[PATCH 1/2] VMCI: Remove handle_arr_calc_size()

[PATCH 1/2] VMCI: Remove handle_arr_calc_size()

[Christophe JAILLET]

Use struct_size() instead of handle_arr_calc_size().
This is much more conventionnal.

Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
 drivers/misc/vmw_vmci/vmci_handle_array.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/drivers/misc/vmw_vmci/vmci_handle_array.c b/drivers/misc/vmw_vmci/vmci_handle_array.c
index de7fee7ead1b..56d48d42736b 100644
--- a/drivers/misc/vmw_vmci/vmci_handle_array.c
+++ b/drivers/misc/vmw_vmci/vmci_handle_array.c
@@ -8,12 +8,6 @@
 #include <linux/slab.h>
 #include "vmci_handle_array.h"
 
-static size_t handle_arr_calc_size(u32 capacity)
-{
-	return VMCI_HANDLE_ARRAY_HEADER_SIZE +
-	    capacity * sizeof(struct vmci_handle);
-}
-
 struct vmci_handle_arr *vmci_handle_arr_create(u32 capacity, u32 max_capacity)
 {
 	struct vmci_handle_arr *array;
@@ -25,7 +19,7 @@ struct vmci_handle_arr *vmci_handle_arr_create(u32 capacity, u32 max_capacity)
 		capacity = min((u32)VMCI_HANDLE_ARRAY_DEFAULT_CAPACITY,
 			       max_capacity);
 
-	array = kmalloc(handle_arr_calc_size(capacity), GFP_ATOMIC);
+	array = kmalloc(struct_size(array, entries, capacity), GFP_ATOMIC);
 	if (!array)
 		return NULL;
 
@@ -51,8 +45,8 @@ int vmci_handle_arr_append_entry(struct vmci_handle_arr **array_ptr,
 		struct vmci_handle_arr *new_array;
 		u32 capacity_bump = min(array->max_capacity - array->capacity,
 					array->capacity);
-		size_t new_size = handle_arr_calc_size(array->capacity +
-						       capacity_bump);
+		size_t new_size = struct_size(array, entries,
+					      array->capacity + capacity_bump);
 
 		if (array->size >= array->max_capacity)
 			return VMCI_ERROR_NO_MEM;
-- 
2.34.1

[PATCH 2/2] VMCI: Remove VMCI_HANDLE_ARRAY_HEADER_SIZE and VMCI_HANDLE_ARRAY_MAX_CAPACITY

[Christophe JAILLET]

Remove VMCI_HANDLE_ARRAY_HEADER_SIZE and VMCI_HANDLE_ARRAY_MAX_CAPACITY
that are unused.

Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
 drivers/misc/vmw_vmci/vmci_handle_array.h | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/drivers/misc/vmw_vmci/vmci_handle_array.h b/drivers/misc/vmw_vmci/vmci_handle_array.h
index b0e6b1956014..27a38b97e8a8 100644
--- a/drivers/misc/vmw_vmci/vmci_handle_array.h
+++ b/drivers/misc/vmw_vmci/vmci_handle_array.h
@@ -20,14 +20,8 @@ struct vmci_handle_arr {
 	struct vmci_handle entries[] __counted_by(capacity);
 };
 
-#define VMCI_HANDLE_ARRAY_HEADER_SIZE				\
-	offsetof(struct vmci_handle_arr, entries)
 /* Select a default capacity that results in a 64 byte sized array */
 #define VMCI_HANDLE_ARRAY_DEFAULT_CAPACITY			6
-/* Make sure that the max array size can be expressed by a u32 */
-#define VMCI_HANDLE_ARRAY_MAX_CAPACITY				\
-	((U32_MAX - VMCI_HANDLE_ARRAY_HEADER_SIZE - 1) /	\
-	sizeof(struct vmci_handle))
 
 struct vmci_handle_arr *vmci_handle_arr_create(u32 capacity, u32 max_capacity);
 void vmci_handle_arr_destroy(struct vmci_handle_arr *array);
-- 
2.34.1

Re: [PATCH 1/2] VMCI: Remove handle_arr_calc_size()

[Kees Cook]

On Fri, Dec 08, 2023 at 09:46:09PM +0100, Christophe JAILLET wrote:
> Use struct_size() instead of handle_arr_calc_size().
> This is much more conventionnal.
> 
> Suggested-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

Looks good. And since capacity in u32, there's no need for size_add().

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook

Re: [PATCH 2/2] VMCI: Remove VMCI_HANDLE_ARRAY_HEADER_SIZE and VMCI_HANDLE_ARRAY_MAX_CAPACITY

[Kees Cook]

On Fri, Dec 08, 2023 at 09:46:10PM +0100, Christophe JAILLET wrote:
> Remove VMCI_HANDLE_ARRAY_HEADER_SIZE and VMCI_HANDLE_ARRAY_MAX_CAPACITY
> that are unused.
> 
> Suggested-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

Yes, better to just use proper sizeof(). :)

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook

Re: [PATCH 1/2] VMCI: Remove handle_arr_calc_size()

[Christophe JAILLET]

Le 08/12/2023 à 21:59, Kees Cook a écrit :
> On Fri, Dec 08, 2023 at 09:46:09PM +0100, Christophe JAILLET wrote:
>> Use struct_size() instead of handle_arr_calc_size().
>> This is much more conventionnal.
>>
>> Suggested-by: Kees Cook <keescook@chromium.org>
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> 
> Looks good. And since capacity in u32, there's no need for size_add().

Hmm,

isn't u32 + u32 --> u32, so can overflow?
If I understand correctly, the type promotion to size_t will occur after 
the addition.

So size_add() looks needed, or I missed something?

CJ

> 
> Reviewed-by: Kees Cook <keescook@chromium.org>
> 

Re: [PATCH 1/2] VMCI: Remove handle_arr_calc_size()

[Kees Cook]

On Fri, Dec 08, 2023 at 10:14:35PM +0100, Christophe JAILLET wrote:
> Le 08/12/2023 à 21:59, Kees Cook a écrit :
> > On Fri, Dec 08, 2023 at 09:46:09PM +0100, Christophe JAILLET wrote:
> > > Use struct_size() instead of handle_arr_calc_size().
> > > This is much more conventionnal.
> > > 
> > > Suggested-by: Kees Cook <keescook@chromium.org>
> > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> > 
> > Looks good. And since capacity in u32, there's no need for size_add().
> 
> Hmm,
> 
> isn't u32 + u32 --> u32, so can overflow?
> If I understand correctly, the type promotion to size_t will occur after the
> addition.

Oh lovely, I thought the promotion was first. Ugh.

> So size_add() looks needed, or I missed something?

Yeah, and I'm also to stuck in pretending 32-bit systems don't exist.
So, yes, please include size_add()...

-Kees

> 
> CJ
> 
> > 
> > Reviewed-by: Kees Cook <keescook@chromium.org>
> > 
> 

-- 
Kees Cook