Commit 1ed4471a authored Jun 06, 2025 by Viacheslav Dubeyko Committed by Ilya Dryomov Oct 08, 2025

ceph: fix wrong sizeof argument issue in register_session()

The Coverity Scan service has detected the wrong sizeof
argument in register_session() [1]. The CID 1598909 defect
contains explanation: "The wrong sizeof value is used in
an expression or as argument to a function. The result is
an incorrect value that may cause unexpected program behaviors.
In register_session: The sizeof operator is invoked on
the wrong argument (CWE-569)".

The patch introduces a ptr_size variable that is initialized
by sizeof(struct ceph_mds_session *). And this variable is used
instead of sizeof(void *) in the code.

[1] https://scan5.scan.coverity.com/#/project-view/64304/10063?selectedIssue=1598909



Signed-off-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Reviewed-by: Alex Markuze <amarkuze@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

parent b7ed1e29

fs/ceph/mds_client.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -979,14 +979,15 @@ static struct ceph_mds_session register_session(struct ceph_mds_client mdsc,
		if (mds >= mdsc->max_sessions) {
		int newmax = 1 << get_count_order(mds + 1);
		struct ceph_mds_session **sa;
		size_t ptr_size = sizeof(struct ceph_mds_session *);

		doutc(cl, "realloc to %d\n", newmax);
		sa = kcalloc(newmax, sizeof(void *), GFP_NOFS);
		sa = kcalloc(newmax, ptr_size, GFP_NOFS);
		if (!sa)
		goto fail_realloc;
		if (mdsc->sessions) {
		memcpy(sa, mdsc->sessions,
		mdsc->max_sessions * sizeof(void *));
		mdsc->max_sessions * ptr_size);
		kfree(mdsc->sessions);
		}
		mdsc->sessions = sa;