Re: [PATCH] iwlwifi: d3: use struct_size() in kzalloc()

From: Kees Cook
Date: Thu Aug 23 2018 - 23:03:28 EST


On Thu, Aug 23, 2018 at 6:15 PM, Gustavo A. R. Silva
<gustavo@xxxxxxxxxxxxxx> wrote:
> One of the more common cases of allocation size calculations is finding
> the size of a structure that has a zero-sized array at the end, along
> with memory for some number of elements for that array. For example:
>
> struct foo {
> int stuff;
> void *entry[];
> };
>
> instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
>
> Instead of leaving these open-coded and prone to type mistakes, we can
> now use the new struct_size() helper:
>
> instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
>
> This issue was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

> ---
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> index 79bdae9..6960318 100644
> --- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> +++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> @@ -1769,8 +1769,7 @@ static void iwl_mvm_query_netdetect_reasons(struct iwl_mvm *mvm,
> n_matches = 0;
> }
>
> - net_detect = kzalloc(sizeof(*net_detect) +
> - (n_matches * sizeof(net_detect->matches[0])),
> + net_detect = kzalloc(struct_size(net_detect, matches, n_matches),
> GFP_KERNEL);
> if (!net_detect || !n_matches)
> goto out_report_nd;
> @@ -1785,8 +1784,7 @@ static void iwl_mvm_query_netdetect_reasons(struct iwl_mvm *mvm,
> for (j = 0; j < SCAN_OFFLOAD_MATCHING_CHANNELS_LEN; j++)
> n_channels += hweight8(fw_match->matching_channels[j]);
>
> - match = kzalloc(sizeof(*match) +
> - (n_channels * sizeof(*match->channels)),
> + match = kzalloc(struct_size(match, channels, n_channels),
> GFP_KERNEL);
> if (!match)
> goto out_report_nd;
> --
> 2.7.4
>



--
Kees Cook
Pixel Security