Re: [PATCH net-next] udp_tunnel: Use flex array to simplify code

Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx> · Mon, 25 Sep 2023 22:50:24 +0200

On Mon, Sep 25, 2023 at 6:26 PM Christophe JAILLET
<christophe.jaillet@xxxxxxxxxx> wrote:
>
> Le 24/09/2023 à 18:00, Willem de Bruijn a écrit :
> > Christophe JAILLET wrote:
> >> 'n_tables' is small, UDP_TUNNEL_NIC_MAX_TABLES       = 4 as a maximum. So there
> >> is no real point to allocate the 'entries' pointers array with a dedicate
> >> memory allocation.
> >>
> >> Using a flexible array for struct udp_tunnel_nic->entries avoids the
> >> overhead of an additional memory allocation.
> >>
> >> This also saves an indirection when the array is accessed.
> >>
> >> Finally, __counted_by() can be used for run-time bounds checking if
> >> configured and supported by the compiler.
> >>
> >> Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>

Reviewed-by: Willem de Bruijn <willemb@xxxxxxxxxx>

> >> ---
> >>   net/ipv4/udp_tunnel_nic.c | 11 ++---------
> >>   1 file changed, 2 insertions(+), 9 deletions(-)
> >>
> >> diff --git a/net/ipv4/udp_tunnel_nic.c b/net/ipv4/udp_tunnel_nic.c
> >> index 029219749785..b6d2d16189c0 100644
> >> --- a/net/ipv4/udp_tunnel_nic.c
> >> +++ b/net/ipv4/udp_tunnel_nic.c
> >> @@ -47,7 +47,7 @@ struct udp_tunnel_nic {
> >>
> >>      unsigned int n_tables;
> >>      unsigned long missed;
> >> -    struct udp_tunnel_nic_table_entry **entries;
> >> +    struct udp_tunnel_nic_table_entry *entries[] __counted_by(n_tables);
> >>   };
> >>
> >>   /* We ensure all work structs are done using driver state, but not the code.
> >> @@ -725,16 +725,12 @@ udp_tunnel_nic_alloc(const struct udp_tunnel_nic_info *info,
> >>      struct udp_tunnel_nic *utn;
> >>      unsigned int i;
> >>
> >> -    utn = kzalloc(sizeof(*utn), GFP_KERNEL);
> >> +    utn = kzalloc(struct_size(utn, entries, n_tables), GFP_KERNEL);
> >>      if (!utn)
> >>              return NULL;
> >>      utn->n_tables = n_tables;
> >
> > Should utn->n_tables be initialized before first use of
> > struct_size(utn, entries, n_tables)?
> >
>
> It can't be.
> struct_size() is used to compute the memory size to allocate.
>
> Before the kzalloc() call, utn does not exist, so we can't write
> anything to utn->n_tables. It is undefined at this point.
>
> It is initialized the line just after, after the allocation, but before
> any use.

Of course, sorry. I confused __counted_by's reference to a field
member in the struct, with the normal argument passing of struct_size
and flex_array_size.