From patchwork Thu May 13 21:50:49 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Gustavo A. R. Silva" <gustavoars@kernel.org>
X-Patchwork-Id: 439384
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_CR_TRAILER,
 INCLUDES_PATCH, 
 MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
 autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id CE469C433B4
 for <netdev@archiver.kernel.org>;
 Thu, 13 May 2021 21:50:16 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 8247861438
 for <netdev@archiver.kernel.org>;
 Thu, 13 May 2021 21:50:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S233606AbhEMVvY (ORCPT <rfc822;netdev@archiver.kernel.org>);
 Thu, 13 May 2021 17:51:24 -0400
Received: from mail.kernel.org ([198.145.29.99]:60570 "EHLO mail.kernel.org"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S233485AbhEMVvX (ORCPT <rfc822;netdev@vger.kernel.org>);
 Thu, 13 May 2021 17:51:23 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 78AF1613F7;
 Thu, 13 May 2021 21:50:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1620942613;
 bh=jylMkVVffJcfLoicOnx1jFxnRZpA8OtO3GY3fkMHtGc=;
 h=Date:From:To:Cc:Subject:From;
 b=U8qdmD7iZmqF7v+/Q04eb+HdSftHkOzszJsUncPUUej934a8o41tC9LCyfF/06eP4
 gF+vWMiKdeAwIctsNBfezYXRYDHdXGcWq+oYc4k2YiI6tHD8KLJymQ80Eq/01b1u1u
 IKgQBooUyB/xIEQzoSUfhsu+Pr2SduOoWnGR+IooJdt5h7h/rul/R4cjU2/TcdCr4H
 Q7pOrhq+fHGHSsVGSKGVQsnZSTNcVrkGHSGVyubE0qQksrIRzpFOWnGyOa/O/82I/A
 S+tAIEkEfvux2FOPsO2SA0OfjgELA4HvL7pKEL/pdimSo2Be2lptQiPBT13/WV4CRA
 9mc5kiJyDxkzQ==
Date: Thu, 13 May 2021 16:50:49 -0500
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
To: "David S. Miller" <davem@davemloft.net>,
 Jakub Kicinski <kuba@kernel.org>, Alexei Starovoitov <ast@kernel.org>,
 Daniel Borkmann <daniel@iogearbox.net>,
 Andrii Nakryiko <andrii@kernel.org>, Martin KaFai Lau <kafai@fb.com>,
 Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
 John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org>
Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
 "Gustavo A. R. Silva" <gustavoars@kernel.org>,
 linux-hardening@vger.kernel.org
Subject: [PATCH][next] bpf: Use struct_size() in kzalloc()
Message-ID: <20210513215049.GA215271@embeddedor>
MIME-Version: 1.0
Content-Disposition: inline
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows
that, in the worst scenario, could lead to heap overflows.

This code was detected with the help of Coccinelle and, audited and
fixed manually.

Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 net/core/bpf_sk_storage.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/core/bpf_sk_storage.c b/net/core/bpf_sk_storage.c
index cc3712ad8716..f564f82e91d9 100644
--- a/net/core/bpf_sk_storage.c
+++ b/net/core/bpf_sk_storage.c
@@ -524,8 +524,7 @@ bpf_sk_storage_diag_alloc(const struct nlattr *nla_stgs)
 			nr_maps++;
 	}
 
-	diag = kzalloc(sizeof(*diag) + sizeof(diag->maps[0]) * nr_maps,
-		       GFP_KERNEL);
+	diag = kzalloc(struct_size(diag, maps, nr_maps), GFP_KERNEL);
 	if (!diag)
 		return ERR_PTR(-ENOMEM);