kernel/trace/trace_events_user.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)
If struct_size() returns a value that does not fit in a 'int', the size
passed to kzalloc() is wrong.
Remove the intermediate 'size' variable and use struct_size() directly.
Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
I don't know if 'size' can get bigger than a int in the real world, but the
change looks safe in any cases.
On x86_64, looking at the .s files, the previous code had an extra:
movslq %r13d, %r13
which really looks wrong to me.
---
kernel/trace/trace_events_user.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 33cb6af31f39..67cc71a872b0 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -2153,7 +2153,7 @@ static int user_events_ref_add(struct user_event_file_info *info,
{
struct user_event_group *group = info->group;
struct user_event_refs *refs, *new_refs;
- int i, size, count = 0;
+ int i, count = 0;
refs = rcu_dereference_protected(info->refs,
lockdep_is_held(&group->reg_mutex));
@@ -2166,10 +2166,8 @@ static int user_events_ref_add(struct user_event_file_info *info,
return i;
}
- size = struct_size(refs, events, count + 1);
-
- new_refs = kzalloc(size, GFP_KERNEL_ACCOUNT);
-
+ new_refs = kzalloc(struct_size(refs, events, count + 1),
+ GFP_KERNEL_ACCOUNT);
if (!new_refs)
return -ENOMEM;
--
2.34.1On Sun, 20 Aug 2023 17:02:42 +0200
Christophe JAILLET <christophe.jaillet@wanadoo.fr> wrote:
> If struct_size() returns a value that does not fit in a 'int', the size
> passed to kzalloc() is wrong.
>
> Remove the intermediate 'size' variable and use struct_size() directly.
>
> Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ---
> I don't know if 'size' can get bigger than a int in the real world, but the
> change looks safe in any cases.
>
> On x86_64, looking at the .s files, the previous code had an extra:
> movslq %r13d, %r13
> which really looks wrong to me.
If size is bigger than int, then we have much bigger problems than this allocation.
That means count is over 2 billion, and the kzalloc() will fail regardless.
This is an unneeded change.
-- Steve
> ---
> kernel/trace/trace_events_user.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
> index 33cb6af31f39..67cc71a872b0 100644
> --- a/kernel/trace/trace_events_user.c
> +++ b/kernel/trace/trace_events_user.c
> @@ -2153,7 +2153,7 @@ static int user_events_ref_add(struct user_event_file_info *info,
> {
> struct user_event_group *group = info->group;
> struct user_event_refs *refs, *new_refs;
> - int i, size, count = 0;
> + int i, count = 0;
>
> refs = rcu_dereference_protected(info->refs,
> lockdep_is_held(&group->reg_mutex));
> @@ -2166,10 +2166,8 @@ static int user_events_ref_add(struct user_event_file_info *info,
> return i;
> }
>
> - size = struct_size(refs, events, count + 1);
> -
> - new_refs = kzalloc(size, GFP_KERNEL_ACCOUNT);
> -
> + new_refs = kzalloc(struct_size(refs, events, count + 1),
> + GFP_KERNEL_ACCOUNT);
> if (!new_refs)
> return -ENOMEM;
>
© 2016 - 2025 Red Hat, Inc.