structure that has a zero-sized array at the end, along
> with memory for some number of elements for that array. For example:
>
> struct bio_map_data {
> ...
> struct iovec iov[];
> };
>
> instance = kmalloc(sizeof(sizeof(struct bio_map_data) + sizeof(struct iovec) *
> count, GFP_KERNEL);
>
> Instead of leaving these open-coded and prone to type mistakes, we can
> now use the new struct_size() helper:
>
> instance = kmalloc(struct_size(instance, iov, count), GFP_KERNEL);
>
> This code was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx>
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
-Kees
> ---
> block/bio.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/block/bio.c b/block/bio.c
> index 683cbb40f051..4bcdcd3f63f4 100644
> --- a/block/bio.c
> +++ b/block/bio.c
> @@ -1120,8 +1120,7 @@ static struct bio_map_data *bio_alloc_map_data(struct iov_iter *data,
> if (data->nr_segs > UIO_MAXIOV)
> return NULL;
>
> - bmd = kmalloc(sizeof(struct bio_map_data) +
> - sizeof(struct iovec) * data->nr_segs, gfp_mask);
> + bmd = kmalloc(struct_size(bmd, iov, data->nr_segs), gfp_mask);
> if (!bmd)
> return NULL;
> memcpy(bmd->iov, data->iov, sizeof(struct iovec) * data->nr_segs);
> --
> 2.21.0
>
--
Kees Cook
