From: Steven Rostedt <rostedt@goodmis.org>
To: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
Beau Belgrave <beaub@linux.microsoft.com>,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
linux-trace-kernel@vger.kernel.org
Subject: Re: [PATCH] tracing/user_events: Fix an erroneous usage of struct_size()
Date: Mon, 21 Aug 2023 12:07:28 -0400 [thread overview]
Message-ID: <20230821120728.7b34266c@gandalf.local.home> (raw)
In-Reply-To: <7a20160628fa586a74936c9212102dbf896e7332.1692543738.git.christophe.jaillet@wanadoo.fr>
On Sun, 20 Aug 2023 17:02:42 +0200
Christophe JAILLET <christophe.jaillet@wanadoo.fr> wrote:
> If struct_size() returns a value that does not fit in a 'int', the size
> passed to kzalloc() is wrong.
>
> Remove the intermediate 'size' variable and use struct_size() directly.
>
> Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ---
> I don't know if 'size' can get bigger than a int in the real world, but the
> change looks safe in any cases.
>
> On x86_64, looking at the .s files, the previous code had an extra:
> movslq %r13d, %r13
> which really looks wrong to me.
If size is bigger than int, then we have much bigger problems than this allocation.
That means count is over 2 billion, and the kzalloc() will fail regardless.
This is an unneeded change.
-- Steve
> ---
> kernel/trace/trace_events_user.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
> index 33cb6af31f39..67cc71a872b0 100644
> --- a/kernel/trace/trace_events_user.c
> +++ b/kernel/trace/trace_events_user.c
> @@ -2153,7 +2153,7 @@ static int user_events_ref_add(struct user_event_file_info *info,
> {
> struct user_event_group *group = info->group;
> struct user_event_refs *refs, *new_refs;
> - int i, size, count = 0;
> + int i, count = 0;
>
> refs = rcu_dereference_protected(info->refs,
> lockdep_is_held(&group->reg_mutex));
> @@ -2166,10 +2166,8 @@ static int user_events_ref_add(struct user_event_file_info *info,
> return i;
> }
>
> - size = struct_size(refs, events, count + 1);
> -
> - new_refs = kzalloc(size, GFP_KERNEL_ACCOUNT);
> -
> + new_refs = kzalloc(struct_size(refs, events, count + 1),
> + GFP_KERNEL_ACCOUNT);
> if (!new_refs)
> return -ENOMEM;
>
prev parent reply other threads:[~2023-08-21 16:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-20 15:02 [PATCH] tracing/user_events: Fix an erroneous usage of struct_size() Christophe JAILLET
2023-08-21 16:07 ` Steven Rostedt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230821120728.7b34266c@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=beaub@linux.microsoft.com \
--cc=christophe.jaillet@wanadoo.fr \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox