Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp512708rwb;
        Tue, 27 Sep 2022 00:09:12 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7loJh6cNyJrekoOWQ0FjLnRcoqi34V0exwe/uaIaT2+6QYBTAdJ4i1SLCijVLKpYlu2OHF
X-Received: by 2002:a17:903:22c9:b0:178:18a1:d170 with SMTP id y9-20020a17090322c900b0017818a1d170mr26464912plg.2.1664262552562;
        Tue, 27 Sep 2022 00:09:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1664262552; cv=none;
        d=google.com; s=arc-20160816;
        b=v3j7VeswWDls5pb6JQrjdhdwURT1eiZDleK2R/XRBtC1I9Wc9bn2Nx4wtW40JGL+tq
         7f+XGiE5d7ekgNp1sYEgEd8Ctu0cDeLakzdsgaZrLpMDKkppRg0o9Os931Iyc+2xHvW7
         6t7DWRbTMaFw+7UsQkpuFE3d7ot+bQ2O5t+kpI+D4tTkWTesJ6+BPWYYVe/aREWW6k8n
         AZoM5sXHJ9pQMWi0luCceBNG/afdNzV+q8zP1lpYk0ifDEKzoB8lKkQO9fo3AQ14MMsf
         unUb7NjvsjYIKtXna5JW3SmRvuE255ibSfyRpWTW0Z1mr54Xw3L48Cgztvt4b9wBwiqU
         TvCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:message-id:date:subject:cc:to:from;
        bh=pTiuSq8akaf6HcYrDrBr3AdIDltW3cIK8XRgOBjLjfw=;
        b=uBJIjOgqrvwCrWnnbI68T9rBshLH68pfTFGHptbF1s0UmwBPjaw9F1STRY1kqkRLSm
         eTuQRH9dgz+4wdDyrEgtza1htooEh1UVqVDXTVB/NeLCSnZOJzwq7gS4jYnVr5KO72h4
         AIB4M291aNYv4hTOoRQomHgWGpQ89CvmLoHoP2Pot2ZP2YPTPPxc6ns7v7FEQEvGuEgh
         ILj0+piK4cM7J3vxfAeCH3umzlybvJaCjoFPX3+SmJtp3EpAjL3Yip8p7RR7PWVdEl9I
         mjKcUMHFrVojJg4ile8rm5dLlZvtu7KBEAQy7m73U4DyM/9kFKEB5AH2NbA0pxgp5hkA
         +b1Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id q27-20020a638c5b000000b00439e032490csi1112177pgn.350.2022.09.27.00.08.59;
        Tue, 27 Sep 2022 00:09:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230209AbiI0HDp (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Tue, 27 Sep 2022 03:03:45 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50432 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229582AbiI0HDn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Sep 2022 03:03:43 -0400
Received: from mail.nfschina.com (mail.nfschina.com [124.16.136.209])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 55B4B6A49F;
        Tue, 27 Sep 2022 00:03:40 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1])
        by mail.nfschina.com (Postfix) with ESMTP id C36601E80D70;
        Tue, 27 Sep 2022 14:59:28 +0800 (CST)
X-Virus-Scanned: amavisd-new at test.com
Received: from mail.nfschina.com ([127.0.0.1])
        by localhost (mail.nfschina.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id JY7Jg4ZAKV7K; Tue, 27 Sep 2022 14:59:26 +0800 (CST)
Received: from localhost.localdomain (unknown [180.167.10.98])
        (Authenticated sender: yuzhe@nfschina.com)
        by mail.nfschina.com (Postfix) with ESMTPA id C59511E80D33;
        Tue, 27 Sep 2022 14:59:24 +0800 (CST)
From:   Yu Zhe <yuzhe@nfschina.com>
To:     alison.schofield@intel.com, vishal.l.verma@intel.com,
        ira.weiny@intel.com, bwidawsk@kernel.org, dan.j.williams@intel.com
Cc:     linux-cxl@vger.kernel.org, linux-kernel@vger.kernel.org,
        liqiong@nfschina.com, kernel-janitors@vger.kernel.org,
        Yu Zhe <yuzhe@nfschina.com>
Subject: [PATCH] cxl/pmem: Use size_add() against integer overflow
Date:   Tue, 27 Sep 2022 15:02:47 +0800
Message-Id: <20220927070247.23148-1-yuzhe@nfschina.com>
X-Mailer: git-send-email 2.11.0
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

"struct_size() + n" may cause a integer overflow,
use size_add() to handle it.

Signed-off-by: Yu Zhe <yuzhe@nfschina.com>
---
 drivers/cxl/pmem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/cxl/pmem.c b/drivers/cxl/pmem.c
index 7dc0a2fa1a6b..8c08aa009a56 100644
--- a/drivers/cxl/pmem.c
+++ b/drivers/cxl/pmem.c
@@ -148,7 +148,7 @@ static int cxl_pmem_set_config_data(struct cxl_dev_state *cxlds,
 		return -EINVAL;
 
 	/* 4-byte status follows the input data in the payload */
-	if (struct_size(cmd, in_buf, cmd->in_length) + 4 > buf_len)
+	if (size_add(struct_size(cmd, in_buf, cmd->in_length), 4) > buf_len)
 		return -EINVAL;
 
 	set_lsa =
-- 
2.11.0