On Wed, Aug 28, 2019 at 01:30:24PM -0500, Gustavo A. R. Silva wrote:
> Hi all,
>
> Friendly ping:
>
> Who can take this, please?
>
> Thanks
> --
> Gustavo
>
> On 6/10/19 4:06 PM, Gustavo A. R. Silva wrote:
> > One of the more common cases of allocation size calculations is finding
> > the size of a structure that has a zero-sized array at the end, along
> > with memory for some number of elements for that array. For example:
> >
> > struct nd_region {
> > ...
> > struct nd_mapping mapping[0];
> > };
> >
> > instance = kzalloc(sizeof(struct nd_region) + sizeof(struct nd_mapping) *
> > count, GFP_KERNEL);
> >
> > Instead of leaving these open-coded and prone to type mistakes, we can
> > now use the new struct_size() helper:
> >
> > instance = kzalloc(struct_size(instance, mapping, count), GFP_KERNEL);
> >
> > This code was detected with the help of Coccinelle.
> >
> > Signed-off-by: Gustavo A. R. Silva <gust...@embeddedor.com>
FWIW,
Reviewed-by: Kees Cook <keesc...@chromium.org>
-Kees
> > ---
> > drivers/nvdimm/region_devs.c | 7 +++----
> > 1 file changed, 3 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/nvdimm/region_devs.c b/drivers/nvdimm/region_devs.c
> > index b4ef7d9ff22e..88becc87e234 100644
> > --- a/drivers/nvdimm/region_devs.c
> > +++ b/drivers/nvdimm/region_devs.c
> > @@ -1027,10 +1027,9 @@ static struct nd_region *nd_region_create(struct
> > nvdimm_bus *nvdimm_bus,
> > }
> > region_buf = ndbr;
> > } else {
> > - nd_region = kzalloc(sizeof(struct nd_region)
> > - + sizeof(struct nd_mapping)
> > - * ndr_desc->num_mappings,
> > - GFP_KERNEL);
> > + nd_region = kzalloc(struct_size(nd_region, mapping,
> > + ndr_desc->num_mappings),
> > + GFP_KERNEL);
> > region_buf = nd_region;
> > }
> >
> >
--
Kees Cook
