[PATCH 1/2] um: add uml_kmalloc_array() helper to avoid potential

[PATCH 1/2] um: add uml_kmalloc_array() helper to avoid potential

[iamhswang]

From: Haisu Wang <iamhswang@gmail.com>

Add uml_kmalloc_array to avoid potential dynamic multiplication
overflow. Since in Documentation/process/deprecated.rst,
the preferred way is avoid the open-coded arithmetic.

Signed-off-by: Haisu Wang <wanghs18@chinatelecom.cn>
---
 arch/um/include/shared/um_malloc.h | 1 +
 arch/um/kernel/mem.c               | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/arch/um/include/shared/um_malloc.h b/arch/um/include/shared/um_malloc.h
index 815dd03e8707..a55a81131e10 100644
--- a/arch/um/include/shared/um_malloc.h
+++ b/arch/um/include/shared/um_malloc.h
@@ -9,6 +9,7 @@
 #include <generated/asm-offsets.h>
 
 extern void *uml_kmalloc(int size, int flags);
+extern void *uml_kmalloc_array(int count, int size, int flags);
 extern void kfree(const void *ptr);
 
 extern void *vmalloc_noprof(unsigned long size);
diff --git a/arch/um/kernel/mem.c b/arch/um/kernel/mem.c
index 39c4a7e21c6f..3bf9e9bef3bf 100644
--- a/arch/um/kernel/mem.c
+++ b/arch/um/kernel/mem.c
@@ -126,6 +126,11 @@ void *uml_kmalloc(int size, int flags)
 	return kmalloc(size, flags);
 }
 
+void *uml_kmalloc_array(int count, int size, int flags)
+{
+	return kmalloc_array(count, size, flags);
+}
+
 static const pgprot_t protection_map[16] = {
 	[VM_NONE]					= PAGE_NONE,
 	[VM_READ]					= PAGE_READONLY,
-- 
2.52.0

[PATCH 2/2] um: use uml_kmalloc_array() instead of uml_malloc()

[iamhswang]

From: Haisu Wang <iamhswang@gmail.com>

Replace uml_kmalloc() with uml_kmalloc_array() for multiplication.

Signed-off-by: Haisu Wang <wanghs18@chinatelecom.cn>
---
 arch/um/drivers/vector_user.c | 4 ++--
 arch/um/drivers/vfio_user.c   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/um/drivers/vector_user.c b/arch/um/drivers/vector_user.c
index 2ea67e6fd067..adc4280691cf 100644
--- a/arch/um/drivers/vector_user.c
+++ b/arch/um/drivers/vector_user.c
@@ -868,8 +868,8 @@ void *uml_vector_default_bpf(const void *mac)
 	} else {
 		return NULL;
 	}
-	bpf = uml_kmalloc(
-		sizeof(struct sock_filter) * DEFAULT_BPF_LEN, UM_GFP_KERNEL);
+	bpf = uml_kmalloc_array(DEFAULT_BPF_LEN, sizeof(struct sock_filter),
+			UM_GFP_KERNEL);
 	if (bpf) {
 		bpf_prog->filter = bpf;
 		/* ld	[8] */
diff --git a/arch/um/drivers/vfio_user.c b/arch/um/drivers/vfio_user.c
index 6a45d8e14582..4ad8c8c59e9d 100644
--- a/arch/um/drivers/vfio_user.c
+++ b/arch/um/drivers/vfio_user.c
@@ -194,7 +194,7 @@ int uml_vfio_user_setup_device(struct uml_vfio_user_device *dev,
 	if (dev->num_regions > VFIO_PCI_CONFIG_REGION_INDEX + 1)
 		dev->num_regions = VFIO_PCI_CONFIG_REGION_INDEX + 1;
 
-	dev->region = uml_kmalloc(sizeof(*dev->region) * dev->num_regions,
+	dev->region = uml_kmalloc_array(dev->num_regions, sizeof(*dev->region),
 				  UM_GFP_KERNEL);
 	if (!dev->region) {
 		err = -ENOMEM;
@@ -223,7 +223,7 @@ int uml_vfio_user_setup_device(struct uml_vfio_user_device *dev,
 
 	dev->irq_count = irq_info.count;
 
-	dev->irqfd = uml_kmalloc(sizeof(int) * dev->irq_count, UM_GFP_KERNEL);
+	dev->irqfd = uml_kmalloc_array(dev->irq_count, sizeof(int), UM_GFP_KERNEL);
 	if (!dev->irqfd) {
 		err = -ENOMEM;
 		goto free_region;
-- 
2.52.0