[PATCH 07/13][Hirsute/linux-azure] net: mana: Use struct_size() in kzalloc()
Tim Gardner
tim.gardner at canonical.com
Thu Oct 21 12:23:48 UTC 2021
From: "Gustavo A. R. Silva" <gustavoars at kernel.org>
BugLink: https://bugs.launchpad.net/bugs/1947859
Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows
that, in the worst scenario, could lead to heap overflows.
This code was detected with the help of Coccinelle and, audited and
fixed manually.
Signed-off-by: Gustavo A. R. Silva <gustavoars at kernel.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit ea89c862f01e02ec459932c7c3113fa37aedd09a)
Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
---
drivers/net/ethernet/microsoft/mana/mana_en.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c
index 04d067243457..46aee2c49f1b 100644
--- a/drivers/net/ethernet/microsoft/mana/mana_en.c
+++ b/drivers/net/ethernet/microsoft/mana/mana_en.c
@@ -1387,8 +1387,7 @@ static struct mana_rxq *mana_create_rxq(struct mana_port_context *apc,
gc = gd->gdma_context;
- rxq = kzalloc(sizeof(*rxq) +
- RX_BUFFERS_PER_QUEUE * sizeof(struct mana_recv_buf_oob),
+ rxq = kzalloc(struct_size(rxq, rx_oobs, RX_BUFFERS_PER_QUEUE),
GFP_KERNEL);
if (!rxq)
return NULL;
--
2.33.1
More information about the kernel-team
mailing list