bpf: Replace offsetof() with struct_size()

Compared to offsetof(), struct_size() provides additional compile-time
checks for structs with flexible arrays (e.g., __must_be_array()).

No functional changes intended.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20250428210638.30219-2-thorsten.blum@linux.dev

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 64c3393..df33d19 100644 (file)
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -36,6 +36,7 @@
 #include <linux/memcontrol.h>
 #include <linux/trace_events.h>
 #include <linux/tracepoint.h>
+#include <linux/overflow.h>
 
 #include <net/netfilter/nf_bpf_link.h>
 #include <net/netkit.h>
@@ -693,7 +694,7 @@ struct btf_record *btf_record_dup(const struct btf_record *rec)
 
        if (IS_ERR_OR_NULL(rec))
                return NULL;
-       size = offsetof(struct btf_record, fields[rec->cnt]);
+       size = struct_size(rec, fields, rec->cnt);
        new_rec = kmemdup(rec, size, GFP_KERNEL | __GFP_NOWARN);
        if (!new_rec)
                return ERR_PTR(-ENOMEM);
@@ -748,7 +749,7 @@ bool btf_record_equal(const struct btf_record *rec_a, const struct btf_record *r
                return false;
        if (rec_a->cnt != rec_b->cnt)
                return false;
-       size = offsetof(struct btf_record, fields[rec_a->cnt]);
+       size = struct_size(rec_a, fields, rec_a->cnt);
        /* btf_parse_fields uses kzalloc to allocate a btf_record, so unused
         * members are zeroed out. So memcmp is safe to do without worrying
         * about padding/unused fields.