| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Sep 2023 22:50:24 +0200
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>
Cc: "David S. Miller" <davem@...emloft.net>,
David Ahern <dsahern@...nel.org>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH net-next] udp_tunnel: Use flex array to simplify code
On Mon, Sep 25, 2023 at 6:26 PM Christophe JAILLET
<christophe.jaillet@...adoo.fr> wrote:
>
> Le 24/09/2023 à 18:00, Willem de Bruijn a écrit :
> > Christophe JAILLET wrote:
> >> 'n_tables' is small, UDP_TUNNEL_NIC_MAX_TABLES = 4 as a maximum. So there
> >> is no real point to allocate the 'entries' pointers array with a dedicate
> >> memory allocation.
> >>
> >> Using a flexible array for struct udp_tunnel_nic->entries avoids the
> >> overhead of an additional memory allocation.
> >>
> >> This also saves an indirection when the array is accessed.
> >>
> >> Finally, __counted_by() can be used for run-time bounds checking if
> >> configured and supported by the compiler.
> >>
> >> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
Reviewed-by: Willem de Bruijn <willemb@...gle.com>
> >> ---
> >> net/ipv4/udp_tunnel_nic.c | 11 ++---------
> >> 1 file changed, 2 insertions(+), 9 deletions(-)
> >>
> >> diff --git a/net/ipv4/udp_tunnel_nic.c b/net/ipv4/udp_tunnel_nic.c
> >> index 029219749785..b6d2d16189c0 100644
> >> --- a/net/ipv4/udp_tunnel_nic.c
> >> +++ b/net/ipv4/udp_tunnel_nic.c
> >> @@ -47,7 +47,7 @@ struct udp_tunnel_nic {
> >>
> >> unsigned int n_tables;
> >> unsigned long missed;
> >> - struct udp_tunnel_nic_table_entry **entries;
> >> + struct udp_tunnel_nic_table_entry *entries[] __counted_by(n_tables);
> >> };
> >>
> >> /* We ensure all work structs are done using driver state, but not the code.
> >> @@ -725,16 +725,12 @@ udp_tunnel_nic_alloc(const struct udp_tunnel_nic_info *info,
> >> struct udp_tunnel_nic *utn;
> >> unsigned int i;
> >>
> >> - utn = kzalloc(sizeof(*utn), GFP_KERNEL);
> >> + utn = kzalloc(struct_size(utn, entries, n_tables), GFP_KERNEL);
> >> if (!utn)
> >> return NULL;
> >> utn->n_tables = n_tables;
> >
> > Should utn->n_tables be initialized before first use of
> > struct_size(utn, entries, n_tables)?
> >
>
> It can't be.
> struct_size() is used to compute the memory size to allocate.
>
> Before the kzalloc() call, utn does not exist, so we can't write
> anything to utn->n_tables. It is undefined at this point.
>
> It is initialized the line just after, after the allocation, but before
> any use.
Of course, sorry. I confused __counted_by's reference to a field
member in the struct, with the normal argument passing of struct_size
and flex_array_size.
Powered by blists - more mailing lists