[PATCH v2 net] ptp: fix integer overflow in max_vclocks

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store
@ 2024-06-17  9:34 Dan Carpenter
  2024-06-17 12:56 ` Wojciech Drewek
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Dan Carpenter @ 2024-06-17  9:34 UTC (permalink / raw)
  To: Yangbo Lu
  Cc: Richard Cochran, David S. Miller, netdev, linux-kernel,
	kernel-janitors, Christophe JAILLET

On 32bit systems, the "4 * max" multiply can overflow.  Use kcalloc()
to do the allocation to prevent this.

Fixes: 44c494c8e30e ("ptp: track available ptp vclocks information")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
v2: It's better to use kcalloc() instead of size_mul().

 drivers/ptp/ptp_sysfs.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/ptp/ptp_sysfs.c b/drivers/ptp/ptp_sysfs.c
index a15460aaa03b..6b1b8f57cd95 100644
--- a/drivers/ptp/ptp_sysfs.c
+++ b/drivers/ptp/ptp_sysfs.c
@@ -296,8 +296,7 @@ static ssize_t max_vclocks_store(struct device *dev,
 	if (max < ptp->n_vclocks)
 		goto out;
 
-	size = sizeof(int) * max;
-	vclock_index = kzalloc(size, GFP_KERNEL);
+	vclock_index = kcalloc(max, sizeof(int), GFP_KERNEL);
 	if (!vclock_index) {
 		err = -ENOMEM;
 		goto out;
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store
  2024-06-17  9:34 [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store Dan Carpenter
@ 2024-06-17 12:56 ` Wojciech Drewek
  2024-06-17 13:36 ` Jiri Pirko
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Wojciech Drewek @ 2024-06-17 12:56 UTC (permalink / raw)
  To: Dan Carpenter, Yangbo Lu
  Cc: Richard Cochran, David S. Miller, netdev, linux-kernel,
	kernel-janitors, Christophe JAILLET



On 17.06.2024 11:34, Dan Carpenter wrote:
> On 32bit systems, the "4 * max" multiply can overflow.  Use kcalloc()
> to do the allocation to prevent this.
> 
> Fixes: 44c494c8e30e ("ptp: track available ptp vclocks information")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---

Thx,
Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>

> v2: It's better to use kcalloc() instead of size_mul().
> 
>  drivers/ptp/ptp_sysfs.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/drivers/ptp/ptp_sysfs.c b/drivers/ptp/ptp_sysfs.c
> index a15460aaa03b..6b1b8f57cd95 100644
> --- a/drivers/ptp/ptp_sysfs.c
> +++ b/drivers/ptp/ptp_sysfs.c
> @@ -296,8 +296,7 @@ static ssize_t max_vclocks_store(struct device *dev,
>  	if (max < ptp->n_vclocks)
>  		goto out;
>  
> -	size = sizeof(int) * max;
> -	vclock_index = kzalloc(size, GFP_KERNEL);
> +	vclock_index = kcalloc(max, sizeof(int), GFP_KERNEL);
>  	if (!vclock_index) {
>  		err = -ENOMEM;
>  		goto out;

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store
  2024-06-17  9:34 [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store Dan Carpenter
  2024-06-17 12:56 ` Wojciech Drewek
@ 2024-06-17 13:36 ` Jiri Pirko
  2024-06-17 14:55 ` Heng Qi
  2024-06-18 20:40 ` patchwork-bot+netdevbpf
  3 siblings, 0 replies; 5+ messages in thread
From: Jiri Pirko @ 2024-06-17 13:36 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Yangbo Lu, Richard Cochran, David S. Miller, netdev, linux-kernel,
	kernel-janitors, Christophe JAILLET

Mon, Jun 17, 2024 at 11:34:32AM CEST, dan.carpenter@linaro.org wrote:
>On 32bit systems, the "4 * max" multiply can overflow.  Use kcalloc()
>to do the allocation to prevent this.
>
>Fixes: 44c494c8e30e ("ptp: track available ptp vclocks information")
>Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>

Reviewed-by: Jiri Pirko <jiri@nvidia.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store
  2024-06-17  9:34 [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store Dan Carpenter
  2024-06-17 12:56 ` Wojciech Drewek
  2024-06-17 13:36 ` Jiri Pirko
@ 2024-06-17 14:55 ` Heng Qi
  2024-06-18 20:40 ` patchwork-bot+netdevbpf
  3 siblings, 0 replies; 5+ messages in thread
From: Heng Qi @ 2024-06-17 14:55 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Richard Cochran, David S. Miller, netdev, linux-kernel,
	kernel-janitors, Christophe JAILLET, Yangbo Lu


在 2024/6/17 下午5:34, Dan Carpenter 写道:
> On 32bit systems, the "4 * max" multiply can overflow.  Use kcalloc()
> to do the allocation to prevent this.
>
> Fixes: 44c494c8e30e ("ptp: track available ptp vclocks information")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
> v2: It's better to use kcalloc() instead of size_mul().
>
>   drivers/ptp/ptp_sysfs.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/ptp/ptp_sysfs.c b/drivers/ptp/ptp_sysfs.c
> index a15460aaa03b..6b1b8f57cd95 100644
> --- a/drivers/ptp/ptp_sysfs.c
> +++ b/drivers/ptp/ptp_sysfs.c
> @@ -296,8 +296,7 @@ static ssize_t max_vclocks_store(struct device *dev,
>   	if (max < ptp->n_vclocks)
>   		goto out;
>   
> -	size = sizeof(int) * max;
> -	vclock_index = kzalloc(size, GFP_KERNEL);
> +	vclock_index = kcalloc(max, sizeof(int), GFP_KERNEL);
>   	if (!vclock_index) {
>   		err = -ENOMEM;
>   		goto out;

Reviewed-by: Heng Qi <hengqi@linux.alibaba.com>

Thanks!



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store
  2024-06-17  9:34 [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store Dan Carpenter
                   ` (2 preceding siblings ...)
  2024-06-17 14:55 ` Heng Qi
@ 2024-06-18 20:40 ` patchwork-bot+netdevbpf
  3 siblings, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-06-18 20:40 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: yangbo.lu, richardcochran, davem, netdev, linux-kernel,
	kernel-janitors, christophe.jaillet

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Mon, 17 Jun 2024 12:34:32 +0300 you wrote:
> On 32bit systems, the "4 * max" multiply can overflow.  Use kcalloc()
> to do the allocation to prevent this.
> 
> Fixes: 44c494c8e30e ("ptp: track available ptp vclocks information")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
> v2: It's better to use kcalloc() instead of size_mul().
> 
> [...]

Here is the summary with links:
  - [v2,net] ptp: fix integer overflow in max_vclocks_store
    https://git.kernel.org/netdev/net/c/81d23d2a2401

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-06-18 20:40 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-17  9:34 [PATCH v2 net] ptp: fix integer overflow in max_vclocks_store Dan Carpenter
2024-06-17 12:56 ` Wojciech Drewek
2024-06-17 13:36 ` Jiri Pirko
2024-06-17 14:55 ` Heng Qi
2024-06-18 20:40 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).