From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Alejandro Colomar <alx@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Jamal Hadi Salim <jhs@mojatatu.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 04/62] net: sched: cls_u32: Fix allocation size in u32_init()
Date: Mon, 6 Nov 2023 14:03:10 +0100 [thread overview]
Message-ID: <20231106130301.982143996@linuxfoundation.org> (raw)
In-Reply-To: <20231106130301.807965064@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit c4d49196ceec80e30e8d981410d73331b49b7850 ]
commit d61491a51f7e ("net/sched: cls_u32: Replace one-element array
with flexible-array member") incorrecly replaced an instance of
`sizeof(*tp_c)` with `struct_size(tp_c, hlist->ht, 1)`. This results
in a an over-allocation of 8 bytes.
This change is wrong because `hlist` in `struct tc_u_common` is a
pointer:
net/sched/cls_u32.c:
struct tc_u_common {
struct tc_u_hnode __rcu *hlist;
void *ptr;
int refcnt;
struct idr handle_idr;
struct hlist_node hnode;
long knodes;
};
So, the use of `struct_size()` makes no sense: we don't need to allocate
any extra space for a flexible-array member. `sizeof(*tp_c)` is just fine.
So, `struct_size(tp_c, hlist->ht, 1)` translates to:
sizeof(*tp_c) + sizeof(tp_c->hlist->ht) ==
sizeof(struct tc_u_common) + sizeof(struct tc_u_knode *) ==
144 + 8 == 0x98 (byes)
^^^
|
unnecessary extra
allocation size
$ pahole -C tc_u_common net/sched/cls_u32.o
struct tc_u_common {
struct tc_u_hnode * hlist; /* 0 8 */
void * ptr; /* 8 8 */
int refcnt; /* 16 4 */
/* XXX 4 bytes hole, try to pack */
struct idr handle_idr; /* 24 96 */
/* --- cacheline 1 boundary (64 bytes) was 56 bytes ago --- */
struct hlist_node hnode; /* 120 16 */
/* --- cacheline 2 boundary (128 bytes) was 8 bytes ago --- */
long int knodes; /* 136 8 */
/* size: 144, cachelines: 3, members: 6 */
/* sum members: 140, holes: 1, sum holes: 4 */
/* last cacheline: 16 bytes */
};
And with `sizeof(*tp_c)`, we have:
sizeof(*tp_c) == sizeof(struct tc_u_common) == 144 == 0x90 (bytes)
which is the correct and original allocation size.
Fix this issue by replacing `struct_size(tp_c, hlist->ht, 1)` with
`sizeof(*tp_c)`, and avoid allocating 8 too many bytes.
The following difference in binary output is expected and reflects the
desired change:
| net/sched/cls_u32.o
| @@ -6148,7 +6148,7 @@
| include/linux/slab.h:599
| 2cf5: mov 0x0(%rip),%rdi # 2cfc <u32_init+0xfc>
| 2cf8: R_X86_64_PC32 kmalloc_caches+0xc
|- 2cfc: mov $0x98,%edx
|+ 2cfc: mov $0x90,%edx
Reported-by: Alejandro Colomar <alx@kernel.org>
Closes: https://lore.kernel.org/lkml/09b4a2ce-da74-3a19-6961-67883f634d98@kernel.org/
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/cls_u32.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index ba93e2a6bdbb4..04448bfb4d3db 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -364,7 +364,7 @@ static int u32_init(struct tcf_proto *tp)
idr_init(&root_ht->handle_idr);
if (tp_c == NULL) {
- tp_c = kzalloc(struct_size(tp_c, hlist->ht, 1), GFP_KERNEL);
+ tp_c = kzalloc(sizeof(*tp_c), GFP_KERNEL);
if (tp_c == NULL) {
kfree(root_ht);
return -ENOBUFS;
--
2.42.0
next prev parent reply other threads:[~2023-11-06 13:12 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-06 13:03 [PATCH 6.1 00/62] 6.1.62-rc1 review Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 01/62] ASoC: simple-card: fixup asoc_simple_probe() error handling Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 02/62] coresight: tmc-etr: Disable warnings for allocation failures Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 03/62] ASoC: tlv320adc3xxx: BUG: Correct micbias setting Greg Kroah-Hartman
2023-11-06 13:03 ` Greg Kroah-Hartman [this message]
2023-11-06 13:03 ` [PATCH 6.1 05/62] irqchip/riscv-intc: Mark all INTC nodes as initialized Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 06/62] irqchip/stm32-exti: add missing DT IRQ flag translation Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 07/62] dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 08/62] powerpc/85xx: Fix math emulation exception Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 09/62] Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 10/62] fbdev: atyfb: only use ioremap_uc() on i386 and ia64 Greg Kroah-Hartman
2023-11-06 13:03 ` Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 11/62] fs/ntfs3: Add ckeck in ni_update_parent() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 12/62] fs/ntfs3: Write immediately updated ntfs state Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 13/62] fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN) Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 14/62] fs/ntfs3: Fix possible NULL-ptr-deref in ni_readpage_cmpr() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 15/62] fs/ntfs3: Fix NULL pointer dereference on error in attr_allocate_frame() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 16/62] fs/ntfs3: Fix directory element type detection Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 17/62] fs/ntfs3: Avoid possible memory leak Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 18/62] spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 19/62] netfilter: nfnetlink_log: silence bogus compiler warning Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 20/62] efi: fix memory leak in krealloc failure handling Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 21/62] ASoC: rt5650: fix the wrong result of key button Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 22/62] ASoC: codecs: tas2780: Fix log of failed reset via I2C Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 23/62] drm/ttm: Reorder sys manager cleanup step Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 24/62] fbdev: omapfb: fix some error codes Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 25/62] fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 26/62] scsi: mpt3sas: Fix in error path Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 27/62] drm/amdgpu: Unset context priority is now invalid Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 28/62] gpu/drm: Eliminate DRM_SCHED_PRIORITY_UNSET Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 29/62] LoongArch: Export symbol invalid_pud_table for modules building Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 30/62] LoongArch: Replace kmap_atomic() with kmap_local_page() in copy_user_highpage() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 31/62] netfilter: nf_tables: audit log object reset once per table Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 32/62] platform/mellanox: mlxbf-tmfifo: Fix a warning message Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 33/62] drm/amdgpu: Reserve fences for VM update Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 34/62] net: chelsio: cxgb4: add an error code check in t4_load_phy_fw Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 35/62] r8152: Check for unplug in rtl_phy_patch_request() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 36/62] r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 37/62] powerpc/mm: Fix boot crash with FLATMEM Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 38/62] io_uring: kiocb_done() should *not* trust ->ki_pos if ->{read,write}_iter() failed Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 39/62] ceph_wait_on_conflict_unlink(): grab reference before dropping ->d_lock Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 40/62] power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 41/62] perf evlist: Avoid frequency mode for the dummy event Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 42/62] x86: KVM: SVM: always update the x2avic msr interception Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 43/62] mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 44/62] mmap: fix error paths with dup_anon_vma() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 45/62] ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 46/62] PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 47/62] usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 48/62] usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 49/62] usb: raw-gadget: properly handle interrupted requests Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 50/62] tty: n_gsm: fix race condition in status line change on dead connections Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 51/62] tty: 8250: Remove UC-257 and UC-431 Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 52/62] tty: 8250: Add support for additional Brainboxes UC cards Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.1 53/62] tty: 8250: Add support for Brainboxes UP cards Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.1 54/62] tty: 8250: Add support for Intashield IS-100 Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.1 55/62] tty: 8250: Fix port count of PX-257 Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.1 56/62] tty: 8250: Fix up PX-803/PX-857 Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.1 57/62] tty: 8250: Add support for additional Brainboxes PX cards Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.1 58/62] tty: 8250: Add support for Intashield IX cards Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.1 59/62] tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.1 60/62] misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.1 61/62] ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.1 62/62] ASoC: SOF: sof-pci-dev: Fix community key " Greg Kroah-Hartman
2023-11-06 17:24 ` [PATCH 6.1 00/62] 6.1.62-rc1 review SeongJae Park
2023-11-06 17:52 ` Florian Fainelli
2023-11-06 19:14 ` Allen Pais
2023-11-06 21:35 ` Pavel Machek
2023-11-07 4:12 ` Bagas Sanjaya
2023-11-07 8:55 ` Ron Economos
2023-11-07 11:48 ` Jon Hunter
2023-11-07 15:35 ` Shuah Khan
2023-11-07 16:04 ` Conor Dooley
2023-11-07 17:15 ` Ricardo B. Marliere
2023-11-07 17:44 ` Naresh Kamboju
2023-11-07 18:54 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231106130301.982143996@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alx@kernel.org \
--cc=davem@davemloft.net \
--cc=gustavoars@kernel.org \
--cc=jhs@mojatatu.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.