Re: [PATCH v2][next] RDMA/core: Use size_{add,mul}() in calls to struct_size()

Thu, 14 Sep 2023 20:30:03 -0700 

On Mon, Sep 11, 2023 at 05:27:59PM -0600, Gustavo A. R. Silva wrote:
> Harden calls to struct_size() with size_add() and size_mul().

Specifically, make sure that open-coded arithmetic cannot cause an
overflow/wraparound. (i.e. it will stay saturated at SIZE_MAX.)

> 
> Fixes: 467f432a521a ("RDMA/core: Split port and device counter sysfs 
> attributes")
> Fixes: a4676388e2e2 ("RDMA/core: Simplify how the gid_attrs sysfs is created")
> Signed-off-by: Gustavo A. R. Silva <gustavo...@kernel.org>

Reviewed-by: Kees Cook <keesc...@chromium.org>

-Kees

> ---
> Changes in v2:
>  - Update changelog text: remove the part about binary differences (it
>    was added by mistake).
> 
>  drivers/infiniband/core/sysfs.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/infiniband/core/sysfs.c b/drivers/infiniband/core/sysfs.c
> index ee59d7391568..ec5efdc16660 100644
> --- a/drivers/infiniband/core/sysfs.c
> +++ b/drivers/infiniband/core/sysfs.c
> @@ -903,7 +903,7 @@ alloc_hw_stats_device(struct ib_device *ibdev)
>        * Two extra attribue elements here, one for the lifespan entry and
>        * one to NULL terminate the list for the sysfs core code
>        */
> -     data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
> +     data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters, 
> 1)),
>                      GFP_KERNEL);
>       if (!data)
>               goto err_free_stats;
> @@ -1009,7 +1009,7 @@ alloc_hw_stats_port(struct ib_port *port, struct 
> attribute_group *group)
>        * Two extra attribue elements here, one for the lifespan entry and
>        * one to NULL terminate the list for the sysfs core code
>        */
> -     data = kzalloc(struct_size(data, attrs, stats->num_counters + 1),
> +     data = kzalloc(struct_size(data, attrs, size_add(stats->num_counters, 
> 1)),
>                      GFP_KERNEL);
>       if (!data)
>               goto err_free_stats;
> @@ -1140,7 +1140,7 @@ static int setup_gid_attrs(struct ib_port *port,
>       int ret;
>  
>       gid_attr_group = kzalloc(struct_size(gid_attr_group, attrs_list,
> -                                          attr->gid_tbl_len * 2),
> +                                          size_mul(attr->gid_tbl_len, 2)),
>                                GFP_KERNEL);
>       if (!gid_attr_group)
>               return -ENOMEM;
> @@ -1205,8 +1205,8 @@ static struct ib_port *setup_port(struct ib_core_device 
> *coredev, int port_num,
>       int ret;
>  
>       p = kvzalloc(struct_size(p, attrs_list,
> -                             attr->gid_tbl_len + attr->pkey_tbl_len),
> -                 GFP_KERNEL);
> +                             size_add(attr->gid_tbl_len, 
> attr->pkey_tbl_len)),
> +                  GFP_KERNEL);
>       if (!p)
>               return ERR_PTR(-ENOMEM);
>       p->ibdev = device;
> -- 
> 2.34.1
> 

-- 
Kees Cook

Reply via email to