| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <SN7PR15MB5755D82EE7B0630CEEFE01DD9926A@SN7PR15MB5755.namprd15.prod.outlook.com>
Date: Mon, 26 Jun 2023 11:23:58 +0000
From: Bernard Metzler <BMT@...ich.ibm.com>
To: Julia Lawall <Julia.Lawall@...ia.fr>
CC: "keescook@...omium.org" <keescook@...omium.org>,
"kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
Jason Gunthorpe <jgg@...pe.ca>,
Leon Romanovsky <leon@...nel.org>,
"linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 14/26] RDMA/siw: use array_size
> -----Original Message-----
> From: Julia Lawall <JuGlia.Lawall@...ia.fr>
> Sent: Friday, 23 June 2023 23:15
> To: Bernard Metzler <BMT@...ich.ibm.com>
> Cc: keescook@...omium.org; kernel-janitors@...r.kernel.org; Jason Gunthorpe
> <jgg@...pe.ca>; Leon Romanovsky <leon@...nel.org>; linux-
> rdma@...r.kernel.org; linux-kernel@...r.kernel.org
> Subject: [EXTERNAL] [PATCH 14/26] RDMA/siw: use array_size
>
> Use array_size to protect against multiplication overflows.
>
> The changes were done using the following Coccinelle semantic patch:
>
> // <smpl>
> @@
> expression E1, E2;
> constant C1, C2;
> identifier alloc = {vmalloc,vzalloc};
> @@
>
> (
> alloc(C1 * C2,...)
> |
> alloc(
> - (E1) * (E2)
> + array_size(E1, E2)
> ,...)
> )
> // </smpl>
>
> Signed-off-by: Julia Lawall <Julia.Lawall@...ia.fr>
>
> ---
> drivers/infiniband/sw/siw/siw_qp.c | 4 ++--
> drivers/infiniband/sw/siw/siw_verbs.c | 6 +++---
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/infiniband/sw/siw/siw_qp.c
> b/drivers/infiniband/sw/siw/siw_qp.c
> index 81e9bbd9ebda..32ec85af0314 100644
> --- a/drivers/infiniband/sw/siw/siw_qp.c
> +++ b/drivers/infiniband/sw/siw/siw_qp.c
> @@ -204,7 +204,7 @@ static int siw_qp_readq_init(struct siw_qp *qp, int
> irq_size, int orq_size)
> {
> if (irq_size) {
> irq_size = roundup_pow_of_two(irq_size);
> - qp->irq = vzalloc(irq_size * sizeof(struct siw_sqe));
> + qp->irq = vzalloc(array_size(irq_size, sizeof(struct siw_sqe)));
> if (!qp->irq) {
> qp->attrs.irq_size = 0;
> return -ENOMEM;
> @@ -212,7 +212,7 @@ static int siw_qp_readq_init(struct siw_qp *qp, int
> irq_size, int orq_size)
> }
> if (orq_size) {
> orq_size = roundup_pow_of_two(orq_size);
> - qp->orq = vzalloc(orq_size * sizeof(struct siw_sqe));
> + qp->orq = vzalloc(array_size(orq_size, sizeof(struct siw_sqe)));
> if (!qp->orq) {
> qp->attrs.orq_size = 0;
> qp->attrs.irq_size = 0;
> diff --git a/drivers/infiniband/sw/siw/siw_verbs.c
> b/drivers/infiniband/sw/siw/siw_verbs.c
> index 398ec13db624..ddf83b638cb0 100644
> --- a/drivers/infiniband/sw/siw/siw_verbs.c
> +++ b/drivers/infiniband/sw/siw/siw_verbs.c
> @@ -381,7 +381,7 @@ int siw_create_qp(struct ib_qp *ibqp, struct
> ib_qp_init_attr *attrs,
> if (udata)
> qp->sendq = vmalloc_user(num_sqe * sizeof(struct siw_sqe));
> else
> - qp->sendq = vzalloc(num_sqe * sizeof(struct siw_sqe));
> + qp->sendq = vzalloc(array_size(num_sqe, sizeof(struct
> siw_sqe)));
>
> if (qp->sendq == NULL) {
> rv = -ENOMEM;
> @@ -414,7 +414,7 @@ int siw_create_qp(struct ib_qp *ibqp, struct
> ib_qp_init_attr *attrs,
> qp->recvq =
> vmalloc_user(num_rqe * sizeof(struct siw_rqe));
> else
> - qp->recvq = vzalloc(num_rqe * sizeof(struct siw_rqe));
> + qp->recvq = vzalloc(array_size(num_rqe, sizeof(struct
> siw_rqe)));
>
> if (qp->recvq == NULL) {
> rv = -ENOMEM;
> @@ -1624,7 +1624,7 @@ int siw_create_srq(struct ib_srq *base_srq,
> srq->recvq =
> vmalloc_user(srq->num_rqe * sizeof(struct siw_rqe));
> else
> - srq->recvq = vzalloc(srq->num_rqe * sizeof(struct siw_rqe));
> + srq->recvq = vzalloc(array_size(srq->num_rqe, sizeof(struct
> siw_rqe)));
>
> if (srq->recvq == NULL) {
> rv = -ENOMEM;
lgtm!
Reviewed-by: Bernard Metzler <bmt@...ich.ibm.com>
Powered by blists - more mailing lists