* [PATCH][next] RDMA/hfi1: Use struct_size() and flex_array_size() helpers
@ 2021-09-27 22:53 Gustavo A. R. Silva
2021-09-27 23:36 ` Jason Gunthorpe
0 siblings, 1 reply; 3+ messages in thread
From: Gustavo A. R. Silva @ 2021-09-27 22:53 UTC (permalink / raw)
To: Mike Marciniszyn, Dennis Dalessandro, Doug Ledford,
Jason Gunthorpe
Cc: linux-rdma, linux-kernel, Gustavo A. R. Silva, linux-hardening
Make use of the struct_size() and flex_array_size() helpers instead of
open-coded versions, in order to avoid any potential type mistakes
or integer overflows that, in the worse scenario, could lead to heap
overflows.
Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
drivers/infiniband/hw/hfi1/user_exp_rcv.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/hw/hfi1/user_exp_rcv.c b/drivers/infiniband/hw/hfi1/user_exp_rcv.c
index 0c86e9d354f8..186d30291260 100644
--- a/drivers/infiniband/hw/hfi1/user_exp_rcv.c
+++ b/drivers/infiniband/hw/hfi1/user_exp_rcv.c
@@ -692,8 +692,7 @@ static int set_rcvarray_entry(struct hfi1_filedata *fd,
* Allocate the node first so we can handle a potential
* failure before we've programmed anything.
*/
- node = kzalloc(sizeof(*node) + (sizeof(struct page *) * npages),
- GFP_KERNEL);
+ node = kzalloc(struct_size(node, pages, npages), GFP_KERNEL);
if (!node)
return -ENOMEM;
@@ -713,7 +712,7 @@ static int set_rcvarray_entry(struct hfi1_filedata *fd,
node->dma_addr = phys;
node->grp = grp;
node->freed = false;
- memcpy(node->pages, pages, sizeof(struct page *) * npages);
+ memcpy(node->pages, pages, flex_array_size(node, pages, npages));
if (fd->use_mn) {
ret = mmu_interval_notifier_insert(
--
2.27.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH][next] RDMA/hfi1: Use struct_size() and flex_array_size() helpers
2021-09-27 22:53 [PATCH][next] RDMA/hfi1: Use struct_size() and flex_array_size() helpers Gustavo A. R. Silva
@ 2021-09-27 23:36 ` Jason Gunthorpe
2021-09-27 23:50 ` Gustavo A. R. Silva
0 siblings, 1 reply; 3+ messages in thread
From: Jason Gunthorpe @ 2021-09-27 23:36 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Mike Marciniszyn, Dennis Dalessandro, Doug Ledford, linux-rdma,
linux-kernel, linux-hardening
On Mon, Sep 27, 2021 at 05:53:33PM -0500, Gustavo A. R. Silva wrote:
> Make use of the struct_size() and flex_array_size() helpers instead of
> open-coded versions, in order to avoid any potential type mistakes
> or integer overflows that, in the worse scenario, could lead to heap
> overflows.
>
> Link: https://github.com/KSPP/linux/issues/160
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
> drivers/infiniband/hw/hfi1/user_exp_rcv.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
Applied to for-next, thanks
Jason
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH][next] RDMA/hfi1: Use struct_size() and flex_array_size() helpers
2021-09-27 23:36 ` Jason Gunthorpe
@ 2021-09-27 23:50 ` Gustavo A. R. Silva
0 siblings, 0 replies; 3+ messages in thread
From: Gustavo A. R. Silva @ 2021-09-27 23:50 UTC (permalink / raw)
To: Jason Gunthorpe
Cc: Mike Marciniszyn, Dennis Dalessandro, Doug Ledford, linux-rdma,
linux-kernel, linux-hardening
On Mon, Sep 27, 2021 at 08:36:50PM -0300, Jason Gunthorpe wrote:
>
> Applied to for-next, thanks
Thanks, Jason.
--
Gustavo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-27 23:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-27 22:53 [PATCH][next] RDMA/hfi1: Use struct_size() and flex_array_size() helpers Gustavo A. R. Silva
2021-09-27 23:36 ` Jason Gunthorpe
2021-09-27 23:50 ` Gustavo A. R. Silva
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.