On Fri, Sep 15, 2023 at 01:01:23PM -0600, Gustavo A. R. Silva wrote: > If, for any reason, the open-coded arithmetic causes a wraparound, the > protection that `struct_size()` adds against potential integer overflows > is defeated. Fix this by hardening call to `struct_size()` with `size_mul()`. > > Fixes: 2285ec872d9d ("mlxsw: spectrum_acl_bloom_filter: use struct_size() in > kzalloc()") > Signed-off-by: Gustavo A. R. Silva <gustavo...@kernel.org>
Reviewed-by: Kees Cook <keesc...@chromium.org> -- Kees Cook