[PATCH] scsi: Use kmalloc_array to prevent overflow of dynamic size calculation

[PATCH] scsi: Use kmalloc_array to prevent overflow of dynamic size calculation

[Bhanu Seshu Kumar Valluri]

Use kmalloc_array to avoid potential overflow during dynamic size calculation
inside kmalloc.

Signed-off-by: Bhanu Seshu Kumar Valluri <bhanuseshukumar@gmail.com>
---
 drivers/scsi/smartpqi/smartpqi_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index 125944941601..7ff39f1faf38 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -8937,7 +8937,7 @@ static int pqi_host_alloc_mem(struct pqi_ctrl_info *ctrl_info,
 	if (sg_count == 0 || sg_count > PQI_HOST_MAX_SG_DESCRIPTORS)
 		goto out;
 
-	host_memory_descriptor->host_chunk_virt_address = kmalloc(sg_count * sizeof(void *), GFP_KERNEL);
+	host_memory_descriptor->host_chunk_virt_address = kmalloc_array(sg_count, sizeof(void *), GFP_KERNEL);
 	if (!host_memory_descriptor->host_chunk_virt_address)
 		goto out;
 
-- 
2.34.1

Re: [PATCH] scsi: Use kmalloc_array to prevent overflow of dynamic size calculation

[Don.Brace]

From: Bhanu Seshu Kumar Valluri <bhanuseshukumar@gmail.com>
Sent: Wednesday, October 1, 2025 6:39 AM
To: Don Brace - C33706 <Don.Brace@microchip.com>; James E . J . Bottomley <James.Bottomley@HansenPartnership.com>; Martin K . Petersen <martin.petersen@oracle.com>; storagedev <storagedev@microchip.com>
Cc: linux-scsi@vger.kernel.org <linux-scsi@vger.kernel.org>; linux-kernel-mentees@lists.linuxfoundation.org <linux-kernel-mentees@lists.linuxfoundation.org>; skhan@linuxfoundation.org <skhan@linuxfoundation.org>; david.hunter.linux@gmail.com <david.hunter.linux@gmail.com>; bhanuseshukumar@gmail.com <bhanuseshukumar@gmail.com>
Subject: [PATCH] scsi: Use kmalloc_array to prevent overflow of dynamic size calculation
 
EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe

Use kmalloc_array to avoid potential overflow during dynamic size calculation
inside kmalloc.

Signed-off-by: Bhanu Seshu Kumar Valluri <bhanuseshukumar@gmail.com>

Acked-by: Don Brace <don.brace@microchip.com>
Thanks for your patch,
Don

---
 drivers/scsi/smartpqi/smartpqi_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index 125944941601..7ff39f1faf38 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -8937,7 +8937,7 @@ static int pqi_host_alloc_mem(struct pqi_ctrl_info *ctrl_info,
        if (sg_count == 0 || sg_count > PQI_HOST_MAX_SG_DESCRIPTORS)
                goto out;

-       host_memory_descriptor->host_chunk_virt_address = kmalloc(sg_count * sizeof(void *), GFP_KERNEL);
+       host_memory_descriptor->host_chunk_virt_address = kmalloc_array(sg_count, sizeof(void *), GFP_KERNEL);
        if (!host_memory_descriptor->host_chunk_virt_address)
                goto out;

--
2.34.1

Re: [PATCH] scsi: Use kmalloc_array to prevent overflow of dynamic size calculation

[James Bottomley]

On Wed, 2025-10-01 at 17:09 +0530, Bhanu Seshu Kumar Valluri wrote:
> Use kmalloc_array to avoid potential overflow during dynamic size
> calculation inside kmalloc.

This description isn't correct.

> 
> Signed-off-by: Bhanu Seshu Kumar Valluri <bhanuseshukumar@gmail.com>
> ---
>  drivers/scsi/smartpqi/smartpqi_init.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/smartpqi/smartpqi_init.c
> b/drivers/scsi/smartpqi/smartpqi_init.c
> index 125944941601..7ff39f1faf38 100644
> --- a/drivers/scsi/smartpqi/smartpqi_init.c
> +++ b/drivers/scsi/smartpqi/smartpqi_init.c
> @@ -8937,7 +8937,7 @@ static int pqi_host_alloc_mem(struct
> pqi_ctrl_info *ctrl_info,
>  	if (sg_count == 0 || sg_count > PQI_HOST_MAX_SG_DESCRIPTORS)
>  		goto out;

Given this check

>  
> -	host_memory_descriptor->host_chunk_virt_address =
> kmalloc(sg_count * sizeof(void *), GFP_KERNEL);

How is it possible that this allocation could ever overflow?

If you want to change the description to say using kmalloc_array is
better practice or something (and the maintainer concurs) that's fine,
but we can't have a false justification in the kernel git log.

Regards,

James

Re: [PATCH] scsi: Use kmalloc_array to prevent overflow of dynamic size calculation

[Bhanu Seshu Kumar Valluri]

On 03/10/25 20:23, James Bottomley wrote:
> On Wed, 2025-10-01 at 17:09 +0530, Bhanu Seshu Kumar Valluri wrote:
>> Use kmalloc_array to avoid potential overflow during dynamic size
>> calculation inside kmalloc.
> 
> This description isn't correct.
> 
> Given this check
> 
>>  
>> -	host_memory_descriptor->host_chunk_virt_address =
>> kmalloc(sg_count * sizeof(void *), GFP_KERNEL);
> 
> How is it possible that this allocation could ever overflow?
> 
> If you want to change the description to say using kmalloc_array is
> better practice or something (and the maintainer concurs) that's fine,
> but we can't have a false justification in the kernel git log.
> 
> Regards,
> 
> James
> 
Hi,

Thank you for your helpful comment. 
I will await till maintainer confirms if it is ok to push this change as v2 with
subject line similar what you have suggested.

Regards,
Bhanu Seshu Kumar Valluri

Re: [PATCH] scsi: Use kmalloc_array to prevent overflow of dynamic size calculation

[Niklas Cassel]

On Sat, Oct 04, 2025 at 09:55:22AM +0530, Bhanu Seshu Kumar Valluri wrote:
> On 03/10/25 20:23, James Bottomley wrote:
> > On Wed, 2025-10-01 at 17:09 +0530, Bhanu Seshu Kumar Valluri wrote:
> >> Use kmalloc_array to avoid potential overflow during dynamic size
> >> calculation inside kmalloc.
> > 
> > This description isn't correct.
> > 
> > Given this check
> > 
> >>  
> >> -	host_memory_descriptor->host_chunk_virt_address =
> >> kmalloc(sg_count * sizeof(void *), GFP_KERNEL);
> > 
> > How is it possible that this allocation could ever overflow?
> > 
> > If you want to change the description to say using kmalloc_array is
> > better practice or something (and the maintainer concurs) that's fine,
> > but we can't have a false justification in the kernel git log.
> > 
> > Regards,
> > 
> > James
> > 
> Hi,
> 
> Thank you for your helpful comment. 
> I will await till maintainer confirms if it is ok to push this change as v2 with
> subject line similar what you have suggested.

You misinterpreted James' reply ("and the maintainer concurs").

James is one of the two SCSI maintainers, so there is no need to
delay sending a V2.


Kind regards,
Niklas

Re: [PATCH] scsi: Use kmalloc_array to prevent overflow of dynamic size calculation

[Bhanu Seshu Kumar Valluri]

On 06/10/25 16:58, Niklas Cassel wrote:
> On Sat, Oct 04, 2025 at 09:55:22AM +0530, Bhanu Seshu Kumar Valluri wrote:
>> On 03/10/25 20:23, James Bottomley wrote:
>>> On Wed, 2025-10-01 at 17:09 +0530, Bhanu Seshu Kumar Valluri wrote:
>>>> Use kmalloc_array to avoid potential overflow during dynamic size
>>>> calculation inside kmalloc.
>>>
>>> This description isn't correct.
>>>
>>> Given this check
>>>
>>>>  
>>>> -	host_memory_descriptor->host_chunk_virt_address =
>>>> kmalloc(sg_count * sizeof(void *), GFP_KERNEL);
>>>
>>> How is it possible that this allocation could ever overflow?
>>>
>>> If you want to change the description to say using kmalloc_array is
>>> better practice or something (and the maintainer concurs) that's fine,
>>> but we can't have a false justification in the kernel git log.
>>>
>>> Regards,
>>>
>>> James
>>>
>> Hi,
>>
>> Thank you for your helpful comment. 
>> I will await till maintainer confirms if it is ok to push this change as v2 with
>> subject line similar what you have suggested.
> 
> You misinterpreted James' reply ("and the maintainer concurs").
> 
> James is one of the two SCSI maintainers, so there is no need to
> delay sending a V2.

Hi Niklas,

Thanks for clarifying  that. I will send v2 patch.

Regards,
Bhanu Seshu Kumar Valluri