From nobody Mon Jun  8 07:22:52 2026
Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com
 [209.85.128.48])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F9D737646E
	for <linux-kernel@vger.kernel.org>; Thu,  4 Jun 2026 19:09:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.48
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780600142; cv=none;
 b=cNsZx2cDextbQE7o3XLTMEtR1qC3Y0IPaCsviIRhMaQr1i9zjYNYiRo6TiM1oqTik3neevX7cywpDGZBRlK2kxgJQjxbcBbmysuonYEjNVpRK+02G2zTap6zR5elRaXFjByTEo8L8M34aUZ8D+XmNubLjRJJDAhUd3aZZytlW0M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780600142; c=relaxed/simple;
	bh=wfE24qewhaQz8qppCemKauLjn0kXWFzHjAqjytv4XBw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=L9udFQIM6lOa+KEkixpgPxQgV4o8GF7ojekap7MYFQgphqfjosEK/ZtfHpB5ma28eGEkgk53kdpwlZBRaQRtks/zuzO/wxFPkWzWKqT+QlusGdasf/NkW+HdXsiZv1kkEtqrZ0Z/zEIanuqH9ZNz1iZ+iYlL6SwDtm8mqM/I9n8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=LI1v3XOV; arc=none smtp.client-ip=209.85.128.48
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="LI1v3XOV"
Received: by mail-wm1-f48.google.com with SMTP id
 5b1f17b1804b1-490af320e2aso13137445e9.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 04 Jun 2026 12:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1780600140; x=1781204940;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=hXLr76klfrLqMNJzKiRqHPcXu4qJ3972T9V+EDsHRsg=;
        b=LI1v3XOVD6LblAmfUpqSnFDeKINT/tU3IFmrfcfKo6R92d7jKImFX+qCZRTQYmKu3v
         UOW3nXgmsQtT5VTP2e9HRV612AvUjeWDPZ0EaYc0Bf+QG+hvRk7lugZryoiohErPynuW
         Hsudf5MtiyG9lC2O55TaMHdngv5TvAauvG7MgbVeSES1MtWD9LAVlJ6tn67+KxWCL8Db
         rN0Z3WWM2A3q5sb8QLMIA0d/hBFAFlJmuKyOtX80CcEtYYAS71PJg1ggRNAZ0jcFk6TA
         OYOpaFmIgWbtTDmF1QHsO5lrxLo+gfdr3yXSaJ1F9WJj+LvjbE2WbZ+rzNfX//8e2wBc
         JmCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780600140; x=1781204940;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=hXLr76klfrLqMNJzKiRqHPcXu4qJ3972T9V+EDsHRsg=;
        b=K21DJK8ZTIQhl9KcI3pQjAjRzt0GEKfTb404LMaQggl2iUAsCnjBcjFJQkukbcRiBQ
         /D7UK+LTD85AmFS+YocYet3PlsF4Lq4wy39gMotgxIktZ5vUvrM32bQi7+Df1Qjjn0Dj
         omcAwP1GOrc1cvkrZs4avSPLa5BHzUQtDcFaljFL+o2m9FdbRFdiCdIysFaPJeCPuNb8
         nHF22Fa5BY8pIVbz0Af+1Y8OtRxfmBUBbVaxNymDJHzF9C2xeGcC3Y8DUUvW8rvrI41h
         I/VPje5ohbXmzL7PAU4hHHjA/ZUzs/Fk9N35u2Puk2iBcmDePunOTyBfjHxt5M5AUAqS
         dhMw==
X-Gm-Message-State: AOJu0YwUKpHog1rrTNIXTjM+2SChmJpVmK+P8TirulkxVcfLtjNbcgJn
	oON3OrOxm6TPszm93k77x7WSV6dHAHyVWwhDTTiSE50hRw1RUjvBwhwC
X-Gm-Gg: Acq92OGbmst5FjsbYbYJqvLXQK+Vgs+GrXe2sJ34BlZEHrgUFdkxOwxqhvD2c3iHGlz
	66FNndPaTlEYaj65Ty42+MCwTLe7k2/Sy5dfc1E1UcL9TkrLirzR9jLtf8S2b2/0IdFB+K0z5++
	5Ge6P6M6DgTpjLL9rTIGGSylSO8vzMYyWYqduiXw3+mUg2c8d5NYGpwIU1D3kjXrRDY9WnplRh3
	2sRO94Dgz0Jy65+uGZoy1UQ2WIz05FlCGpAmXmbYIlYzmrnmrC/vYTaTiXky5oH1GvsUKb/tCxu
	4l2cYgi8bBYDcfHskf5p7lD0bgNMODPKS6+SHeYizjswfFTdP6y/rSUp6m5JGszy+Dxtsrp9+uC
	VrSteRSIAsT4bcAxkivzL3PDC8WturOU5r/UPt8Ty2iKrIQ7LayQEukf26Ipo0qV+keZJGpTMuK
	M5XxAUvJqwgyBTzc6bPdF6kNKRgTgawkBrCoT10NHpqTb7udJ2ckKiU0tGKU1ymRI1adjNA0pOK
	WDOXe6K
X-Received: by 2002:a05:600c:1d86:b0:48f:e518:d110 with SMTP id
 5b1f17b1804b1-490b60de066mr157435275e9.32.1780600139705;
        Thu, 04 Jun 2026 12:08:59 -0700 (PDT)
Received: from LENOVO-CAD.. (89-69-221-231.dynamic.play.pl. [89.69.221.231])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-490bc3b5b06sm82089805e9.3.2026.06.04.12.08.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 04 Jun 2026 12:08:59 -0700 (PDT)
From: =?UTF-8?q?J=C4=99drzej=20Szoszorek?= <jedrzej.szoszo@gmail.com>
To: phil@philpotter.co.uk
Cc: linux-kernel@vger.kernel.org,
	=?UTF-8?q?J=C4=99drzej=20Szoszorek?= <jedrzej.szoszo@gmail.com>
Subject: [PATCH v2] cdrom: use struct_size() in changer info allocation
Date: Thu,  4 Jun 2026 21:08:28 +0200
Message-ID: <20260604190828.128448-1-jedrzej.szoszo@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <aiBlmsRhK2uUQn4U@equinox>
References: <aiBlmsRhK2uUQn4U@equinox>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Replace the obsolete `kmalloc_obj()` pattern with the
`kzalloc(struct_size(), ...)` idiom when allocating `struct cdrom_changer_i=
nfo`.

This change ensures inherent protection against integer overflow
vulnerabilities during the calculation of the allocation size, as
`struct_size()` safely computes the size of the structure combined with
its flexible array member.

This addresses memory safety concerns without altering the driver's
logic or ABI, guaranteeing zero regressions for legacy user-space tools.

Signed-off-by: J=C4=99drzej Szoszorek <jedrzej.szoszo@gmail.com>
---
- Dropped all cosmetic and formatting changes (churn) from v1.
  - Dropped ioctl error code changes (-ENOSYS -> -ENOTTY) to prevent
    any userspace ABI breakage.
  - Dropped experimental per-device locking (mutex/spinlock) to avoid
    TOCTOU races and hardware lockout risks.
  - Kept only the critical memory safety fix (struct_size)

 drivers/cdrom/cdrom.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index 62934cf4b..31e662c8b 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -276,6 +276,7 @@
 #include <linux/times.h>
 #include <linux/uaccess.h>
 #include <scsi/scsi_common.h>
+#include <linux/overflow.h>
=20
 /* used to tell the module to turn on full debugging messages */
 static bool debug;
@@ -1341,7 +1342,7 @@ static int cdrom_slot_status(struct cdrom_device_info=
 *cdi, int slot)
 	if (cdi->sanyo_slot)
 		return CDS_NO_INFO;
 =09
-	info =3D kmalloc_obj(*info);
+	info =3D kzalloc(struct_size(info, slots, cdi->capacity), GFP_KERNEL);
 	if (!info)
 		return -ENOMEM;
=20
@@ -1370,7 +1371,7 @@ int cdrom_number_of_slots(struct cdrom_device_info *c=
di)
 	/* cdrom_read_mech_status requires a valid value for capacity: */
 	cdi->capacity =3D 0;=20
=20
-	info =3D kmalloc_obj(*info);
+	info =3D kzalloc(struct_size(info, slots, cdi->capacity), GFP_KERNEL);
 	if (!info)
 		return -ENOMEM;
=20
@@ -1429,7 +1430,7 @@ static int cdrom_select_disc(struct cdrom_device_info=
 *cdi, int slot)
 		return cdrom_load_unload(cdi, -1);
 	}
=20
-	info =3D kmalloc_obj(*info);
+	info =3D kzalloc(struct_size(info, slots, cdi->capacity), GFP_KERNEL);
 	if (!info)
 		return -ENOMEM;
=20
@@ -2334,7 +2335,7 @@ static int cdrom_ioctl_media_changed(struct cdrom_dev=
ice_info *cdi,
 	/* Prevent arg from speculatively bypassing the length check */
 	arg =3D array_index_nospec(arg, cdi->capacity);
=20
-	info =3D kmalloc_obj(*info);
+	info =3D kzalloc(struct_size(info, slots, cdi->capacity), GFP_KERNEL);
 	if (!info)
 		return -ENOMEM;
=20
--=20
2.43.0