On 01/11/24 04:15, Jan Kara wrote:
On Thu 31-10-24 17:31:34, Gustavo A. R. Silva wrote:
On 31/10/24 15:32, Jan Kara wrote:
`sizeof(ctx) == 4` when `char ctx[JBD_MAX_CHECKSUM_SIZE];`
To maintain the same size, we tell `DEFINE_RAW_FLEX()` to allocate `1`
element for the flex array, as in 32-bit `sizeof(void *) == 4`.
So I agree we end up allocating enough space on stack but it is pretty
subtle and if JBD_MAX_CHECKSUM_SIZE definition changes, we have a problem.
I think we need something like (JBD_MAX_CHECKSUM_SIZE + sizeof(*desc->__ctx)
- 1) / sizeof(*desc->__ctx))?
I see. Well, in that case it'd be something more like:
- struct {
- struct shash_desc shash;
- char ctx[JBD_MAX_CHECKSUM_SIZE];
- } desc;
+ DEFINE_RAW_FLEX(struct shash_desc, desc, __ctx,
+ (JBD_MAX_CHECKSUM_SIZE +
+ sizeof(*((struct shash_desc *)0)->__ctx)) /
+ sizeof(*((struct shash_desc *)0)->__ctx));
Notice that `desc` is created inside `DEFINE_RAW_FLEX()`
Right. Thanks for fixing this. The cleanest option then probably is:
DEFINE_RAW_FLEX(struct shash_desc, desc, __ctx,
DIV_ROUND_UP(JBD_MAX_CHECKSUM_SIZE,
sizeof(*((struct shash_desc *)0)->__ctx)))
OK. There you go v2:
https://lore.kernel.org/linux-hardening/ZyU94w0IALVhc9Jy@kspp/
Thanks a lot for the feedback. :)
--
Gustavo
