On Wed, May 17, 2023 at 04:33:14PM -0700, Kees Cook wrote: > sc = kmem_cache_create(conf->cache_name[conf->active_name], > - sizeof(struct stripe_head)+(devs-1)*sizeof(struct r5dev), > + struct_size((struct stripe_head *)0, dev, devs), > 0, 0, NULL); > if (!sc) > return 1; > @@ -2559,7 +2559,7 @@ static int resize_stripes(struct r5conf *conf, int newsize) > > /* Step 1 */ > sc = kmem_cache_create(conf->cache_name[1-conf->active_name], > - sizeof(struct stripe_head)+(newsize-1)*sizeof(struct r5dev), > + struct_size((struct stripe_head *)0, dev, newsize), The constant you're casting here should be NULL, not 0. Also given that this expression is duplicated, I'd suggest a little helper for it… > - } dev[1]; /* allocated with extra space depending of RAID geometry */ > + } dev[]; /* allocated with extra space depending of RAID geometry */ And this isn't extra space over the single entry anymore, so I'd change this to: /* allocated depending of RAID geometry */
