Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5587pxj;
        Thu, 13 May 2021 19:06:56 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxozm0bCRNUMS65vRSGMvOPZmAslDKCtjLfNnHelP+wI4KRRBG5rweNQPiQBSEOCHnQnrce
X-Received: by 2002:a17:906:2a08:: with SMTP id j8mr484691eje.483.1620958016165;
        Thu, 13 May 2021 19:06:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620958016; cv=none;
        d=google.com; s=arc-20160816;
        b=L5ryiVgEopq1Qc8fxiquiAvGwlyq7+nlrNlH7Di44nuxO9SXqWb5NA2SeHZwwXR0gV
         sy3axNtHr2ZRfsBOSE6UANRif5lrfYLE3ao/AKRDPDxw9/XMdAhzCHKdFyOxTTTiPQAV
         Xba+4DJeXygDy4G3CdXNnQCvH+0Y1uGGjt58mTl+tipV2tHfSG1b55m8y3PWFl1LKepb
         BHp7JH69IA1e5qS+D9XSe4N4Vf818mdUQ7YsL8zy1jnUnDAfqAitnhRW28j5kRgYkBoz
         7h9ONoo5Uxa0Av8HvIXilWJrAZ3eXGWowSbSNJ6NQTlcGgUu0jrLVtpBfd2wrk34sh9X
         C+1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-disposition:mime-version:message-id
         :subject:cc:to:from:date:dkim-signature;
        bh=6SruX1AFoDY3UHG2k6oGOHvNcIS9bdofXMS+cVaPCjs=;
        b=mYwAKyo5QUvCEzDV6Q4LUowt38TggT8s/M0iPeYEv1GKmfXOOJUMtOnJetm+CN2PkC
         ifuIRmsxK4PAWPZUtPX6itnUvOqXkcnuGDtGG+3OAve9YHJMczbE8qu0mF1UrTTbBf2c
         KlKK0toDvHLb3NH/EUYE8UxcR2R4dYrVJeXPyF/hsHlZOv8eQXfpiSl8L0zrEnBfZpmX
         /+KfLuhYeGfHR8gUtT316B/P3Pyvta+ajr3cVdjv74N4ztODVXJ4X5UFEyOPMXscN4zm
         QFICYgoR8upmm9S3kd3Nr2HISY8W7hbKnqffmeWsVxagtvDiPLfGLbF9Z4hSSzR7eD25
         lEhA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VhIteCOO;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bi14si4394876ejb.441.2021.05.13.19.06.32;
        Thu, 13 May 2021 19:06:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VhIteCOO;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231388AbhEMXCb (ORCPT <rfc822;longbowk@gmail.com> + 99 others);
        Thu, 13 May 2021 19:02:31 -0400
Received: from mail.kernel.org ([198.145.29.99]:49082 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231278AbhEMXC2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 May 2021 19:02:28 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 1742261363;
        Thu, 13 May 2021 23:01:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1620946878;
        bh=uN3yahKzBwkB+gvkdxWGKQOVS3XTusPU7ZhMIZnGDxg=;
        h=Date:From:To:Cc:Subject:From;
        b=VhIteCOOz2hyzdB7KWnX31mJ/jwWRmgYODHNwr12yHXS7kFIq2eqOChX8N240WNJ9
         315412YAXRjUnOd+u6iJY3ZOFOe3sDRi3Er3CwHVDs/IjSay7rMU5RbWGhCI6RvioC
         k4bo1L2jS79wlkwd3hYKOohsE0B0BDhoj3HiRw75dAmJi0PjsNPMZVjti1crtUhETB
         MpJmv/8bbH7uMBVnvJC7wcso+wyu2meCdShKfHI0AIHMyGZQXDFcs1Mm7UOcGyWwV9
         MRfscd9E8SyuOMwV1hCCwaWb4vviuJQNcP725m3tod75sLU3QSJRABZoYZmWGK8g1N
         kuAKYNp6vkOww==
Date:   Thu, 13 May 2021 18:01:55 -0500
From:   "Gustavo A. R. Silva" <gustavoars@kernel.org>
To:     Alex Williamson <alex.williamson@redhat.com>,
        Cornelia Huck <cohuck@redhat.com>
Cc:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        linux-hardening@vger.kernel.org
Subject: [PATCH][next] vfio/iommu_type1: Use struct_size() for kzalloc()
Message-ID: <20210513230155.GA217517@embeddedor>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows
that, in the worst scenario, could lead to heap overflows.

This code was detected with the help of Coccinelle and, audited and
fixed manually.

Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 drivers/vfio/vfio_iommu_type1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index a0747c35a778..a3e925a41b0d 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -2795,7 +2795,7 @@ static int vfio_iommu_iova_build_caps(struct vfio_iommu *iommu,
 		return 0;
 	}
 
-	size = sizeof(*cap_iovas) + (iovas * sizeof(*cap_iovas->iova_ranges));
+	size = struct_size(cap_iovas, iova_ranges, iovas);
 
 	cap_iovas = kzalloc(size, GFP_KERNEL);
 	if (!cap_iovas)
-- 
2.27.0