Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp815363rwb; Mon, 26 Sep 2022 06:16:34 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7aSxRBmw5Bjzu75SOa96OCZVJ3ONXGQY2hf5O4B/tDp9eIRINXjG+IsfCLSVwwZsZbiimo X-Received: by 2002:a17:903:228c:b0:179:c530:e6dc with SMTP id b12-20020a170903228c00b00179c530e6dcmr15340249plh.14.1664198194456; Mon, 26 Sep 2022 06:16:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664198194; cv=none; d=google.com; s=arc-20160816; b=QhpsAnCPl34rRmi9iFuG0MtmPus02xJHVyYtFMpWaXfwMAtUerxBY/9Q50sCyPGey3 FJJR+5MVt2oO3BRshkNrjXXoof+BI4SS1JAvrfezZbfg85utkG/20At5ESZyf6MjwPlH 8fHwB0YDy+PZ8Ffx1ShfmMOZ7hrYjBp7TkM82WdWcSwKjq6yxmOIP+3CsXUqAfabehGk erp7ytupCBUOBY0PQZCWA7OPj8IFQbzITjUNaZH+tS31IqiBPokWh8Ra36b5gov8qHlb wH2FOT0BA/gxljU7mXlUucbYurvd+QnOZOAIJuTgNb7umBCET8NNhVBzhKjwCZbpnnug RKhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=8dzJ1IFdfDhkQf3pP8VXfg/0+S5d83IXvNcREehdGfM=; b=JCcxcG+4UweV5Jk2+ZIDCke7//B77e/ITsAmXyAIe47Wwpl+hCO/DTM3CYL4UNbyBc 9wf0UckbKHaZYsadh7BOuXgwNbQYvLdvhaISwHmLQHyQVYOi0U8K9uWdl8o/FieIFAMl Wnq5IU08ON/dBjW8RNJ7MJ3KF9vafA178c3MXCWFU0q4hz1CI4980XdTGsIqt2gr3wj2 Lo1Of8iyvuiuyL3Z+GAcgS/LkW9XIjWcCnl1wX7zY5lDNQeObswDJ/U1IX6M4b339sTy ElkyhHkvYOrklkzaF0MijN28tmbDF9Dv26VNotlP5bgRCOgvzGC8zbqlfwESuF3c3YPw gZfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZPZgnpkg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n7-20020a170902d2c700b0017555e9de54si11785897plc.427.2022.09.26.06.16.23; Mon, 26 Sep 2022 06:16:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZPZgnpkg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239134AbiIZMAX (ORCPT + 99 others); Mon, 26 Sep 2022 08:00:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238943AbiIZL46 (ORCPT ); Mon, 26 Sep 2022 07:56:58 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A084179EDF; Mon, 26 Sep 2022 03:51:38 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 14B88B807EC; Mon, 26 Sep 2022 10:50:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 601BCC433D7; Mon, 26 Sep 2022 10:50:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1664189456; bh=IRzKGaMuCquRf/sme99rrXbn39SAxWDascXm7dwT+Q4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZPZgnpkgvcGRmJAbYxTxPGNcWHq9b2OvNuewOvF8Km9uxrp/QcFu3s/4Xn9sqDzPM F3Jj7GwCCWI6aeQvTRWTzdj3J4Z814jKyzsw8Zyor+kA+dp7kIVVaK5pANKRleCJpS 3V9ILuMCxusFBVUJ7lJK/mQhaUn3dj+5gCBvC8r0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dan Carpenter , Peter Rosin , "Gustavo A. R. Silva" , Wolfram Sang , Sasha Levin Subject: [PATCH 5.19 194/207] i2c: mux: harden i2c_mux_alloc() against integer overflows Date: Mon, 26 Sep 2022 12:13:03 +0200 Message-Id: <20220926100815.281336579@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220926100806.522017616@linuxfoundation.org> References: <20220926100806.522017616@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dan Carpenter [ Upstream commit b7af938f4379a884f15713319648a7653497a907 ] A couple years back we went through the kernel an automatically converted size calculations to use struct_size() instead. The struct_size() calculation is protected against integer overflows. However it does not make sense to use the result from struct_size() for additional math operations as that would negate any safeness. Fixes: 1f3b69b6b939 ("i2c: mux: Use struct_size() in devm_kzalloc()") Signed-off-by: Dan Carpenter Acked-by: Peter Rosin Reviewed-by: Gustavo A. R. Silva Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin --- drivers/i2c/i2c-mux.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/i2c/i2c-mux.c b/drivers/i2c/i2c-mux.c index 774507b54b57..313904be5f3b 100644 --- a/drivers/i2c/i2c-mux.c +++ b/drivers/i2c/i2c-mux.c @@ -243,9 +243,10 @@ struct i2c_mux_core *i2c_mux_alloc(struct i2c_adapter *parent, int (*deselect)(struct i2c_mux_core *, u32)) { struct i2c_mux_core *muxc; + size_t mux_size; - muxc = devm_kzalloc(dev, struct_size(muxc, adapter, max_adapters) - + sizeof_priv, GFP_KERNEL); + mux_size = struct_size(muxc, adapter, max_adapters); + muxc = devm_kzalloc(dev, size_add(mux_size, sizeof_priv), GFP_KERNEL); if (!muxc) return NULL; if (sizeof_priv) -- 2.35.1