Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3303487pxk; Mon, 21 Sep 2020 10:07:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw98ABh8Y2/Awujxcjouo0V9G6/vBf0a7Ucm3kJW0KWGQUQkrswIbeyjIeYmE0ajRR+2RcH X-Received: by 2002:a05:6402:b1a:: with SMTP id bm26mr625125edb.209.1600708036741; Mon, 21 Sep 2020 10:07:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600708036; cv=none; d=google.com; s=arc-20160816; b=njdzLiDPwybEoVDfEb09vQYfWSfFlB/GBEPRiF/B9RPgl5UWmCz/ueF6+cyPIQ62HN SV8M+7Av1wx05Duq8cDEw4S64UbvBYEEAQ5KhZ54Olb5HIuOFxDUPpxSs9jcVQG6OMrM baTfV+Mvzm8GxPUIocni7i+TKUtkaSqR2Tw8vaQ9lUv58RoxoMuqfuXUUXEaB4ZdvJXQ mhloc3jUlmig4TxfFQjSq+KMGxvXeI8Uqe/PoMklB8LrERMKd8cpqshjdHpX9CwTiKli 25RHjipackCUbgzESYzpP0L7zmVmL0D79niHDQ3KmQZoxIqaiqmj6YJNdD8Olt1b2wPc LnkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=0CrJyG3ddy1yqE5EHK/s9PAflZP2qnO9iNUuDmPM0w0=; b=Sa2D/WOZc1IfHvx+ldCDW/4KlAyc/9x0vowmWige2v5MiBzHX6t6GJwpmHgJxYFvY5 WpaUvEAWs7aqFFfT6Z7SVf5dDoilDs3RrpW9tvJFPAZe6xl2c6CF9ajvYtoFCdmg2FTy 6zbq6HS58UTQikeHDCgG0lJFfhghOK9RDuUZcvecK4cOsHgz69b4AzFyWTgGUzUHH468 8PHij4kY6Sd77hMeR2N5KdIA7+p6bGTMdyR7Hjnntg1F9PaX46BjG/NhjIjPePe7XZyK F0nSWU89R/Bsi3NTeT85y3VzSKgV9GBKyRADDQPermwcGC+zFKpb8Hsn81OJ9Hly3063 sVGA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b12si8739664edq.127.2020.09.21.10.06.52; Mon, 21 Sep 2020 10:07:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730494AbgIURDx (ORCPT + 99 others); Mon, 21 Sep 2020 13:03:53 -0400 Received: from mail-lf1-f66.google.com ([209.85.167.66]:42100 "EHLO mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730492AbgIURDv (ORCPT ); Mon, 21 Sep 2020 13:03:51 -0400 Received: by mail-lf1-f66.google.com with SMTP id b12so14837345lfp.9; Mon, 21 Sep 2020 10:03:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0CrJyG3ddy1yqE5EHK/s9PAflZP2qnO9iNUuDmPM0w0=; b=YT2SKmOC+yeJYQ3mPZQyCYNV32dSvUpe9vG7L2gLqBGV37o4whDorIp92e3hJXBkOD JXU1tp2SLXjkW+qDqu0E1+G7sBf1rHv4mR4+VqeqmNg/UqNAoxMw4gcqha+0rdw/gFx4 y+eRhuD+Xx/wUx24NOCtoBMoJ60BganonQl3mN16KkmzY4BXEYH41khSkkTT6bjwM480 vR/LjixgOTvb7rm1cdxgYpKdQNqB+RJBRgzViyMw1bB7AFkoaFqxgW7C0y3tXv1zemtl JsvQYMrQsKF8oxM4LoZmbJC+HGbelG+/vJmnWHkY4cT49O/sT8qMM09OtOSr2AWABVlZ zVow== X-Gm-Message-State: AOAM531s1s/EURFTm/6yAOOwnBkJ0ieBw8Nt7CWYG/BMfNlxXEflpyWm H5mgC5RXSKnB4CJap9vVZfA= X-Received: by 2002:ac2:53a3:: with SMTP id j3mr333399lfh.86.1600707828703; Mon, 21 Sep 2020 10:03:48 -0700 (PDT) Received: from green.intra.ispras.ru (winnie.ispras.ru. [83.149.199.91]) by smtp.googlemail.com with ESMTPSA id c22sm2689992lff.202.2020.09.21.10.03.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Sep 2020 10:03:48 -0700 (PDT) From: Denis Efremov To: David Sterba Cc: Denis Efremov , Josef Bacik , Chris Mason , linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, Kees Cook Subject: [PATCH 2/2] btrfs: check allocation size in btrfs_ioctl_send() Date: Mon, 21 Sep 2020 20:03:36 +0300 Message-Id: <20200921170336.82643-2-efremov@linux.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200921170336.82643-1-efremov@linux.com> References: <20200921170336.82643-1-efremov@linux.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Replace kvzalloc() call with kvcalloc() that checks the size internally. Use array_size() helper to compute the memory size for clone_sources_tmp. Cc: Kees Cook Signed-off-by: Denis Efremov --- fs/btrfs/send.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index c874ddda6252..9e02aba30651 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -7087,7 +7087,7 @@ long btrfs_ioctl_send(struct file *mnt_file, struct btrfs_ioctl_send_args *arg) u32 i; u64 *clone_sources_tmp = NULL; int clone_sources_to_rollback = 0; - unsigned alloc_size; + size_t alloc_size; int sort_clone_roots = 0; if (!capable(CAP_SYS_ADMIN)) @@ -7179,15 +7179,16 @@ long btrfs_ioctl_send(struct file *mnt_file, struct btrfs_ioctl_send_args *arg) sctx->waiting_dir_moves = RB_ROOT; sctx->orphan_dirs = RB_ROOT; - alloc_size = sizeof(struct clone_root) * (arg->clone_sources_count + 1); - - sctx->clone_roots = kvzalloc(alloc_size, GFP_KERNEL); + sctx->clone_roots = kvcalloc(sizeof(*sctx->clone_roots), + arg->clone_sources_count + 1, + GFP_KERNEL); if (!sctx->clone_roots) { ret = -ENOMEM; goto out; } - alloc_size = arg->clone_sources_count * sizeof(*arg->clone_sources); + alloc_size = array_size(sizeof(*arg->clone_sources), + arg->clone_sources_count); if (arg->clone_sources_count) { clone_sources_tmp = kvmalloc(alloc_size, GFP_KERNEL); -- 2.26.2