On Sun, 20 Aug 2023 17:02:42 +0200
Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> wrote:
> If struct_size() returns a value that does not fit in a 'int', the size
> passed to kzalloc() is wrong.
>
> Remove the intermediate 'size' variable and use struct_size() directly.
>
> Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
> ---
> I don't know if 'size' can get bigger than a int in the real world, but the
> change looks safe in any cases.
>
> On x86_64, looking at the .s files, the previous code had an extra:
> movslq %r13d, %r13
> which really looks wrong to me.
If size is bigger than int, then we have much bigger problems than this allocation.
That means count is over 2 billion, and the kzalloc() will fail regardless.
This is an unneeded change.
-- Steve
> ---
> kernel/trace/trace_events_user.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
> index 33cb6af31f39..67cc71a872b0 100644
> --- a/kernel/trace/trace_events_user.c
> +++ b/kernel/trace/trace_events_user.c
> @@ -2153,7 +2153,7 @@ static int user_events_ref_add(struct user_event_file_info *info,
> {
> struct user_event_group *group = info->group;
> struct user_event_refs *refs, *new_refs;
> - int i, size, count = 0;
> + int i, count = 0;
>
> refs = rcu_dereference_protected(info->refs,
> lockdep_is_held(&group->reg_mutex));
> @@ -2166,10 +2166,8 @@ static int user_events_ref_add(struct user_event_file_info *info,
> return i;
> }
>
> - size = struct_size(refs, events, count + 1);
> -
> - new_refs = kzalloc(size, GFP_KERNEL_ACCOUNT);
> -
> + new_refs = kzalloc(struct_size(refs, events, count + 1),
> + GFP_KERNEL_ACCOUNT);
> if (!new_refs)
> return -ENOMEM;
>
