Misc hardening changes for 5.19-rc1
Hi Linus, Please, pull the following hardening changes that I've been collecting in my tree during the last development cycle. All of them have been baking in linux-next. Replace open-coded instances with size_t saturating arithmetic helpers: - virt: acrn: Prefer array_size and struct_size over open coded arithmetic (Len Baker) - afs: Prefer struct_size over open coded arithmetic (Len Baker) Thanks -- Gustavo -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEkmRahXBSurMIg1YvRwW0y0cG2zEFAmKNUvYACgkQRwW0y0cG 2zGm1g//YZYWBEzqOncd1K4/TBzbMytxE7oQYqUiS4e3V5D1eiT8924BLr7iuWMd c64Lv0trjyHCjdqBxGLMz5cv5EZd206xS3bqIQ8gqcKHOK/z7ob/c7YJxdUcXaWK oyGY65Arg9XnuRIJvNeiwdJNpPGsSyI8BSRC6gf6NFYke/GNIgv3rxmVBSbH8V7W QVBWf3AWR8+ZlXJFHWEfIAMRwFtumAhak3ZpN/4SDWM6cw3PIm1TFEO5Jx/rWaNn LZth+91uJU6UeSrhrME/QQ9Q1kgmLUMqzW3U/HpMky7Ugi0ffWIHc83XYDOgrFRJ Br5KLL4c5SHMJfPXqHMsbRNG/bI6fJfd2A0vUDIQMdy4kX88MAzTsUzSiGe6gAAc a3RQV4qUkBvC53glZm4pb0IGY4j3vO1tf6Hd9BdxH4knpfQzVNTAwHXUxDq8kDBu Bir3B60qAktszxdp/QukmfoTRpVPSV732TMgIllVPFtFD/KYCiYFhSILPouh5JWJ 3TP8ND1hKrV3P9FVirlJxdFLcADu8dyrmwxKdxZVa6ek9xtr0gt111FYcTeZG+eS PaJ7N8G+OkvYktv14/+0DBgIQdeHQ/kp6D4eTjQZ6y0k0b7uAI3HRv7fxWh8eyOw RmaE8jQCHokUnerouBUIGEwAmyFhN3atogqIHczB4ebBNbEeOGg= =22O8 -----END PGP SIGNATURE----- Merge tag 'size_t-saturating-helpers-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux Pull misc hardening updates from Gustavo Silva: "Replace a few open-coded instances with size_t saturating arithmetic helpers" * tag 'size_t-saturating-helpers-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux: virt: acrn: Prefer array_size and struct_size over open coded arithmetic afs: Prefer struct_size over open coded arithmetic
This commit is contained in:
commit
62e5873ec9
@ -48,6 +48,7 @@ struct vm_memory_region_op {
|
||||
* @reserved: Reserved.
|
||||
* @regions_num: The number of vm_memory_region_op.
|
||||
* @regions_gpa: Physical address of a vm_memory_region_op array.
|
||||
* @regions_op: Flexible array of vm_memory_region_op.
|
||||
*
|
||||
* HC_VM_SET_MEMORY_REGIONS uses this structure to manage EPT mappings of
|
||||
* multiple memory regions of a User VM. A &struct vm_memory_region_batch
|
||||
@ -55,10 +56,11 @@ struct vm_memory_region_op {
|
||||
* ACRN Hypervisor.
|
||||
*/
|
||||
struct vm_memory_region_batch {
|
||||
u16 vmid;
|
||||
u16 reserved[3];
|
||||
u32 regions_num;
|
||||
u64 regions_gpa;
|
||||
u16 vmid;
|
||||
u16 reserved[3];
|
||||
u32 regions_num;
|
||||
u64 regions_gpa;
|
||||
struct vm_memory_region_op regions_op[];
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -192,7 +192,7 @@ int acrn_vm_ram_map(struct acrn_vm *vm, struct acrn_vm_memmap *memmap)
|
||||
|
||||
/* Get the page number of the map region */
|
||||
nr_pages = memmap->len >> PAGE_SHIFT;
|
||||
pages = vzalloc(nr_pages * sizeof(struct page *));
|
||||
pages = vzalloc(array_size(nr_pages, sizeof(*pages)));
|
||||
if (!pages)
|
||||
return -ENOMEM;
|
||||
|
||||
@ -244,16 +244,15 @@ int acrn_vm_ram_map(struct acrn_vm *vm, struct acrn_vm_memmap *memmap)
|
||||
}
|
||||
|
||||
/* Prepare the vm_memory_region_batch */
|
||||
regions_info = kzalloc(sizeof(*regions_info) +
|
||||
sizeof(*vm_region) * nr_regions,
|
||||
GFP_KERNEL);
|
||||
regions_info = kzalloc(struct_size(regions_info, regions_op,
|
||||
nr_regions), GFP_KERNEL);
|
||||
if (!regions_info) {
|
||||
ret = -ENOMEM;
|
||||
goto unmap_kernel_map;
|
||||
}
|
||||
|
||||
/* Fill each vm_memory_region_op */
|
||||
vm_region = (struct vm_memory_region_op *)(regions_info + 1);
|
||||
vm_region = regions_info->regions_op;
|
||||
regions_info->vmid = vm->vmid;
|
||||
regions_info->regions_num = nr_regions;
|
||||
regions_info->regions_gpa = virt_to_phys(vm_region);
|
||||
|
@ -219,8 +219,7 @@ void afs_cache_permit(struct afs_vnode *vnode, struct key *key,
|
||||
* yet.
|
||||
*/
|
||||
size++;
|
||||
new = kzalloc(sizeof(struct afs_permits) +
|
||||
sizeof(struct afs_permit) * size, GFP_NOFS);
|
||||
new = kzalloc(struct_size(new, permits, size), GFP_NOFS);
|
||||
if (!new)
|
||||
goto out_put;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user