Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp175914pxj; Fri, 14 May 2021 00:35:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJymxVBu3HZg71N2sUwKfGE0cqWw3Kd+gHUtg/G+ig0kqg2ESz6hAwzhpbal0Q9tE9nsREu0 X-Received: by 2002:a17:907:1c15:: with SMTP id nc21mr48371297ejc.49.1620977718034; Fri, 14 May 2021 00:35:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620977718; cv=none; d=google.com; s=arc-20160816; b=dE9AM3kqIXNmqmEMWChNCslIiP+qiDIFj4Y91uPv/qbBVs0zsoDb6fWxRPXU509As8 gDj3fTnM5rIo5oFGTskl+Uz/kvyurvgvvFv+5hkV1r3/3otNw6uWN2GjU3MXdtHEUw6+ Ez+RSJuXOyd8kB6ZOdhodnVX1EoTfoM6GC0MUBudFlXPlGFsRpMzhLTXuxGtS47erl9l PoWEUhxgi9QmZkw0CznXulIUzl5xqT+uXs2xw7KJVSNkSBDc9HcXGnaw8vY+qTS3O+4p wnZ9XuSuxc1aE1TUhMvTcCt1pZiOUbqz94RaKzz8nKEfAqK8xe5wz6PtcGXDkN55IdzB fTww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date:dkim-signature; bh=0WO42Zn4inhHC+pt8vOlhumueAA24tex7xlJQ7AIZGU=; b=AiNzVw7pkHFHVHpBsMM0lD4dwMN/23q0Jv7q4aGzqDVXDlFVYJcq4yDia0MRhXH2hX pChv0m90NAWQkCdPqH6iyDnd5yDAJA7eagkwIRRzXQ911bzmwgU5ttY8YmtnzEBFHl2W rjfvYoNkqFtqcTNTGxboTC0zKJ/1voWMC0P0mgFlZVIbuLghKcAbT6f+WQM71YdGJfZk 03y7YKWvwiuhHSixJVe7YWIEByvkJlCHEqVmENHQ0jFcNMNmnuyMo3ttOTm7tAMQ1vSV 1Optu2ADO4pNQsYvjBAwzlyVXeA185UG0J6zJOX0Sd1lDvQekTqPIeTm//yHqnPYOj98 YluA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rYc4vO9D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f12si6986108ejl.675.2021.05.14.00.34.55; Fri, 14 May 2021 00:35:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rYc4vO9D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233108AbhEMUiF (ORCPT + 99 others); Thu, 13 May 2021 16:38:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:50016 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232887AbhEMUiE (ORCPT ); Thu, 13 May 2021 16:38:04 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id E0F95611CA; Thu, 13 May 2021 20:36:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620938214; bh=VlAuVRbSl70RsF+Hbd+PeL96a/23cRPU8oynfp6C+jk=; h=Date:From:To:Cc:Subject:From; b=rYc4vO9DB9mIHeAO/V6CPrg5l1FJJsoPI/4KYQK5Soy8oNu+zH4fDeCExIGbZZovh DJmsVOjFG8wIbD20jd2/Nw1MeD18st4GdDfMQA7gruaibtyVj9r88oz3NVdkIfoQr3 QJ1hBWvkaGgp5EtRMxrxTS0B/pG2oazqTuyKV9LIbTIRUPEx0jfcnBqTgxIwjfTDLV IgTANytJcDMaVGuslvTdffeguorK8moe0zhg0stK5iQuSlGhlWxJ3lPu55WMA18/9w 34+hwdkTr0IDDZhk429dYAP0VtpRupkf744Jf6jXzvLG1GQL2qisiRRnnSXhDEQOLe XYvm/do+LI/9A== Date: Thu, 13 May 2021 15:37:30 -0500 From: "Gustavo A. R. Silva" To: Joshua Morris , Philip Kelleher , Jens Axboe Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org Subject: [PATCH][next] rsxx: Use struct_size() in vmalloc() Message-ID: <20210513203730.GA212128@embeddedor> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Make use of the struct_size() helper instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worst scenario, could lead to heap overflows. This code was detected with the help of Coccinelle and, audited and fixed manually. Signed-off-by: Gustavo A. R. Silva --- drivers/block/rsxx/dma.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/block/rsxx/dma.c b/drivers/block/rsxx/dma.c index 0574f4495755..ed182f3dd054 100644 --- a/drivers/block/rsxx/dma.c +++ b/drivers/block/rsxx/dma.c @@ -74,9 +74,6 @@ struct dma_tracker { struct rsxx_dma *dma; }; -#define DMA_TRACKER_LIST_SIZE8 (sizeof(struct dma_tracker_list) + \ - (sizeof(struct dma_tracker) * RSXX_MAX_OUTSTANDING_CMDS)) - struct dma_tracker_list { spinlock_t lock; int head; @@ -808,7 +805,8 @@ static int rsxx_dma_ctrl_init(struct pci_dev *dev, memset(&ctrl->stats, 0, sizeof(ctrl->stats)); - ctrl->trackers = vmalloc(DMA_TRACKER_LIST_SIZE8); + ctrl->trackers = vmalloc(struct_size(ctrl->trackers, list, + RSXX_MAX_OUTSTANDING_CMDS)); if (!ctrl->trackers) return -ENOMEM; -- 2.27.0