[PATCH][next] net: sched: cls_u32: Fix allocation in u32

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init()
@ 2023-08-17 15:58 Gustavo A. R. Silva
  2023-08-17 16:32 ` Jamal Hadi Salim
  2023-08-19  2:38 ` Jakub Kicinski
  0 siblings, 2 replies; 6+ messages in thread
From: Gustavo A. R. Silva @ 2023-08-17 15:58 UTC (permalink / raw)
  To: Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, Gustavo A. R. Silva
  Cc: netdev, linux-kernel, Gustavo A. R. Silva, linux-hardening

Replace struct_size() with sizeof(), and avoid allocating 8 too many
bytes.

The following difference in binary output is expected and reflects the
desired change:

| net/sched/cls_u32.o
| @@ -6148,7 +6148,7 @@
| include/linux/slab.h:599
|     2cf5:      mov    0x0(%rip),%rdi        # 2cfc <u32_init+0xfc>
|                        2cf8: R_X86_64_PC32     kmalloc_caches+0xc
|-    2cfc:      mov    $0x98,%edx
|+    2cfc:      mov    $0x90,%edx

Fixes: d61491a51f7e ("net/sched: cls_u32: Replace one-element array with flexible-array member")
Reported-by: Alejandro Colomar <alx@kernel.org>
Closes: https://lore.kernel.org/lkml/09b4a2ce-da74-3a19-6961-67883f634d98@kernel.org/
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 net/sched/cls_u32.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index da4c179a4d41..6663e971a13e 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -366,7 +366,7 @@ static int u32_init(struct tcf_proto *tp)
 	idr_init(&root_ht->handle_idr);
 
 	if (tp_c == NULL) {
-		tp_c = kzalloc(struct_size(tp_c, hlist->ht, 1), GFP_KERNEL);
+		tp_c = kzalloc(sizeof(*tp_c), GFP_KERNEL);
 		if (tp_c == NULL) {
 			kfree(root_ht);
 			return -ENOBUFS;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init()
  2023-08-17 15:58 [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init() Gustavo A. R. Silva
@ 2023-08-17 16:32 ` Jamal Hadi Salim
  2023-08-19  2:38 ` Jakub Kicinski
  1 sibling, 0 replies; 6+ messages in thread
From: Jamal Hadi Salim @ 2023-08-17 16:32 UTC (permalink / raw)
  To: Gustavo A. R. Silva
  Cc: Cong Wang, Jiri Pirko, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
	linux-hardening

On Thu, Aug 17, 2023 at 11:57 AM Gustavo A. R. Silva
<gustavoars@kernel.org> wrote:
>
> Replace struct_size() with sizeof(), and avoid allocating 8 too many
> bytes.
>
> The following difference in binary output is expected and reflects the
> desired change:
>
> | net/sched/cls_u32.o
> | @@ -6148,7 +6148,7 @@
> | include/linux/slab.h:599
> |     2cf5:      mov    0x0(%rip),%rdi        # 2cfc <u32_init+0xfc>
> |                        2cf8: R_X86_64_PC32     kmalloc_caches+0xc
> |-    2cfc:      mov    $0x98,%edx
> |+    2cfc:      mov    $0x90,%edx
>
> Fixes: d61491a51f7e ("net/sched: cls_u32: Replace one-element array with flexible-array member")
> Reported-by: Alejandro Colomar <alx@kernel.org>
> Closes: https://lore.kernel.org/lkml/09b4a2ce-da74-3a19-6961-67883f634d98@kernel.org/
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
>  net/sched/cls_u32.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
> index da4c179a4d41..6663e971a13e 100644
> --- a/net/sched/cls_u32.c
> +++ b/net/sched/cls_u32.c
> @@ -366,7 +366,7 @@ static int u32_init(struct tcf_proto *tp)
>         idr_init(&root_ht->handle_idr);
>
>         if (tp_c == NULL) {
> -               tp_c = kzalloc(struct_size(tp_c, hlist->ht, 1), GFP_KERNEL);
> +               tp_c = kzalloc(sizeof(*tp_c), GFP_KERNEL);
>                 if (tp_c == NULL) {
>                         kfree(root_ht);
>                         return -ENOBUFS;


LGTM.
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>

cheers,
jamal

> 2.34.1
>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init()
  2023-08-17 15:58 [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init() Gustavo A. R. Silva
  2023-08-17 16:32 ` Jamal Hadi Salim
@ 2023-08-19  2:38 ` Jakub Kicinski
  2023-08-21 14:35   ` Jamal Hadi Salim
  1 sibling, 1 reply; 6+ messages in thread
From: Jakub Kicinski @ 2023-08-19  2:38 UTC (permalink / raw)
  To: Gustavo A. R. Silva
  Cc: Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Paolo Abeni, netdev, linux-kernel, linux-hardening

On Thu, 17 Aug 2023 09:58:53 -0600 Gustavo A. R. Silva wrote:
> Subject: [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init()
> Date: Thu, 17 Aug 2023 09:58:53 -0600
> 
> Replace struct_size() with sizeof(), and avoid allocating 8 too many
> bytes.

What are you fixing?

> The following difference in binary output is expected and reflects the
> desired change:
> 
> | net/sched/cls_u32.o
> | @@ -6148,7 +6148,7 @@
> | include/linux/slab.h:599
> |     2cf5:      mov    0x0(%rip),%rdi        # 2cfc <u32_init+0xfc>
> |                        2cf8: R_X86_64_PC32     kmalloc_caches+0xc
> |-    2cfc:      mov    $0x98,%edx
> |+    2cfc:      mov    $0x90,%edx

Sure, but why are you doing this? And how do you know the change is
correct?

There are 2 other instances where we allocate 1 entry or +1 entry.
Are they not all wrong?

Also some walking code seems to walk <= divisor, divisor IIUC being
the array bound - 1?

Jamal acked so changes are this is right, but I'd really like to
understand what's going on, and I shouldn't have to ask you all 
these questions :S
-- 
pw-bot: cr

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init()
  2023-08-19  2:38 ` Jakub Kicinski
@ 2023-08-21 14:35   ` Jamal Hadi Salim
  2023-08-21 18:48     ` Jakub Kicinski
  0 siblings, 1 reply; 6+ messages in thread
From: Jamal Hadi Salim @ 2023-08-21 14:35 UTC (permalink / raw)
  To: Jakub Kicinski
  Cc: Gustavo A. R. Silva, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Paolo Abeni, netdev, linux-kernel, linux-hardening

On Fri, Aug 18, 2023 at 10:38 PM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Thu, 17 Aug 2023 09:58:53 -0600 Gustavo A. R. Silva wrote:
> > Subject: [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init()
> > Date: Thu, 17 Aug 2023 09:58:53 -0600
> >
> > Replace struct_size() with sizeof(), and avoid allocating 8 too many
> > bytes.
>
> What are you fixing?
>
> > The following difference in binary output is expected and reflects the
> > desired change:
> >
> > | net/sched/cls_u32.o
> > | @@ -6148,7 +6148,7 @@
> > | include/linux/slab.h:599
> > |     2cf5:      mov    0x0(%rip),%rdi        # 2cfc <u32_init+0xfc>
> > |                        2cf8: R_X86_64_PC32     kmalloc_caches+0xc
> > |-    2cfc:      mov    $0x98,%edx
> > |+    2cfc:      mov    $0x90,%edx
>
> Sure, but why are you doing this? And how do you know the change is
> correct?
>
> There are 2 other instances where we allocate 1 entry or +1 entry.
> Are they not all wrong?
>
> Also some walking code seems to walk <= divisor, divisor IIUC being
> the array bound - 1?
>
> Jamal acked so changes are this is right, but I'd really like to
> understand what's going on, and I shouldn't have to ask you all
> these questions :S

This is a "bug fix" given that the structure had no zero array
construct as was implied by d61491a51f7e . I didnt want to call it out
as a bug fix (for -net) because existing code was not harmful but
allocated extra memory which this patch gives back.
The other instances have a legit need for "flexible array".

cheers,
jamal
> --
> pw-bot: cr

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init()
  2023-08-21 14:35   ` Jamal Hadi Salim
@ 2023-08-21 18:48     ` Jakub Kicinski
  2023-09-29 18:24       ` Kees Cook
  0 siblings, 1 reply; 6+ messages in thread
From: Jakub Kicinski @ 2023-08-21 18:48 UTC (permalink / raw)
  To: Jamal Hadi Salim
  Cc: Gustavo A. R. Silva, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Paolo Abeni, netdev, linux-kernel, linux-hardening

On Mon, 21 Aug 2023 10:35:29 -0400 Jamal Hadi Salim wrote:
> > Sure, but why are you doing this? And how do you know the change is
> > correct?
> >
> > There are 2 other instances where we allocate 1 entry or +1 entry.
> > Are they not all wrong?
> >
> > Also some walking code seems to walk <= divisor, divisor IIUC being
> > the array bound - 1?
> >
> > Jamal acked so changes are this is right, but I'd really like to
> > understand what's going on, and I shouldn't have to ask you all
> > these questions :S  
> 
> This is a "bug fix" given that the structure had no zero array
> construct as was implied by d61491a51f7e . I didnt want to call it out
> as a bug fix (for -net) because existing code was not harmful but
> allocated extra memory which this patch gives back.
> The other instances have a legit need for "flexible array".

Based on the link provided it seems like the Fixes comes in because
someone reported compilation issues. But from the thread it seems
like the problem only appears when sizeof_struct() is modified.
In which case - you're right, Fixes and Reported-by tags should go.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init()
  2023-08-21 18:48     ` Jakub Kicinski
@ 2023-09-29 18:24       ` Kees Cook
  0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2023-09-29 18:24 UTC (permalink / raw)
  To: Gustavo A. R. Silva
  Cc: Jamal Hadi Salim, Jakub Kicinski, Cong Wang, Jiri Pirko,
	David S. Miller, Eric Dumazet, Paolo Abeni, netdev, linux-kernel,
	linux-hardening

On Mon, Aug 21, 2023 at 11:48:02AM -0700, Jakub Kicinski wrote:
> On Mon, 21 Aug 2023 10:35:29 -0400 Jamal Hadi Salim wrote:
> > > Sure, but why are you doing this? And how do you know the change is
> > > correct?
> > >
> > > There are 2 other instances where we allocate 1 entry or +1 entry.
> > > Are they not all wrong?
> > >
> > > Also some walking code seems to walk <= divisor, divisor IIUC being
> > > the array bound - 1?
> > >
> > > Jamal acked so changes are this is right, but I'd really like to
> > > understand what's going on, and I shouldn't have to ask you all
> > > these questions :S  
> > 
> > This is a "bug fix" given that the structure had no zero array
> > construct as was implied by d61491a51f7e . I didnt want to call it out
> > as a bug fix (for -net) because existing code was not harmful but
> > allocated extra memory which this patch gives back.
> > The other instances have a legit need for "flexible array".
> 
> Based on the link provided it seems like the Fixes comes in because
> someone reported compilation issues. But from the thread it seems
> like the problem only appears when sizeof_struct() is modified.
> In which case - you're right, Fixes and Reported-by tags should go.

Gustavo, can you please respin this with an updated commit log and
adjusted tags for netdev to pick up?

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2023-09-29 18:24 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-17 15:58 [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init() Gustavo A. R. Silva
2023-08-17 16:32 ` Jamal Hadi Salim
2023-08-19  2:38 ` Jakub Kicinski
2023-08-21 14:35   ` Jamal Hadi Salim
2023-08-21 18:48     ` Jakub Kicinski
2023-09-29 18:24       ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).