[PATCH] mtd: maps: sa1100-flash: Prefer struct_size over open coded arithmetic

Sat, 30 Mar 2024 10:56:19 -0700 

This is an effort to get rid of all multiplications from allocation
functions in order to prevent integer overflows [1][2].

As the "info" variable is a pointer to "struct sa_info" and this
structure ends in a flexible array:

struct sa_info {
        [...]
        struct sa_subdev_info   subdev[];
};

the preferred way in the kernel is to use the struct_size() helper to
do the arithmetic instead of the calculation "size + size * count" in
the kzalloc() function.

This way, the code is more readable and safer.

This code was detected with the help of Coccinelle, and audited and
modified manually.

Link: 
https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments
 [1]
Link: https://github.com/KSPP/linux/issues/160 [2]
Signed-off-by: Erick Archer <[email protected]>
---
Hi,

The Coccinelle script used to detect this code pattern is the following:

virtual report

@rule1@
type t1;
type t2;
identifier i0;
identifier i1;
identifier i2;
identifier ALLOC =~ 
"kmalloc|kzalloc|kmalloc_node|kzalloc_node|vmalloc|vzalloc|kvmalloc|kvzalloc";
position p1;
@@

i0 = sizeof(t1) + sizeof(t2) * i1;
...
i2 = ALLOC@p1(..., i0, ...);

@script:python depends on report@
p1 << rule1.p1;
@@

msg = "WARNING: verify allocation on line %s" % (p1[0].line)
coccilib.report.print_report(p1[0],msg)

Regards,
Erick
---
 drivers/mtd/maps/sa1100-flash.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/mtd/maps/sa1100-flash.c b/drivers/mtd/maps/sa1100-flash.c
index d4ce2376d33f..ac8a0a19a021 100644
--- a/drivers/mtd/maps/sa1100-flash.c
+++ b/drivers/mtd/maps/sa1100-flash.c
@@ -153,7 +153,7 @@ static struct sa_info *sa1100_setup_mtd(struct 
platform_device *pdev,
                                        struct flash_platform_data *plat)
 {
        struct sa_info *info;
-       int nr, size, i, ret = 0;
+       int nr, i, ret = 0;
 
        /*
         * Count number of devices.
@@ -167,12 +167,10 @@ static struct sa_info *sa1100_setup_mtd(struct 
platform_device *pdev,
                goto out;
        }
 
-       size = sizeof(struct sa_info) + sizeof(struct sa_subdev_info) * nr;
-
        /*
         * Allocate the map_info structs in one go.
         */
-       info = kzalloc(size, GFP_KERNEL);
+       info = kzalloc(struct_size(info, subdev, nr), GFP_KERNEL);
        if (!info) {
                ret = -ENOMEM;
                goto out;
-- 
2.25.1

Reply via email to