Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows that,
in the worse scenario, could lead to heap overflows.
Link: https://github.com/KSPP/linux/issues/160
Signed-off-by: Gustavo A. R. Silva <[email protected]>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c
index 18e5aec14641..f542a36be62c 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c
@@ -497,8 +497,7 @@ static struct mlx5_fc_bulk *mlx5_fc_bulk_create(struct mlx5_core_dev *dev)
alloc_bitmask = MLX5_CAP_GEN(dev, flow_counter_bulk_alloc);
bulk_len = alloc_bitmask > 0 ? MLX5_FC_BULK_NUM_FCS(alloc_bitmask) : 1;
- bulk = kvzalloc(sizeof(*bulk) + bulk_len * sizeof(struct mlx5_fc),
- GFP_KERNEL);
+ bulk = kvzalloc(struct_size(bulk, fcs, bulk_len), GFP_KERNEL);
if (!bulk)
goto err_alloc_bulk;
--
2.27.0
On Tue, 2021-09-28 at 17:11 -0500, Gustavo A. R. Silva wrote:
> Make use of the struct_size() helper instead of an open-coded
> version,
> in order to avoid any potential type mistakes or integer overflows
> that,
> in the worse scenario, could lead to heap overflows.
>
> Link: https://github.com/KSPP/linux/issues/160
> Signed-off-by: Gustavo A. R. Silva <[email protected]>
applied to net-next-mlx5
On Thu, Sep 30, 2021 at 07:06:32PM +0000, Saeed Mahameed wrote:
> On Tue, 2021-09-28 at 17:11 -0500, Gustavo A. R. Silva wrote:
> > Make use of the struct_size() helper instead of an open-coded
> > version,
> > in order to avoid any potential type mistakes or integer overflows
> > that,
> > in the worse scenario, could lead to heap overflows.
> >
> > Link: https://github.com/KSPP/linux/issues/160
> > Signed-off-by: Gustavo A. R. Silva <[email protected]>
>
> applied to net-next-mlx5
Thanks, Saeed.
--
Gustavo