Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp4366621pxb; Mon, 27 Sep 2021 15:40:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy9gS80OCVdQnXC749jOZbuImcbu6AOo2j/rVreKH/nLQeP5p+w0dMbkjcN5e6mBJBB8IlS X-Received: by 2002:a63:e216:: with SMTP id q22mr1656620pgh.3.1632782442503; Mon, 27 Sep 2021 15:40:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632782442; cv=none; d=google.com; s=arc-20160816; b=vzWkuyn4nBDz827NNfkKUGViZMTTiEssDBoW7Gp9NqnH83pzDPz77lpbBOTg+3arb3 jkamu4iFSSvxHLgMnVkhKlc4MxR6QMumBoqv0leeSbWxiwXTjLqnGVvzZ5AXaD3TwiDi roeXC3SQrv7b/TXwEBN9EvBf/vYs3k/n9EFl7tehwUXr9yo58lQnVyp9MJoZ5tYa/sNs xpLCxGB2FHa3xCg8EeRh1Aqq0ODB/L/GT/iA9psTxOQabCvVrygyrqUEZmNBReEX8Lrn O4xyAhRgho7UtsyaN0iq8NdWJj5EmgROPCufpEMNd8DQgttAdMVo+luvTSURc/p8Ha3B 7vvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date:dkim-signature; bh=FI71BlZgalb7B3Il3gtb2eFPOvTXJeVgkhM9ZN2Y7Gk=; b=ag15cybYTLz84hfFwn83LtYfFw+JSQHTw9agaxPEJyFAx3EoqxnrblGhGhT18w1qAm WZ5dAs/hJNSPXnDGc332B2B+5HxnsQZc/b5R8s3cKAAAPz9WFbyxnKEyQJg1xoyCldvh cIuC0ah9Ew5t+/ZTyhdEXdjPcoFby9kXnaAKHBVqUWXBHqWXDCoX0iw6j11kBmv/mLD4 usNt0QCf89QzBdvMM7BhLDCqIk7ubkh6WikW0uV9tXeYXYU+AA/WDLEv/IyArQbsYlnm bE7tFAiCijQmvKFsBPglzO20R2Fdd32Ueq625I+AZCz/0EIS3m2dpT8m37SZ6ZIyysOy GLeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="DYKF/8qp"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o4si23437303pfh.117.2021.09.27.15.40.30; Mon, 27 Sep 2021 15:40:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="DYKF/8qp"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237771AbhI0WlY (ORCPT + 99 others); Mon, 27 Sep 2021 18:41:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:55644 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237501AbhI0WlX (ORCPT ); Mon, 27 Sep 2021 18:41:23 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id EDB006103B; Mon, 27 Sep 2021 22:39:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1632782384; bh=jQsMfUi7sijCHy0O5BfSM8V3P+BdbGszL5QX7pxZXXY=; h=Date:From:To:Cc:Subject:From; b=DYKF/8qpc/4F6ifKfma2hGmYUvK8dtjn5mwyLzcvwOY72cajp0EDGXKyRFkUgldQr 8ANrq+f8cWJd3YEkqpS9MlwC0y4a6/z3jFa/igq+ITLSRbeueg0JHjbFxWDyhBbT2h zTlM3r5DGSxbZuUmgMIJhZxyKWId0vFPmhYMzANwUWHhwYSGqcMgLe194FSkRxoKFp 7vACCxL1P1ReQqesKH0ivhPiYkApZ+XVqW/vetmg7AzBY0U3rCuxRSkbnh82slAJiW Ran+iHz+qbxFEGLSgCeaO8FryeDJJKI/puwy1vOLQ9g8RJDedASXs8+tXGwAdS01Fn 30Qfyq2tfRP7A== Date: Mon, 27 Sep 2021 17:43:44 -0500 From: "Gustavo A. R. Silva" To: Bodo Stroesser , "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org, target-devel@vger.kernel.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" , linux-hardening@vger.kernel.org Subject: [PATCH][next] scsi: target: tcmu: Use struct_size() helper in kmalloc() Message-ID: <20210927224344.GA190701@embeddedor> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Make use of the struct_size() helper instead of an open-coded version, in order to avoid any potential type mistakes or integer overflows that, in the worst scenario, could lead to heap overflows. Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Gustavo A. R. Silva --- drivers/target/target_core_user.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c index 9f552f48084c..dc220fad06fa 100644 --- a/drivers/target/target_core_user.c +++ b/drivers/target/target_core_user.c @@ -1255,7 +1255,6 @@ tcmu_tmr_notify(struct se_device *se_dev, enum tcm_tmreq_table tmf, { int i = 0, cmd_cnt = 0; bool unqueued = false; - uint16_t *cmd_ids = NULL; struct tcmu_cmd *cmd; struct se_cmd *se_cmd; struct tcmu_tmr *tmr; @@ -1292,7 +1291,7 @@ tcmu_tmr_notify(struct se_device *se_dev, enum tcm_tmreq_table tmf, pr_debug("TMR event %d on dev %s, aborted cmds %d, afflicted cmd_ids %d\n", tcmu_tmr_type(tmf), udev->name, i, cmd_cnt); - tmr = kmalloc(sizeof(*tmr) + cmd_cnt * sizeof(*cmd_ids), GFP_NOIO); + tmr = kmalloc(struct_size(tmr, tmr_cmd_ids, cmd_cnt), GFP_NOIO); if (!tmr) goto unlock; -- 2.27.0