drivers/mtd/chips/cfi_probe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Documentation/process/deprecated.rst recommends against performing
dynamic size calculations in the arguments of memory allocator
function due to the risk of overflow. Such calculations can
wrap around and result in a smaller allocation than what the caller
was expecting.
Replace the size calculation in cfiq allocation with struct_size()
helper to make the code clearer and handle the overflows correctly.
Signed-off-by: Gopi Krishna Menon <krishnagopi487@gmail.com>
---
drivers/mtd/chips/cfi_probe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/chips/cfi_probe.c b/drivers/mtd/chips/cfi_probe.c
index a04b6174181c..e254f9cd2796 100644
--- a/drivers/mtd/chips/cfi_probe.c
+++ b/drivers/mtd/chips/cfi_probe.c
@@ -208,7 +208,7 @@ static int __xipram cfi_chip_setup(struct map_info *map,
if (!num_erase_regions)
return 0;
- cfi->cfiq = kmalloc(sizeof(struct cfi_ident) + num_erase_regions * 4, GFP_KERNEL);
+ cfi->cfiq = kmalloc(struct_size(cfi->cfiq, EraseRegionInfo, num_erase_regions), GFP_KERNEL);
if (!cfi->cfiq)
return 0;
--
2.43.0
On Fri, 19 Sep 2025 00:14:14 +0530, Gopi Krishna Menon wrote: > Documentation/process/deprecated.rst recommends against performing > dynamic size calculations in the arguments of memory allocator > function due to the risk of overflow. Such calculations can > wrap around and result in a smaller allocation than what the caller > was expecting. > > Replace the size calculation in cfiq allocation with struct_size() > helper to make the code clearer and handle the overflows correctly. > > [...] Applied to mtd/next, thanks! [1/1] mtd: cfi: use struct_size() helper for cfiq allocation commit: d496b6f42eb0455caf5d8cb30cf1f01b7fc2a747 Patche(s) should be available on mtd/linux.git and will be part of the next PR (provided that no robot complains by then). Kind regards, Miquèl
On 9/19/2025 12:14 AM, Gopi Krishna Menon wrote: > Documentation/process/deprecated.rst recommends against performing > dynamic size calculations in the arguments of memory allocator > function due to the risk of overflow. Such calculations can > wrap around and result in a smaller allocation than what the caller > was expecting. > > Replace the size calculation in cfiq allocation with struct_size() > helper to make the code clearer and handle the overflows correctly. > > Signed-off-by: Gopi Krishna Menon <krishnagopi487@gmail.com> > --- > drivers/mtd/chips/cfi_probe.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/mtd/chips/cfi_probe.c b/drivers/mtd/chips/cfi_probe.c > index a04b6174181c..e254f9cd2796 100644 > --- a/drivers/mtd/chips/cfi_probe.c > +++ b/drivers/mtd/chips/cfi_probe.c > @@ -208,7 +208,7 @@ static int __xipram cfi_chip_setup(struct map_info *map, > if (!num_erase_regions) > return 0; > > - cfi->cfiq = kmalloc(sizeof(struct cfi_ident) + num_erase_regions * 4, GFP_KERNEL); > + cfi->cfiq = kmalloc(struct_size(cfi->cfiq, EraseRegionInfo, num_erase_regions), GFP_KERNEL); > if (!cfi->cfiq) > return 0; > Reviewed-by: Vignesh Raghavendra <vigneshr@ti.com> There seems to be one more occurrence of this pattern in jedec_probe.c. Would appreciate if you could fix that too. Thanks! Regards Vignesh
Hi Vignesh, Thanks for the review. Regarding the other occurrence you pointed out in jedec_probe.c, after your reply, someone (Rahul Kumar) submitted a patch addressing that occurence in jedec_probe.c. link: https://lore.kernel.org/linux-kernel-mentees/20250922071137.900508-1-rk0006818@gmail.com/T/#u Please let me know if any further changes are needed on my side.
© 2016 - 2025 Red Hat, Inc.