From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>,
Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH master 10/23] include: linux/slab: fix possible overflow in kmalloc_array
Date: Wed, 24 Apr 2024 08:40:45 +0200 [thread overview]
Message-ID: <20240424064058.3608016-11-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20240424064058.3608016-1-a.fatoum@pengutronix.de>
If we are unlucky, n * size would overflow size_t and we'll instead
allocate a small truncated value, which may lead to memory corruption.
Fix this by using size_mul, which saturates at SIZE_MAX.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
include/linux/slab.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/slab.h b/include/linux/slab.h
index dc80808938f4..36b93bdd2f1b 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -4,6 +4,7 @@
#define _LINUX_SLAB_H
#include <malloc.h>
+#include <linux/overflow.h>
#include <linux/string.h>
#define SLAB_CONSISTENCY_CHECKS 0
@@ -98,7 +99,7 @@ static inline void *kzalloc(size_t size, gfp_t flags)
*/
static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags)
{
- return kmalloc(n * size, flags);
+ return kmalloc(size_mul(n, size), flags);
}
static inline void *kcalloc(size_t n, size_t size, gfp_t flags)
--
2.39.2
next prev parent reply other threads:[~2024-04-24 7:09 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-24 6:40 [PATCH master 00/23] treewide: fix bugs using DMA API Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 01/23] habv4: use DMA-capable memory for getting event from BootROM Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 02/23] dma: give inline dma_alloc a single external definition Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 03/23] dma: add definition for dma_zalloc Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 04/23] include: linux/kernel.h: factor out alignment macros Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 05/23] driver: move out struct device definition into its own header Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 06/23] dma: remove common.h include from asm/dma.h Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 07/23] RISC-V: dma: fix dma.h inclusion Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 08/23] sandbox: dma: drop unused driver.h include Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 09/23] dma: remove linux/kernel.h dependency from dma.h Ahmad Fatoum
2024-04-24 6:40 ` Ahmad Fatoum [this message]
2024-04-24 6:40 ` [PATCH master 11/23] include: linux/slab: use dma_alloc for kmalloc Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 12/23] include: linux/slab: retire krealloc Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 13/23] commands: mmc_extcsd: use DMA capable memory where needed Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 14/23] net: macb: use DMA-capable memory for receive buffer Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 15/23] firmware: qemu_fw_cfg: use bounce buffer for write Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 16/23] net: usb: asix: use dma_alloc for buffers in USB control messages Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 17/23] net: usb: smsc95xx: use DMA memory for usb_control_msg Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 18/23] usb: hub: use DMA memory in usb_get_port_status Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 19/23] usb: hub: use DMA-capable memory in usb_hub_configure Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 20/23] treewide: use new dma_zalloc instead of opencoding Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 21/23] usb: dwc2: host: fix mismatch between dma_map_single and unmap Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 22/23] net: bcmgenet: map DMA buffers with dma_map_single Ahmad Fatoum
2024-04-24 6:40 ` [PATCH master 23/23] dma: debug: add alignment check when mapping buffers Ahmad Fatoum
2024-04-25 7:39 ` [PATCH master 00/23] treewide: fix bugs using DMA API Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240424064058.3608016-11-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=enrico.scholz@sigma-chemnitz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox