Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp512708rwb; Tue, 27 Sep 2022 00:09:12 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7loJh6cNyJrekoOWQ0FjLnRcoqi34V0exwe/uaIaT2+6QYBTAdJ4i1SLCijVLKpYlu2OHF X-Received: by 2002:a17:903:22c9:b0:178:18a1:d170 with SMTP id y9-20020a17090322c900b0017818a1d170mr26464912plg.2.1664262552562; Tue, 27 Sep 2022 00:09:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664262552; cv=none; d=google.com; s=arc-20160816; b=v3j7VeswWDls5pb6JQrjdhdwURT1eiZDleK2R/XRBtC1I9Wc9bn2Nx4wtW40JGL+tq 7f+XGiE5d7ekgNp1sYEgEd8Ctu0cDeLakzdsgaZrLpMDKkppRg0o9Os931Iyc+2xHvW7 6t7DWRbTMaFw+7UsQkpuFE3d7ot+bQ2O5t+kpI+D4tTkWTesJ6+BPWYYVe/aREWW6k8n AZoM5sXHJ9pQMWi0luCceBNG/afdNzV+q8zP1lpYk0ifDEKzoB8lKkQO9fo3AQ14MMsf unUb7NjvsjYIKtXna5JW3SmRvuE255ibSfyRpWTW0Z1mr54Xw3L48Cgztvt4b9wBwiqU TvCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=pTiuSq8akaf6HcYrDrBr3AdIDltW3cIK8XRgOBjLjfw=; b=uBJIjOgqrvwCrWnnbI68T9rBshLH68pfTFGHptbF1s0UmwBPjaw9F1STRY1kqkRLSm eTuQRH9dgz+4wdDyrEgtza1htooEh1UVqVDXTVB/NeLCSnZOJzwq7gS4jYnVr5KO72h4 AIB4M291aNYv4hTOoRQomHgWGpQ89CvmLoHoP2Pot2ZP2YPTPPxc6ns7v7FEQEvGuEgh ILj0+piK4cM7J3vxfAeCH3umzlybvJaCjoFPX3+SmJtp3EpAjL3Yip8p7RR7PWVdEl9I mjKcUMHFrVojJg4ile8rm5dLlZvtu7KBEAQy7m73U4DyM/9kFKEB5AH2NbA0pxgp5hkA +b1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q27-20020a638c5b000000b00439e032490csi1112177pgn.350.2022.09.27.00.08.59; Tue, 27 Sep 2022 00:09:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230209AbiI0HDp (ORCPT + 99 others); Tue, 27 Sep 2022 03:03:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50432 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229582AbiI0HDn (ORCPT ); Tue, 27 Sep 2022 03:03:43 -0400 Received: from mail.nfschina.com (mail.nfschina.com [124.16.136.209]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 55B4B6A49F; Tue, 27 Sep 2022 00:03:40 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by mail.nfschina.com (Postfix) with ESMTP id C36601E80D70; Tue, 27 Sep 2022 14:59:28 +0800 (CST) X-Virus-Scanned: amavisd-new at test.com Received: from mail.nfschina.com ([127.0.0.1]) by localhost (mail.nfschina.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JY7Jg4ZAKV7K; Tue, 27 Sep 2022 14:59:26 +0800 (CST) Received: from localhost.localdomain (unknown [180.167.10.98]) (Authenticated sender: yuzhe@nfschina.com) by mail.nfschina.com (Postfix) with ESMTPA id C59511E80D33; Tue, 27 Sep 2022 14:59:24 +0800 (CST) From: Yu Zhe To: alison.schofield@intel.com, vishal.l.verma@intel.com, ira.weiny@intel.com, bwidawsk@kernel.org, dan.j.williams@intel.com Cc: linux-cxl@vger.kernel.org, linux-kernel@vger.kernel.org, liqiong@nfschina.com, kernel-janitors@vger.kernel.org, Yu Zhe Subject: [PATCH] cxl/pmem: Use size_add() against integer overflow Date: Tue, 27 Sep 2022 15:02:47 +0800 Message-Id: <20220927070247.23148-1-yuzhe@nfschina.com> X-Mailer: git-send-email 2.11.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "struct_size() + n" may cause a integer overflow, use size_add() to handle it. Signed-off-by: Yu Zhe --- drivers/cxl/pmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cxl/pmem.c b/drivers/cxl/pmem.c index 7dc0a2fa1a6b..8c08aa009a56 100644 --- a/drivers/cxl/pmem.c +++ b/drivers/cxl/pmem.c @@ -148,7 +148,7 @@ static int cxl_pmem_set_config_data(struct cxl_dev_state *cxlds, return -EINVAL; /* 4-byte status follows the input data in the payload */ - if (struct_size(cmd, in_buf, cmd->in_length) + 4 > buf_len) + if (size_add(struct_size(cmd, in_buf, cmd->in_length), 4) > buf_len) return -EINVAL; set_lsa = -- 2.11.0