[PATCH] bpf: Improve 11 size determinations

From: Markus Elfring
Date: Mon Jan 01 2024 - 12:00:53 EST

Next message: syzbot: "[syzbot] [net?] KASAN: use-after-free Read in __skb_flow_dissect (3)"
Previous message: Kent Overstreet: "[GIT PULL] bcachefs new years fixes for 6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 1 Jan 2024 17:33:55 +0100

Replace the specification of data structures by pointer dereferences
as the parameter for the operator “sizeof” to make the corresponding size
determination a bit safer according to the Linux coding style convention.

This issue was transformed by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
---
kernel/bpf/core.c | 2 +-
kernel/bpf/inode.c | 2 +-
kernel/bpf/local_storage.c | 4 ++--
kernel/bpf/lpm_trie.c | 2 +-
kernel/bpf/verifier.c | 13 ++++++-------
5 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index ea6843be2616..1ae7b3054424 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2517,7 +2517,7 @@ int bpf_prog_array_copy_to_user(struct bpf_prog_array *array,
* bpf_prog_array_copy_to_user(..., cnt);
* so below kcalloc doesn't need extra cnt > 0 check.
*/
- ids = kcalloc(cnt, sizeof(u32), GFP_USER | __GFP_NOWARN);
+ ids = kcalloc(cnt, sizeof(*ids), GFP_USER | __GFP_NOWARN);
if (!ids)
return -ENOMEM;
nospc = bpf_prog_array_copy_core(array, ids, cnt);
diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index 41e0a55c35f5..2189760bdf0b 100644
--- a/kernel/bpf/inode.c
+++ b/kernel/bpf/inode.c
@@ -827,7 +827,7 @@ static int bpf_init_fs_context(struct fs_context *fc)
{
struct bpf_mount_opts *opts;

- opts = kzalloc(sizeof(struct bpf_mount_opts), GFP_KERNEL);
+ opts = kzalloc(sizeof(*opts), GFP_KERNEL);
if (!opts)
return -ENOMEM;

diff --git a/kernel/bpf/local_storage.c b/kernel/bpf/local_storage.c
index a04f505aefe9..75dba32cf91c 100644
--- a/kernel/bpf/local_storage.c
+++ b/kernel/bpf/local_storage.c
@@ -313,7 +313,7 @@ static struct bpf_map *cgroup_storage_map_alloc(union bpf_attr *attr)
/* max_entries is not used and enforced to be 0 */
return ERR_PTR(-EINVAL);

- map = bpf_map_area_alloc(sizeof(struct bpf_cgroup_storage_map), numa_node);
+ map = bpf_map_area_alloc(sizeof(*map), numa_node);
if (!map)
return ERR_PTR(-ENOMEM);

@@ -511,7 +511,7 @@ struct bpf_cgroup_storage *bpf_cgroup_storage_alloc(struct bpf_prog *prog,

size = bpf_cgroup_storage_calculate_size(map, &pages);

- storage = bpf_map_kmalloc_node(map, sizeof(struct bpf_cgroup_storage),
+ storage = bpf_map_kmalloc_node(map, sizeof(*storage),
gfp, map->numa_node);
if (!storage)
goto enomem;
diff --git a/kernel/bpf/lpm_trie.c b/kernel/bpf/lpm_trie.c
index b32be680da6c..3a69155d4ef3 100644
--- a/kernel/bpf/lpm_trie.c
+++ b/kernel/bpf/lpm_trie.c
@@ -643,7 +643,7 @@ static int trie_get_next_key(struct bpf_map *map, void *_key, void *_next_key)
goto find_leftmost;

node_stack = kmalloc_array(trie->max_prefixlen,
- sizeof(struct lpm_trie_node *),
+ sizeof(*node_stack),
GFP_ATOMIC | __GFP_NOWARN);
if (!node_stack)
return -ENOMEM;
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index a376eb609c41..98c1dd43670b 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1677,7 +1677,7 @@ static struct bpf_verifier_state *push_stack(struct bpf_verifier_env *env,
struct bpf_verifier_stack_elem *elem;
int err;

- elem = kzalloc(sizeof(struct bpf_verifier_stack_elem), GFP_KERNEL);
+ elem = kzalloc(sizeof(*elem), GFP_KERNEL);
if (!elem)
goto err;

@@ -2374,7 +2374,7 @@ static struct bpf_verifier_state *push_async_cb(struct bpf_verifier_env *env,
struct bpf_verifier_stack_elem *elem;
struct bpf_func_state *frame;

- elem = kzalloc(sizeof(struct bpf_verifier_stack_elem), GFP_KERNEL);
+ elem = kzalloc(sizeof(*elem), GFP_KERNEL);
if (!elem)
goto err;

@@ -15913,8 +15913,7 @@ static int check_btf_line(struct bpf_verifier_env *env,
/* Need to zero it in case the userspace may
* pass in a smaller bpf_line_info object.
*/
- linfo = kvcalloc(nr_linfo, sizeof(struct bpf_line_info),
- GFP_KERNEL | __GFP_NOWARN);
+ linfo = kvcalloc(nr_linfo, sizeof(*linfo), GFP_KERNEL | __GFP_NOWARN);
if (!linfo)
return -ENOMEM;

@@ -17161,7 +17160,7 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
* When looping the sl->state.branches will be > 0 and this state
* will not be considered for equivalence until branches == 0.
*/
- new_sl = kzalloc(sizeof(struct bpf_verifier_state_list), GFP_KERNEL);
+ new_sl = kzalloc(sizeof(*new_sl), GFP_KERNEL);
if (!new_sl)
return -ENOMEM;
env->total_states++;
@@ -20003,7 +20002,7 @@ static int do_check_common(struct bpf_verifier_env *env, int subprog)
env->prev_linfo = NULL;
env->pass_cnt++;

- state = kzalloc(sizeof(struct bpf_verifier_state), GFP_KERNEL);
+ state = kzalloc(sizeof(*state), GFP_KERNEL);
if (!state)
return -ENOMEM;
state->curframe = 0;
@@ -20717,7 +20716,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3
/* 'struct bpf_verifier_env' can be global, but since it's not small,
* allocate/free it every time bpf_check() is called
*/
- env = kzalloc(sizeof(struct bpf_verifier_env), GFP_KERNEL);
+ env = kzalloc(sizeof(*env), GFP_KERNEL);
if (!env)
return -ENOMEM;

--
2.43.0

Next message: syzbot: "[syzbot] [net?] KASAN: use-after-free Read in __skb_flow_dissect (3)"
Previous message: Kent Overstreet: "[GIT PULL] bcachefs new years fixes for 6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]