On 8/26/20 10:48 AM, Ido Schimmel wrote:
> From: Ido Schimmel <ido...@nvidia.com>
>
> The struct looks as follows:
>
> struct nh_group {
> struct nh_group *spare; /* spare group for removals */
> u16 num_nh;
> bool mpath;
> bool fdb_nh;
> bool has_v4;
> struct nh_grp_entry nh_entries[];
> };
>
> But its offset within 'struct nexthop' is also taken into account to
> determine the allocation size.
must be a leftover from initial versions. Thanks for catching this.
>
> Instead, use struct_size() to allocate only the required number of
> bytes.
>
> Signed-off-by: Ido Schimmel <ido...@nvidia.com>
> ---
> net/ipv4/nexthop.c | 5 +----
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/net/ipv4/nexthop.c b/net/ipv4/nexthop.c
> index 134e92382275..d13730ff9aeb 100644
> --- a/net/ipv4/nexthop.c
> +++ b/net/ipv4/nexthop.c
> @@ -133,12 +133,9 @@ static struct nexthop *nexthop_alloc(void)
>
> static struct nh_group *nexthop_grp_alloc(u16 num_nh)
> {
> - size_t sz = offsetof(struct nexthop, nh_grp)
> - + sizeof(struct nh_group)
> - + sizeof(struct nh_grp_entry) * num_nh;
> struct nh_group *nhg;
>
> - nhg = kzalloc(sz, GFP_KERNEL);
> + nhg = kzalloc(struct_size(nhg, nh_entries, num_nh), GFP_KERNEL);
> if (nhg)
> nhg->num_nh = num_nh;
>
>
Reviewed-by: David Ahern <dsah...@gmail.com>
