Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp486448pxx; Wed, 28 Oct 2020 09:24:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzHbxFUu54VQj4VCXkMV2cwkycPCIgflX9E+7BbgnLfWULKSwKiRVTCR177pDMS3F70iPg8 X-Received: by 2002:a17:906:b009:: with SMTP id v9mr3335701ejy.155.1603902286231; Wed, 28 Oct 2020 09:24:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603902286; cv=none; d=google.com; s=arc-20160816; b=Pc4JDoGfCVSNsxLVkLoxO/+TDO0a54NK1wagB+5evnY5NK1ZI/npYAL34BIKPaMecN Svx0q78xNMyJ5z+xrlb5mXU3tDCYphMWyVVq7GKHVWNYtaKBCguza8wmojxHZmfP5OGI pJIhXJSq6R282wbD9MxbSycVTgA38QcJ5gg+2h9Y0kvSnWC04N0riBszsvgb8k0acSsU xw+yZLW+QWC61//Cl1SkkROAo7AtUy1FQqUCeizyzLpyVGcIYhnGM/KgfWE7mJ2aTny/ 5eo9w4D3rxHZDsUR8cldrUbLBAh2LOdDsIc5VvYdDsT7Cbi4Kzwbg5RxK75deM0Ru6wZ +NHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=bqFewggHs3QuSqfDan6kFcPCGWrHRCI1rHCGcobc1VU=; b=lb12QwUcc28PS5xTaZL32b2XTpgUOhUEzb9XgiwjFS3cUJGucc60mL309VfCuu0HRc 8LoP/xYHBfiGRrEF+6xkur3TSsGRlp1WKGm8syxvEKlXZOez/CqBjI1AJHZcjUSE8Ils Kn3Il2eqtcP70lRa3Wr8Z2f+Q/ML8gQ3SZoa18XjqFIWM9NLR6LX/xZtmfq6BaTL1X0n mrohmG0PJAtFXwzGohFVtttZe1zY2mftP6LEWGrfWa/T5NNlU2szJjTnG8ZmDjteTdh/ up82OcYKAdNpRb4ipHnwcsWxrQBl6Gmf2p2eokjifMAd4hsshbMpd/WHkyTHE+xDOkbO M6yA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bu23si3620690ejb.83.2020.10.28.09.24.23; Wed, 28 Oct 2020 09:24:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1816656AbgJ0RIR (ORCPT + 99 others); Tue, 27 Oct 2020 13:08:17 -0400 Received: from smtprelay0063.hostedemail.com ([216.40.44.63]:47840 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1816629AbgJ0RIO (ORCPT ); Tue, 27 Oct 2020 13:08:14 -0400 Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay08.hostedemail.com (Postfix) with ESMTP id 45489182CED2A; Tue, 27 Oct 2020 17:08:10 +0000 (UTC) X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,,RULES_HIT:41:69:355:379:599:800:960:973:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1542:1593:1594:1711:1730:1747:1777:1792:1801:2393:2553:2559:2562:2828:3138:3139:3140:3141:3142:3354:3622:3865:3866:3867:3868:3870:3871:3872:3874:4321:4605:5007:6742:6743:7576:7903:8603:10004:10400:10848:11026:11232:11473:11658:11783:11914:12043:12296:12297:12438:12555:12679:12740:12895:12986:13161:13229:13439:13894:14096:14097:14181:14659:14721:21080:21451:21627:21990:30012:30054:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:2,LUA_SUMMARY:none X-HE-Tag: rake71_590ddfb2727d X-Filterd-Recvd-Size: 4916 Received: from XPS-9350.home (unknown [47.151.133.149]) (Authenticated sender: joe@perches.com) by omf05.hostedemail.com (Postfix) with ESMTPA; Tue, 27 Oct 2020 17:08:04 +0000 (UTC) Message-ID: <2767969b94fd66db1fb0fc13b5783ae65b7deb2f.camel@perches.com> Subject: Re: [PATCH 3/8] vhost: vringh: use krealloc_array() From: Joe Perches To: Bartosz Golaszewski Cc: "Michael S. Tsirkin" , Bartosz Golaszewski , Andy Shevchenko , Sumit Semwal , Gustavo Padovan , Christian =?ISO-8859-1?Q?K=F6nig?= , Mauro Carvalho Chehab , Borislav Petkov , Tony Luck , James Morse , Robert Richter , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , David Airlie , Daniel Vetter , Alexander Shishkin , Linus Walleij , Jason Wang , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Jaroslav Kysela , Takashi Iwai , linux-media , linux-drm , linaro-mm-sig@lists.linaro.org, LKML , linux-edac@vger.kernel.org, linux-gpio , kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev , linux-mm@kvack.org, Linux-ALSA Date: Tue, 27 Oct 2020 10:08:02 -0700 In-Reply-To: References: <20201027121725.24660-1-brgl@bgdev.pl> <20201027121725.24660-4-brgl@bgdev.pl> <20201027112607-mutt-send-email-mst@kernel.org> <685d850347a1191bba8ba7766fc409b140d18f03.camel@perches.com> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.38.1-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2020-10-27 at 17:58 +0100, Bartosz Golaszewski wrote: > On Tue, Oct 27, 2020 at 5:50 PM Joe Perches wrote: > > > > On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote: > > > On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote: > > > > From: Bartosz Golaszewski > > > > > > > > Use the helper that checks for overflows internally instead of manually > > > > calculating the size of the new array. > > > > > > > > Signed-off-by: Bartosz Golaszewski > > > > > > No problem with the patch, it does introduce some symmetry in the code. > > > > Perhaps more symmetry by using kmemdup > > --- > > ?drivers/vhost/vringh.c | 23 ++++++++++------------- > > ?1 file changed, 10 insertions(+), 13 deletions(-) > > > > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c > > index 8bd8b403f087..99222a3651cd 100644 > > --- a/drivers/vhost/vringh.c > > +++ b/drivers/vhost/vringh.c > > @@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh *vrh, > > ?static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp) > > ?{ > > ????????struct kvec *new; > > - unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; > > + size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; > > + size_t size; > > > > ????????if (new_num < 8) > > ????????????????new_num = 8; > > > > - flag = (iov->max_num & VRINGH_IOV_ALLOCATED); > > - if (flag) > > - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp); > > - else { > > - new = kmalloc_array(new_num, sizeof(struct iovec), gfp); > > - if (new) { > > - memcpy(new, iov->iov, > > - iov->max_num * sizeof(struct iovec)); > > - flag = VRINGH_IOV_ALLOCATED; > > - } > > - } > > + if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), &size))) > > + return -ENOMEM; > > + > > The whole point of using helpers such as kmalloc_array() is not doing > these checks manually. Tradeoffs for in readability for overflow and not mistyping or doing the multiplication of iov->max_num * sizeof(struct iovec) twice. Just fyi: the realloc doesn't do a multiplication overflow test as written so the suggestion is slightly more resistant to defect.