[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <591ae05a-7ad4-4ff7-943d-d8ecc17c91ca@moroto.mountain>
Date: Mon, 17 Jun 2024 09:01:57 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>
Cc: Yangbo Lu <yangbo.lu@....com>,
Richard Cochran <richardcochran@...il.com>,
"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH net] ptp: fix integer overflow in max_vclocks_store
On Sat, Jun 15, 2024 at 09:05:56AM +0200, Christophe JAILLET wrote:
> Le 14/06/2024 à 19:31, Dan Carpenter a écrit :
> > On 32bit systems, the "4 * max" multiply can overflow. Use size_mul()
> > to fix this.
> >
> > Fixes: 44c494c8e30e ("ptp: track available ptp vclocks information")
> > Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
> > ---
> > drivers/ptp/ptp_sysfs.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/ptp/ptp_sysfs.c b/drivers/ptp/ptp_sysfs.c
> > index a15460aaa03b..bc1562fcd6c9 100644
> > --- a/drivers/ptp/ptp_sysfs.c
> > +++ b/drivers/ptp/ptp_sysfs.c
> > @@ -296,7 +296,7 @@ static ssize_t max_vclocks_store(struct device *dev,
> > if (max < ptp->n_vclocks)
> > goto out;
> > - size = sizeof(int) * max;
> > + size = size_mul(sizeof(int), max);
> > vclock_index = kzalloc(size, GFP_KERNEL);
>
> kcalloc() maybe?
>
Fair enough. I'll resend.
> > if (!vclock_index) {
> > err = -ENOMEM;
>
>
> Unrelated but, a few lines above, should the:
> if (max == ptp->max_vclocks)
> return count;
>
> be after:
> if (mutex_lock_interruptible(&ptp->n_vclocks_mux))
> return -ERESTARTSYS;
>
> as done in n_vclocks_store()?
The code is probably better as is. This is a short cut path. We
sometimes see this pattern on fast paths where we test to see if we can
skip everything, then we test again underlock if the test is really
essential. Here if max == ptp->max_vclocks then the whole function is
very complicated no-op so it's not necessary to retest under the lock.
Meanwhile the essential "if (max < ptp->n_vclocks)" check is done under
lock. So it works and it feels like someone put some thought into it.
regards,
dan carpenter
Powered by blists - more mailing lists