Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2623314pxb; Sun, 17 Oct 2021 20:48:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyUjm3atGQpuQx5P8yBSnXitOuIxtInM827VNK2qpTJopDnrZLCu7vrcKgj30eKj5W9NLwN X-Received: by 2002:a63:6f4c:: with SMTP id k73mr3060460pgc.61.1634528905887; Sun, 17 Oct 2021 20:48:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634528905; cv=none; d=google.com; s=arc-20160816; b=MmrCw6l33pJFdVLDoURp5e29EIGw5kLe1QgE8lLjR/TdtACJA6ApwOMwrLQHI6RDjQ HEq9bSI5RFO/l8D5g0iUgqR1ZgId1AjBcZj9YCYFEYSft1uzMd2aLwnun/XQQIhXRk1Z 1T0MX4O3rHrT5S//du0XAkJvip2rat/q2Qmi0Ex93NJnU7Km05MuFwxmHjdtJppk47FL HKw9a7kAFk9o/a2hxgmB1ChWRiZW3mLleQSvsGxvvL5w3V4I1sBY4ee5+Y2sjicVGiX9 Qs0tg6jlTAzeAbYxQdYolMDG+RJB6xHN+YmOI8ExMORdK+9Gi6bDECs2IfSYBA4Cvhjy L2XA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=/P6HD+Pg50ZUYvHLwDHldSEyEDcDjd9Kjg6B1oqoIWk=; b=U1GUVz9hlCnz9RhsjW+5w12v5olaHgMF8dGteL2agshr2wd9PtfRCwLttXb3TeTTa6 7jrRmh+SLZlcE+pmmzVELz1qvYNlXdhAmShb6q6lSaJCEeLydx6d7NO6+9I4z9fOCp6r YO01ygu71R7cKDMRlYM4B7b0Nu9zZENR0nq6KyIRutcfMZCQJzlLRixcYRZb0+OlT7Ei ZikXMViS6RA4gVpjr4Zj929Adl38aLcSTpgaJkLoQJPJePi4D+oGmOvO7mcizk78R4zk LSnPdUruaXM2ehdUFgjOZI1X9avrBIXQ8OCMEwXk1WT1tG9Wh2MGthc0eYAqM6gDqFKD K5LA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 66si18756420pga.561.2021.10.17.20.48.13; Sun, 17 Oct 2021 20:48:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344904AbhJRBJD (ORCPT + 98 others); Sun, 17 Oct 2021 21:09:03 -0400 Received: from mga04.intel.com ([192.55.52.120]:31464 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344765AbhJRBJB (ORCPT ); Sun, 17 Oct 2021 21:09:01 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10140"; a="226919008" X-IronPort-AV: E=Sophos;i="5.85,380,1624345200"; d="scan'208";a="226919008" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Oct 2021 18:06:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,380,1624345200"; d="scan'208";a="493379665" Received: from louislifei-optiplex-7050.sh.intel.com (HELO louislifei-OptiPlex-7050) ([10.239.154.151]) by orsmga008.jf.intel.com with ESMTP; 17 Oct 2021 18:06:48 -0700 Date: Mon, 18 Oct 2021 09:07:16 +0800 From: Li Fei1 To: Len Baker Cc: keescook@chromium.org, gustavoars@kernel.org, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] virt: acrn: Prefer array_syze and struct_size over open coded arithmetic Message-ID: <20211018010716.GA31860@louislifei-OptiPlex-7050> References: <20211011103902.15638-1-len.baker@gmx.com> <20211012013429.GA28284@louislifei-OptiPlex-7050> <20211015155248.GA3289@titan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211015155248.GA3289@titan> User-Agent: Mutt/1.9.4 (2018-02-28) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 15, 2021 at 05:52:48PM +0200, Len Baker wrote: > Hi Li, > > On Tue, Oct 12, 2021 at 09:34:29AM +0800, Li Fei1 wrote: > > On Mon, Oct 11, 2021 at 12:39:02PM +0200, Len Baker wrote: > > > As noted in the "Deprecated Interfaces, Language Features, Attributes, > > > and Conventions" documentation [1], size calculations (especially > > > multiplication) should not be performed in memory allocator (or similar) > > > function arguments due to the risk of them overflowing. This could lead > > > to values wrapping around and a smaller allocation being made than the > > > caller was expecting. Using those allocations could lead to linear > > > overflows of heap memory and other misbehaviors. > > > > > > So, use the array_size() helper to do the arithmetic instead of the > > > argument "count * size" in the vzalloc() function. > > > > > > Also, take the opportunity to add a flexible array member of struct > > > vm_memory_region_op to the vm_memory_region_batch structure. And then, > > > change the code accordingly and use the struct_size() helper to do the > > > arithmetic instead of the argument "size + size * count" in the kzalloc > > > function. > > > > > > This code was detected with the help of Coccinelle and audited and fixed > > > manually. > > > > > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments > > > > > > Signed-off-by: Len Baker > > > > Hi Baker > > > > Thanks for helping us to fix this issue. This patch looks good to me. > > Please add Signed-off-by: Fei Li . > > I can't add the "Signed-off-by" tag by myself. However, if you are in the > path to forward the patch to the mainline (maintainer's tree), you can > add by yourself the "Signed-off-by" tag before send a "pull" to Linus. > See [1] for more information. > > [1] https://www.kernel.org/doc/html/latest/process/submitting-patches.html#sign-your-work-the-developer-s-certificate-of-origin > > If you don't have a maintainer's tree, you can give (as a maintainer) an > "Acked-by" tag that then I can add to the patch. More info in [2]. Acked-by: Fei Li thanks. > > [2] https://www.kernel.org/doc/html/latest/process/submitting-patches.html#when-to-use-acked-by-cc-and-co-developed-by > > > Only two minor comments. > > > > > > > --- > > > drivers/virt/acrn/acrn_drv.h | 10 ++++++---- > > > drivers/virt/acrn/mm.c | 9 ++++----- > > > 2 files changed, 10 insertions(+), 9 deletions(-) > > > > > > diff --git a/drivers/virt/acrn/acrn_drv.h b/drivers/virt/acrn/acrn_drv.h > > > index 1be54efa666c..fcc2e3e5232a 100644 > > > --- a/drivers/virt/acrn/acrn_drv.h > > > +++ b/drivers/virt/acrn/acrn_drv.h > > > @@ -48,6 +48,7 @@ struct vm_memory_region_op { > > > * @reserved: Reserved. > > > * @regions_num: The number of vm_memory_region_op. > > > * @regions_gpa: Physical address of a vm_memory_region_op array. > > > + * @regions_op: Flexible array of vm_memory_region_op. > > One Tab please. > > Sorry, but if I use only one tab, the parameters description are not all > aligned. > > > > * > > > * HC_VM_SET_MEMORY_REGIONS uses this structure to manage EPT mappings of > > > * multiple memory regions of a User VM. A &struct vm_memory_region_batch > > > @@ -55,10 +56,11 @@ struct vm_memory_region_op { > > > * ACRN Hypervisor. > > > */ > > > struct vm_memory_region_batch { > > > - u16 vmid; > > > - u16 reserved[3]; > > > - u32 regions_num; > > > - u64 regions_gpa; > > > + u16 vmid; > > > + u16 reserved[3]; > > > + u32 regions_num; > > > + u64 regions_gpa; > > > + struct vm_memory_region_op regions_op[]; > > Please use Whitespace instead of Tab. > > Sorry, but I don't understand. Do you prefer something like?: > > diff --git a/drivers/virt/acrn/acrn_drv.h b/drivers/virt/acrn/acrn_drv.h > index fcc2e3e5232a..5663c17ad37c 100644 > --- a/drivers/virt/acrn/acrn_drv.h > +++ b/drivers/virt/acrn/acrn_drv.h > @@ -56,11 +56,11 @@ struct vm_memory_region_op { > * ACRN Hypervisor. > */ > struct vm_memory_region_batch { > - u16 vmid; > - u16 reserved[3]; > - u32 regions_num; > - u64 regions_gpa; > - struct vm_memory_region_op regions_op[]; > + u16 vmid; > + u16 reserved[3]; > + u32 regions_num; > + u64 regions_gpa; > + struct vm_memory_region_op regions_op[]; > }; > > /** > > Moreover, for the v2 I will fix the typo "syze->size" in the subject as > suggested Kees ;) > > Regards, > Len