From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8BAA433BBD0 for ; Sat, 30 May 2026 00:00:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780099205; cv=none; b=hmYmMHhxO1m/T2FI+jabJLBWzMKDLVRXyM8egeObAIF+tS8Ali7IocXkH9UehMa1Qi9msFmgEVcOQTMBdXL+iD0t1wYUJkloKLXWRIowYEH5jl0QKcfNL7Q+UpvB7+wW5fbRh22WIWIg4BjMdBnGjf2bHY7eeSlajd+z05KyuEE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780099205; c=relaxed/simple; bh=sLemg9UAdcWZK2lA9bWEvdkKOxnaos4X56QD8DbKB0E=; h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version: Content-Type; b=KkubYOkhYEF1nlJdG4NI0JzOXqZAhws1f1TN36HD3mqmuqNsOUC/nkIiiFwX3Z5aIarTIbFF4FovG1WDbRDQB36tQ89bc+OOS+sU7Knxn7MjVmZJUnSmQ9iR8zXD6QxITBNVgpi6c8+yqiHefNdpPP5ZOL7gCll8rfdAFIbiELY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=J+sBvwKW; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="J+sBvwKW" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2075D1F00898; Sat, 30 May 2026 00:00:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780099204; bh=jPrHhKdNAETVQNB/XRk5rg+j22AGXowR7boMo1/GFGY=; h=Date:From:To:Cc:Subject:References; b=J+sBvwKWgNrilflR20RC5Pu/usRXb/MYQSYseF3RC4ZmrHAt90ArqHV5jiutoQkqC GJDaxhzPQ32f9xwzQQbKagDn5x4Z09oYlPv+ZGHnJ5LeU/6xCG/cMqhQEql6iJVbTV 842xdtlVHrlg3foI+cBD58kT3Zy6huY6BIxQt2pqgdtJROvUVF2LuqzqofmhA6ZKPr cL0RReNTMF+aEfP6L09R539LkzfD8wRvqnMKDId6dqKiCRt+3abr9GQz+OABMf82o1 uGSqLsSX7GeMP8VcUc9khC6V6OMwAGuLztxNedKVgrazx5QnqmrYxv/UyVDnBoT2Y7 sQZpTqmeHmn+Q== Received: from rostedt by gandalf with local (Exim 4.99.2) (envelope-from ) id 1wT788-0000000AgCe-14tB; Fri, 29 May 2026 20:00:44 -0400 Message-ID: <20260530000044.115133217@kernel.org> User-Agent: quilt/0.69 Date: Fri, 29 May 2026 20:00:30 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Mathieu Desnoyers , Andrew Morton , Rosen Penev Subject: [for-next][PATCH 1/3] tracing: Turn hist_elt_data field_var_str into a flexible array References: <20260530000029.648858285@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 From: Rosen Penev The field_var_str array was allocated separately via kcalloc() with its length already known at elt_data allocation time. Convert it to a flexible array member and fold the two allocations into a single kzalloc_flex(), reordering hist_trigger_elt_data_alloc() so n_str is computed and bounds-checked before the struct allocation. hist_elt_data is only reached through tracing_map_elt::private_data (a void *), never embedded, so adding a FAM imposes no tail-position constraint on any enclosing struct. Added __counted_by for extra runtime analysis. Link: https://patch.msgid.link/20260522214407.18120-1-rosenp@gmail.com Assisted-by: Claude:Opus-4.7 Signed-off-by: Rosen Penev Signed-off-by: Steven Rostedt --- kernel/trace/trace_events_hist.c | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 9701650c89b2..82ce492ab268 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -683,8 +683,8 @@ struct track_data { struct hist_elt_data { char *comm; u64 *var_ref_vals; - char **field_var_str; int n_field_var_str; + char *field_var_str[] __counted_by(n_field_var_str); }; struct snapshot_context { @@ -1629,8 +1629,6 @@ static void hist_elt_data_free(struct hist_elt_data *elt_data) for (i = 0; i < elt_data->n_field_var_str; i++) kfree(elt_data->field_var_str[i]); - kfree(elt_data->field_var_str); - kfree(elt_data->comm); kfree(elt_data); } @@ -1650,10 +1648,19 @@ static int hist_trigger_elt_data_alloc(struct tracing_map_elt *elt) struct hist_field *hist_field; unsigned int i, n_str; - elt_data = kzalloc_obj(*elt_data); + BUILD_BUG_ON(STR_VAR_LEN_MAX & (sizeof(u64) - 1)); + + n_str = hist_data->n_field_var_str + hist_data->n_save_var_str + + hist_data->n_var_str; + if (n_str > SYNTH_FIELDS_MAX) + return -EINVAL; + + elt_data = kzalloc_flex(*elt_data, field_var_str, n_str); if (!elt_data) return -ENOMEM; + elt_data->n_field_var_str = n_str; + for_each_hist_field(i, hist_data) { hist_field = hist_data->fields[i]; @@ -1667,24 +1674,8 @@ static int hist_trigger_elt_data_alloc(struct tracing_map_elt *elt) } } - n_str = hist_data->n_field_var_str + hist_data->n_save_var_str + - hist_data->n_var_str; - if (n_str > SYNTH_FIELDS_MAX) { - hist_elt_data_free(elt_data); - return -EINVAL; - } - - BUILD_BUG_ON(STR_VAR_LEN_MAX & (sizeof(u64) - 1)); - size = STR_VAR_LEN_MAX; - elt_data->field_var_str = kcalloc(n_str, sizeof(char *), GFP_KERNEL); - if (!elt_data->field_var_str) { - hist_elt_data_free(elt_data); - return -EINVAL; - } - elt_data->n_field_var_str = n_str; - for (i = 0; i < n_str; i++) { elt_data->field_var_str[i] = kzalloc(size, GFP_KERNEL); if (!elt_data->field_var_str[i]) { -- 2.53.0