* [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc()
@ 2026-03-06 8:02 luoqing
2026-03-06 17:14 ` kernel test robot
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: luoqing @ 2026-03-06 8:02 UTC (permalink / raw)
To: agk; +Cc: snitzer, dm-devel, mpatocka, bmarzins, linux-kernel
From: luoqing <luoqing@kylinos.cn>
Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows that,
in the worst scenario, could lead to heap overflows.
Signed-off-by: luoqing <luoqing@kylinos.cn>
---
drivers/md/dm-bufio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c
index 60f7badec91f..f8a6b423b4ea 100644
--- a/drivers/md/dm-bufio.c
+++ b/drivers/md/dm-bufio.c
@@ -2511,7 +2511,7 @@ struct dm_bufio_client *dm_bufio_client_create(struct block_device *bdev, unsign
}
num_locks = dm_num_hash_locks();
- c = kzalloc(sizeof(*c) + (num_locks * sizeof(struct buffer_tree)), GFP_KERNEL);
+ c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
if (!c) {
r = -ENOMEM;
goto bad_client;
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc()
2026-03-06 8:02 [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc() luoqing
@ 2026-03-06 17:14 ` kernel test robot
2026-03-06 19:07 ` kernel test robot
2026-03-06 23:47 ` Benjamin Marzinski
2 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2026-03-06 17:14 UTC (permalink / raw)
To: luoqing, agk
Cc: llvm, oe-kbuild-all, snitzer, dm-devel, mpatocka, bmarzins,
linux-kernel
Hi luoqing,
kernel test robot noticed the following build errors:
[auto build test ERROR on axboe/for-next]
[also build test ERROR on device-mapper-dm/for-next linus/master v7.0-rc2 next-20260306]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/luoqing/dm-bufio-Use-struct_size-helper-in-kmalloc/20260306-165625
base: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux.git for-next
patch link: https://lore.kernel.org/r/20260306080257.1268206-1-l1138897701%40163.com
patch subject: [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc()
config: x86_64-kexec (https://download.01.org/0day-ci/archive/20260306/202603061810.Sm9P1QKo-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260306/202603061810.Sm9P1QKo-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603061810.Sm9P1QKo-lkp@intel.com/
All errors (new ones prefixed by >>):
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:420:26: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:251:9: note: expanded from macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:420:57: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/compiler.h:208:64: note: expanded from macro '__must_be_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:251:9: note: expanded from macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:421:32: note: expanded from macro 'flex_array_size'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:251:9: note: expanded from macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:421:63: note: expanded from macro 'flex_array_size'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^
include/linux/compiler.h:208:64: note: expanded from macro '__must_be_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:251:9: note: expanded from macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:437:45: note: expanded from macro 'struct_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^
include/linux/overflow.h:420:26: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:251:9: note: expanded from macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:437:45: note: expanded from macro 'struct_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^
include/linux/overflow.h:420:57: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/compiler.h:208:64: note: expanded from macro '__must_be_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:251:9: note: expanded from macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:437:45: note: expanded from macro 'struct_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^
include/linux/overflow.h:421:32: note: expanded from macro 'flex_array_size'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:251:9: note: expanded from macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:437:45: note: expanded from macro 'struct_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^
include/linux/overflow.h:421:63: note: expanded from macro 'flex_array_size'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^
include/linux/compiler.h:208:64: note: expanded from macro '__must_be_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:251:9: note: expanded from macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:420:26: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:255:10: note: expanded from macro 'alloc_hooks_tag'
255 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:420:57: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/compiler.h:208:64: note: expanded from macro '__must_be_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:255:10: note: expanded from macro 'alloc_hooks_tag'
255 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:421:32: note: expanded from macro 'flex_array_size'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:255:10: note: expanded from macro 'alloc_hooks_tag'
255 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:421:63: note: expanded from macro 'flex_array_size'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^
include/linux/compiler.h:208:64: note: expanded from macro '__must_be_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:255:10: note: expanded from macro 'alloc_hooks_tag'
255 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:437:45: note: expanded from macro 'struct_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^
include/linux/overflow.h:420:26: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:255:10: note: expanded from macro 'alloc_hooks_tag'
255 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:437:45: note: expanded from macro 'struct_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^
include/linux/overflow.h:420:57: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/compiler.h:208:64: note: expanded from macro '__must_be_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:255:10: note: expanded from macro 'alloc_hooks_tag'
255 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:437:45: note: expanded from macro 'struct_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^
include/linux/overflow.h:421:32: note: expanded from macro 'flex_array_size'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:255:10: note: expanded from macro 'alloc_hooks_tag'
255 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:437:45: note: expanded from macro 'struct_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^
include/linux/overflow.h:421:63: note: expanded from macro 'flex_array_size'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^
include/linux/compiler.h:208:64: note: expanded from macro '__must_be_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:255:10: note: expanded from macro 'alloc_hooks_tag'
255 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:420:26: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:258:10: note: expanded from macro 'alloc_hooks_tag'
258 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:420:57: note: expanded from macro 'flex_array_size'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^
include/linux/compiler.h:208:64: note: expanded from macro '__must_be_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:258:10: note: expanded from macro 'alloc_hooks_tag'
258 | _res = _do_alloc; \
| ^~~~~~~~~
>> drivers/md/dm-bufio.c:2514:29: error: no member named 'buffer_tree' in 'struct dm_bufio_client'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:436:37: note: expanded from macro 'struct_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^
include/linux/overflow.h:421:32: note: expanded from macro 'flex_array_size'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^
include/linux/slab.h:1190:52: note: expanded from macro 'kzalloc'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
include/linux/alloc_tag.h:265:31: note: expanded from macro 'alloc_hooks'
265 | alloc_hooks_tag(&_alloc_tag, _do_alloc); \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
include/linux/alloc_tag.h:258:10: note: expanded from macro 'alloc_hooks_tag'
258 | _res = _do_alloc; \
| ^~~~~~~~~
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
vim +2514 drivers/md/dm-bufio.c
2491
2492 /*
2493 * Create the buffering interface
2494 */
2495 struct dm_bufio_client *dm_bufio_client_create(struct block_device *bdev, unsigned int block_size,
2496 unsigned int reserved_buffers, unsigned int aux_size,
2497 void (*alloc_callback)(struct dm_buffer *),
2498 void (*write_callback)(struct dm_buffer *),
2499 unsigned int flags)
2500 {
2501 int r;
2502 unsigned int num_locks;
2503 struct dm_bufio_client *c;
2504 char slab_name[64];
2505 static atomic_t seqno = ATOMIC_INIT(0);
2506
2507 if (!block_size || block_size & ((1 << SECTOR_SHIFT) - 1)) {
2508 DMERR("%s: block size not specified or is not multiple of 512b", __func__);
2509 r = -EINVAL;
2510 goto bad_client;
2511 }
2512
2513 num_locks = dm_num_hash_locks();
> 2514 c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
2515 if (!c) {
2516 r = -ENOMEM;
2517 goto bad_client;
2518 }
2519 cache_init(&c->cache, num_locks, (flags & DM_BUFIO_CLIENT_NO_SLEEP) != 0);
2520
2521 c->bdev = bdev;
2522 c->block_size = block_size;
2523 if (is_power_of_2(block_size))
2524 c->sectors_per_block_bits = __ffs(block_size) - SECTOR_SHIFT;
2525 else
2526 c->sectors_per_block_bits = -1;
2527
2528 c->alloc_callback = alloc_callback;
2529 c->write_callback = write_callback;
2530
2531 if (flags & DM_BUFIO_CLIENT_NO_SLEEP) {
2532 c->no_sleep = true;
2533 static_branch_inc(&no_sleep_enabled);
2534 }
2535
2536 mutex_init(&c->lock);
2537 spin_lock_init(&c->spinlock);
2538 INIT_LIST_HEAD(&c->reserved_buffers);
2539 c->need_reserved_buffers = reserved_buffers;
2540
2541 dm_bufio_set_minimum_buffers(c, DM_BUFIO_MIN_BUFFERS);
2542
2543 init_waitqueue_head(&c->free_buffer_wait);
2544 c->async_write_error = 0;
2545
2546 c->dm_io = dm_io_client_create();
2547 if (IS_ERR(c->dm_io)) {
2548 r = PTR_ERR(c->dm_io);
2549 goto bad_dm_io;
2550 }
2551
2552 if (block_size <= KMALLOC_MAX_SIZE && !is_power_of_2(block_size)) {
2553 unsigned int align = min(1U << __ffs(block_size), (unsigned int)PAGE_SIZE);
2554
2555 snprintf(slab_name, sizeof(slab_name), "dm_bufio_cache-%u-%u",
2556 block_size, atomic_inc_return(&seqno));
2557 c->slab_cache = kmem_cache_create(slab_name, block_size, align,
2558 SLAB_RECLAIM_ACCOUNT, NULL);
2559 if (!c->slab_cache) {
2560 r = -ENOMEM;
2561 goto bad;
2562 }
2563 }
2564 if (aux_size)
2565 snprintf(slab_name, sizeof(slab_name), "dm_bufio_buffer-%u-%u",
2566 aux_size, atomic_inc_return(&seqno));
2567 else
2568 snprintf(slab_name, sizeof(slab_name), "dm_bufio_buffer-%u",
2569 atomic_inc_return(&seqno));
2570 c->slab_buffer = kmem_cache_create(slab_name, sizeof(struct dm_buffer) + aux_size,
2571 0, SLAB_RECLAIM_ACCOUNT, NULL);
2572 if (!c->slab_buffer) {
2573 r = -ENOMEM;
2574 goto bad;
2575 }
2576
2577 while (c->need_reserved_buffers) {
2578 struct dm_buffer *b = alloc_buffer(c, GFP_KERNEL);
2579
2580 if (!b) {
2581 r = -ENOMEM;
2582 goto bad;
2583 }
2584 __free_buffer_wake(b);
2585 }
2586
2587 INIT_WORK(&c->shrink_work, shrink_work);
2588 atomic_long_set(&c->need_shrink, 0);
2589
2590 c->shrinker = shrinker_alloc(0, "dm-bufio:(%u:%u)",
2591 MAJOR(bdev->bd_dev), MINOR(bdev->bd_dev));
2592 if (!c->shrinker) {
2593 r = -ENOMEM;
2594 goto bad;
2595 }
2596
2597 c->shrinker->count_objects = dm_bufio_shrink_count;
2598 c->shrinker->scan_objects = dm_bufio_shrink_scan;
2599 c->shrinker->seeks = 1;
2600 c->shrinker->batch = 0;
2601 c->shrinker->private_data = c;
2602
2603 shrinker_register(c->shrinker);
2604
2605 mutex_lock(&dm_bufio_clients_lock);
2606 dm_bufio_client_count++;
2607 list_add(&c->client_list, &dm_bufio_all_clients);
2608 __cache_size_refresh();
2609 mutex_unlock(&dm_bufio_clients_lock);
2610
2611 return c;
2612
2613 bad:
2614 while (!list_empty(&c->reserved_buffers)) {
2615 struct dm_buffer *b = list_to_buffer(c->reserved_buffers.next);
2616
2617 list_del(&b->lru.list);
2618 free_buffer(b);
2619 }
2620 kmem_cache_destroy(c->slab_cache);
2621 kmem_cache_destroy(c->slab_buffer);
2622 dm_io_client_destroy(c->dm_io);
2623 bad_dm_io:
2624 mutex_destroy(&c->lock);
2625 if (c->no_sleep)
2626 static_branch_dec(&no_sleep_enabled);
2627 kfree(c);
2628 bad_client:
2629 return ERR_PTR(r);
2630 }
2631 EXPORT_SYMBOL_GPL(dm_bufio_client_create);
2632
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc()
2026-03-06 8:02 [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc() luoqing
2026-03-06 17:14 ` kernel test robot
@ 2026-03-06 19:07 ` kernel test robot
2026-03-06 23:47 ` Benjamin Marzinski
2 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2026-03-06 19:07 UTC (permalink / raw)
To: luoqing, agk
Cc: oe-kbuild-all, snitzer, dm-devel, mpatocka, bmarzins,
linux-kernel
Hi luoqing,
kernel test robot noticed the following build errors:
[auto build test ERROR on axboe/for-next]
[also build test ERROR on device-mapper-dm/for-next linus/master v7.0-rc2 next-20260306]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/luoqing/dm-bufio-Use-struct_size-helper-in-kmalloc/20260306-165625
base: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux.git for-next
patch link: https://lore.kernel.org/r/20260306080257.1268206-1-l1138897701%40163.com
patch subject: [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc()
config: m68k-defconfig (https://download.01.org/0day-ci/archive/20260307/202603070341.J8qZJaCg-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 15.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260307/202603070341.J8qZJaCg-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603070341.J8qZJaCg-lkp@intel.com/
All errors (new ones prefixed by >>):
In file included from include/linux/workqueue.h:9,
from include/linux/mm_types.h:19,
from include/linux/mmzone.h:22,
from include/linux/gfp.h:7,
from include/linux/xarray.h:16,
from include/linux/list_lru.h:14,
from include/linux/fs/super_types.h:7,
from include/linux/fs/super.h:5,
from include/linux/fs.h:5,
from include/linux/highmem.h:5,
from include/linux/bvec.h:10,
from include/linux/blk_types.h:10,
from include/linux/blkdev.h:9,
from include/linux/dm-bufio.h:13,
from drivers/md/dm-bufio.c:10:
drivers/md/dm-bufio.c: In function 'dm_bufio_client_create':
>> include/linux/overflow.h:420:38: error: 'struct dm_bufio_client' has no member named 'buffer_tree'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/overflow.h:436:32: note: in expansion of macro 'flex_array_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
include/linux/overflow.h:420:69: error: 'struct dm_bufio_client' has no member named 'buffer_tree'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/compiler.h:208:33: note: in expansion of macro '__BUILD_BUG_ON_ZERO_MSG'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:207:35: note: in expansion of macro '__same_type'
207 | #define __is_array(a) (!__same_type((a), &(a)[0]))
| ^~~~~~~~~~~
include/linux/compiler.h:208:58: note: in expansion of macro '__is_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~
include/linux/overflow.h:420:50: note: in expansion of macro '__must_be_array'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~~~~~~~~~~~~~~
include/linux/overflow.h:436:32: note: in expansion of macro 'flex_array_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
include/linux/overflow.h:420:69: error: 'struct dm_bufio_client' has no member named 'buffer_tree'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/compiler.h:208:33: note: in expansion of macro '__BUILD_BUG_ON_ZERO_MSG'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:207:35: note: in expansion of macro '__same_type'
207 | #define __is_array(a) (!__same_type((a), &(a)[0]))
| ^~~~~~~~~~~
include/linux/compiler.h:208:58: note: in expansion of macro '__is_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~
include/linux/overflow.h:420:50: note: in expansion of macro '__must_be_array'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~~~~~~~~~~~~~~
include/linux/overflow.h:436:32: note: in expansion of macro 'flex_array_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
include/linux/compiler.h:203:82: error: expression in static assertion is not an integer
203 | #define __BUILD_BUG_ON_ZERO_MSG(e, msg, ...) ((int)sizeof(struct {_Static_assert(!(e), msg);}))
| ^
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/compiler.h:208:33: note: in expansion of macro '__BUILD_BUG_ON_ZERO_MSG'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:420:50: note: in expansion of macro '__must_be_array'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~~~~~~~~~~~~~~
include/linux/overflow.h:436:32: note: in expansion of macro 'flex_array_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
--
| ^~
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/overflow.h:436:32: note: in expansion of macro 'flex_array_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
include/linux/overflow.h:421:75: error: 'struct dm_bufio_client' has no member named 'buffer_tree'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^~
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/compiler.h:208:33: note: in expansion of macro '__BUILD_BUG_ON_ZERO_MSG'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:207:35: note: in expansion of macro '__same_type'
207 | #define __is_array(a) (!__same_type((a), &(a)[0]))
| ^~~~~~~~~~~
include/linux/compiler.h:208:58: note: in expansion of macro '__is_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~
include/linux/overflow.h:421:56: note: in expansion of macro '__must_be_array'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^~~~~~~~~~~~~~~
include/linux/overflow.h:436:32: note: in expansion of macro 'flex_array_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
include/linux/overflow.h:421:75: error: 'struct dm_bufio_client' has no member named 'buffer_tree'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^~
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/compiler.h:208:33: note: in expansion of macro '__BUILD_BUG_ON_ZERO_MSG'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:207:35: note: in expansion of macro '__same_type'
207 | #define __is_array(a) (!__same_type((a), &(a)[0]))
| ^~~~~~~~~~~
include/linux/compiler.h:208:58: note: in expansion of macro '__is_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~
include/linux/overflow.h:421:56: note: in expansion of macro '__must_be_array'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^~~~~~~~~~~~~~~
include/linux/overflow.h:436:32: note: in expansion of macro 'flex_array_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
include/linux/compiler.h:203:82: error: expression in static assertion is not an integer
203 | #define __BUILD_BUG_ON_ZERO_MSG(e, msg, ...) ((int)sizeof(struct {_Static_assert(!(e), msg);}))
| ^
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/compiler.h:208:33: note: in expansion of macro '__BUILD_BUG_ON_ZERO_MSG'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:421:56: note: in expansion of macro '__must_be_array'
421 | size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
| ^~~~~~~~~~~~~~~
include/linux/overflow.h:436:32: note: in expansion of macro 'flex_array_size'
436 | sizeof(*(p)) + flex_array_size(p, member, count), \
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
>> include/linux/overflow.h:420:38: error: 'struct dm_bufio_client' has no member named 'buffer_tree'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/overflow.h:437:40: note: in expansion of macro 'flex_array_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
include/linux/overflow.h:420:69: error: 'struct dm_bufio_client' has no member named 'buffer_tree'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/compiler.h:208:33: note: in expansion of macro '__BUILD_BUG_ON_ZERO_MSG'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:207:35: note: in expansion of macro '__same_type'
207 | #define __is_array(a) (!__same_type((a), &(a)[0]))
| ^~~~~~~~~~~
include/linux/compiler.h:208:58: note: in expansion of macro '__is_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~
include/linux/overflow.h:420:50: note: in expansion of macro '__must_be_array'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~~~~~~~~~~~~~~
include/linux/overflow.h:437:40: note: in expansion of macro 'flex_array_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
include/linux/overflow.h:420:69: error: 'struct dm_bufio_client' has no member named 'buffer_tree'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/compiler.h:208:33: note: in expansion of macro '__BUILD_BUG_ON_ZERO_MSG'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:207:35: note: in expansion of macro '__same_type'
207 | #define __is_array(a) (!__same_type((a), &(a)[0]))
| ^~~~~~~~~~~
include/linux/compiler.h:208:58: note: in expansion of macro '__is_array'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~
include/linux/overflow.h:420:50: note: in expansion of macro '__must_be_array'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~~~~~~~~~~~~~~
include/linux/overflow.h:437:40: note: in expansion of macro 'flex_array_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~~~~~
include/linux/compiler.h:203:82: error: expression in static assertion is not an integer
203 | #define __BUILD_BUG_ON_ZERO_MSG(e, msg, ...) ((int)sizeof(struct {_Static_assert(!(e), msg);}))
| ^
include/linux/alloc_tag.h:251:16: note: in definition of macro 'alloc_hooks_tag'
251 | typeof(_do_alloc) _res; \
| ^~~~~~~~~
include/linux/slab.h:1190:49: note: in expansion of macro 'alloc_hooks'
1190 | #define kzalloc(...) alloc_hooks(kzalloc_noprof(__VA_ARGS__))
| ^~~~~~~~~~~
drivers/md/dm-bufio.c:2514:13: note: in expansion of macro 'kzalloc'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
| ^~~~~~~
include/linux/compiler.h:208:33: note: in expansion of macro '__BUILD_BUG_ON_ZERO_MSG'
208 | #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(!__is_array(a), \
| ^~~~~~~~~~~~~~~~~~~~~~~
include/linux/overflow.h:420:50: note: in expansion of macro '__must_be_array'
420 | (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
| ^~~~~~~~~~~~~~~
include/linux/overflow.h:437:40: note: in expansion of macro 'flex_array_size'
437 | size_add(sizeof(*(p)), flex_array_size(p, member, count)))
| ^~~~~~~~~~~~~~~
drivers/md/dm-bufio.c:2514:21: note: in expansion of macro 'struct_size'
2514 | c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
..
vim +420 include/linux/overflow.h
610b15c50e86eb1 Kees Cook 2018-05-07 405
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 406 /**
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 407 * flex_array_size() - Calculate size of a flexible array member
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 408 * within an enclosing structure.
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 409 * @p: Pointer to the structure.
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 410 * @member: Name of the flexible array member.
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 411 * @count: Number of elements in the array.
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 412 *
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 413 * Calculates size of a flexible array of @count number of @member
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 414 * elements, at the end of structure @p.
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 415 *
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 416 * Return: number of bytes needed or SIZE_MAX on overflow.
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 417 */
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 418 #define flex_array_size(p, member, count) \
230f6fa2c1db6a3 Kees Cook 2022-02-09 419 __builtin_choose_expr(__is_constexpr(count), \
230f6fa2c1db6a3 Kees Cook 2022-02-09 @420 (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \
230f6fa2c1db6a3 Kees Cook 2022-02-09 421 size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member)))
b19d57d0f3cc6f1 Gustavo A. R. Silva 2020-06-08 422
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc()
2026-03-06 8:02 [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc() luoqing
2026-03-06 17:14 ` kernel test robot
2026-03-06 19:07 ` kernel test robot
@ 2026-03-06 23:47 ` Benjamin Marzinski
2 siblings, 0 replies; 4+ messages in thread
From: Benjamin Marzinski @ 2026-03-06 23:47 UTC (permalink / raw)
To: luoqing; +Cc: agk, snitzer, dm-devel, mpatocka, linux-kernel
On Fri, Mar 06, 2026 at 04:02:57PM +0800, luoqing wrote:
> From: luoqing <luoqing@kylinos.cn>
>
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worst scenario, could lead to heap overflows.
>
> Signed-off-by: luoqing <luoqing@kylinos.cn>
> ---
> drivers/md/dm-bufio.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c
> index 60f7badec91f..f8a6b423b4ea 100644
> --- a/drivers/md/dm-bufio.c
> +++ b/drivers/md/dm-bufio.c
> @@ -2511,7 +2511,7 @@ struct dm_bufio_client *dm_bufio_client_create(struct block_device *bdev, unsign
> }
>
> num_locks = dm_num_hash_locks();
> - c = kzalloc(sizeof(*c) + (num_locks * sizeof(struct buffer_tree)), GFP_KERNEL);
> + c = kzalloc(struct_size(c, buffer_tree, num_locks), GFP_KERNEL);
buffer_tree isn't a member of struct dm_bufio_client (which is the type
of *c). Its a member of struct dm_buffer_cache (which is the type of
c->cache). Since struct_size() uses the same variable for referring to the
base structure and the structure holding the flex array, it won't work
here.
-Ben
> if (!c) {
> r = -ENOMEM;
> goto bad_client;
> --
> 2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-03-06 23:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-06 8:02 [PATCH 2/2] dm-bufio: Use struct_size() helper in kmalloc() luoqing
2026-03-06 17:14 ` kernel test robot
2026-03-06 19:07 ` kernel test robot
2026-03-06 23:47 ` Benjamin Marzinski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox