tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

net/ipv4: Revert use of struct_size() helper

Revert the use of structr_size() and stay with IP_MSFILTER_SIZE() for
now, as in this case, the size of struct ip_msfilter didn't change with
the addition of the flexible array imsf_slist_flex[]. So, if we use
struct_size() we will be allocating and calculating the size of
struct ip_msfilter with one too many items for imsf_slist_flex[].

We might use struct_size() in the future, but for now let's stay
with IP_MSFILTER_SIZE().

Fixes: 2d3e5caf96b9 ("net/ipv4: Replace one-element array with flexible-array member")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Gustavo A. R. Silva and committed by
David S. Miller 4167a960 af352460

+7 -9
+2 -2
net/ipv4/igmp.c
··· 2553 2553 copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc; 2554 2554 len = flex_array_size(psl, sl_addr, copycount); 2555 2555 msf->imsf_numsrc = count; 2556 - if (put_user(struct_size(optval, imsf_slist_flex, copycount), optlen) || 2557 - copy_to_user(optval, msf, struct_size(optval, imsf_slist_flex, 0))) { 2556 + if (put_user(IP_MSFILTER_SIZE(copycount), optlen) || 2557 + copy_to_user(optval, msf, IP_MSFILTER_SIZE(0))) { 2558 2558 return -EFAULT; 2559 2559 } 2560 2560 if (len &&
+5 -7
net/ipv4/ip_sockglue.c
··· 667 667 struct sockaddr_in *psin; 668 668 int err, i; 669 669 670 - msf = kmalloc(struct_size(msf, imsf_slist_flex, numsrc), GFP_KERNEL); 670 + msf = kmalloc(IP_MSFILTER_SIZE(numsrc), GFP_KERNEL); 671 671 if (!msf) 672 672 return -ENOBUFS; 673 673 ··· 1228 1228 { 1229 1229 struct ip_msfilter *msf; 1230 1230 1231 - if (optlen < struct_size(msf, imsf_slist_flex, 0)) 1231 + if (optlen < IP_MSFILTER_SIZE(0)) 1232 1232 goto e_inval; 1233 1233 if (optlen > sysctl_optmem_max) { 1234 1234 err = -ENOBUFS; ··· 1246 1246 err = -ENOBUFS; 1247 1247 break; 1248 1248 } 1249 - if (struct_size(msf, imsf_slist_flex, msf->imsf_numsrc) > 1250 - optlen) { 1249 + if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) { 1251 1250 kfree(msf); 1252 1251 err = -EINVAL; 1253 1252 break; ··· 1659 1660 { 1660 1661 struct ip_msfilter msf; 1661 1662 1662 - if (len < struct_size(&msf, imsf_slist_flex, 0)) { 1663 + if (len < IP_MSFILTER_SIZE(0)) { 1663 1664 err = -EINVAL; 1664 1665 goto out; 1665 1666 } 1666 - if (copy_from_user(&msf, optval, 1667 - struct_size(&msf, imsf_slist_flex, 0))) { 1667 + if (copy_from_user(&msf, optval, IP_MSFILTER_SIZE(0))) { 1668 1668 err = -EFAULT; 1669 1669 goto out; 1670 1670 }