* [PATCH] scsi: advansys: Prefer struct_size over open coded arithmetic
@ 2021-09-18 11:18 Len Baker
2021-09-20 23:57 ` Gustavo A. R. Silva
0 siblings, 1 reply; 2+ messages in thread
From: Len Baker @ 2021-09-18 11:18 UTC (permalink / raw)
To: Matthew Wilcox, Hannes Reinecke, James E.J. Bottomley,
Martin K. Petersen
Cc: Len Baker, Gustavo A. R. Silva, Kees Cook, linux-hardening,
linux-scsi, linux-kernel
As noted in the "Deprecated Interfaces, Language Features, Attributes,
and Conventions" documentation [1], size calculations (especially
multiplication) should not be performed in memory allocator (or similar)
function arguments due to the risk of them overflowing. This could lead
to values wrapping around and a smaller allocation being made than the
caller was expecting. Using those allocations could lead to linear
overflows of heap memory and other misbehaviors.
So, refactor the code a bit to use the struct_size() helper instead of
the argument "size + count * size" in the kzalloc() function.
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments
Signed-off-by: Len Baker <len.baker@gmx.com>
---
drivers/scsi/advansys.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/advansys.c b/drivers/scsi/advansys.c
index ffb391967573..fe882502e7bf 100644
--- a/drivers/scsi/advansys.c
+++ b/drivers/scsi/advansys.c
@@ -7465,6 +7465,7 @@ static int asc_build_req(struct asc_board *boardp, struct scsi_cmnd *scp,
return ASC_BUSY;
} else if (use_sg > 0) {
int sgcnt;
+ size_t size;
struct scatterlist *slp;
struct asc_sg_head *asc_sg_head;
@@ -7477,8 +7478,8 @@ static int asc_build_req(struct asc_board *boardp, struct scsi_cmnd *scp,
return ASC_ERROR;
}
- asc_sg_head = kzalloc(sizeof(asc_scsi_q->sg_head) +
- use_sg * sizeof(struct asc_sg_list), GFP_ATOMIC);
+ size = struct_size(asc_scsi_q->sg_head, sg_list, use_sg);
+ asc_sg_head = kzalloc(size, GFP_ATOMIC);
if (!asc_sg_head) {
scsi_dma_unmap(scp);
set_host_byte(scp, DID_SOFT_ERROR);
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] scsi: advansys: Prefer struct_size over open coded arithmetic
2021-09-18 11:18 [PATCH] scsi: advansys: Prefer struct_size over open coded arithmetic Len Baker
@ 2021-09-20 23:57 ` Gustavo A. R. Silva
0 siblings, 0 replies; 2+ messages in thread
From: Gustavo A. R. Silva @ 2021-09-20 23:57 UTC (permalink / raw)
To: Len Baker, Matthew Wilcox, Hannes Reinecke, James E.J. Bottomley,
Martin K. Petersen
Cc: Gustavo A. R. Silva, Kees Cook, linux-hardening, linux-scsi,
linux-kernel
On 9/18/21 06:18, Len Baker wrote:
> As noted in the "Deprecated Interfaces, Language Features, Attributes,
> and Conventions" documentation [1], size calculations (especially
> multiplication) should not be performed in memory allocator (or similar)
> function arguments due to the risk of them overflowing. This could lead
> to values wrapping around and a smaller allocation being made than the
> caller was expecting. Using those allocations could lead to linear
> overflows of heap memory and other misbehaviors.
>
> So, refactor the code a bit to use the struct_size() helper instead of
> the argument "size + count * size" in the kzalloc() function.
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments
>
> Signed-off-by: Len Baker <len.baker@gmx.com>
> ---
> drivers/scsi/advansys.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/scsi/advansys.c b/drivers/scsi/advansys.c
> index ffb391967573..fe882502e7bf 100644
> --- a/drivers/scsi/advansys.c
> +++ b/drivers/scsi/advansys.c
> @@ -7465,6 +7465,7 @@ static int asc_build_req(struct asc_board *boardp, struct scsi_cmnd *scp,
> return ASC_BUSY;
> } else if (use_sg > 0) {
> int sgcnt;
> + size_t size;
I don't think a new variable is needed.
> struct scatterlist *slp;
> struct asc_sg_head *asc_sg_head;
>
> @@ -7477,8 +7478,8 @@ static int asc_build_req(struct asc_board *boardp, struct scsi_cmnd *scp,
> return ASC_ERROR;
> }
>
> - asc_sg_head = kzalloc(sizeof(asc_scsi_q->sg_head) +
> - use_sg * sizeof(struct asc_sg_list), GFP_ATOMIC);
> + size = struct_size(asc_scsi_q->sg_head, sg_list, use_sg);
> + asc_sg_head = kzalloc(size, GFP_ATOMIC);
You can go with this:
diff --git a/drivers/scsi/advansys.c b/drivers/scsi/advansys.c
index ffb391967573..e341b3372482 100644
--- a/drivers/scsi/advansys.c
+++ b/drivers/scsi/advansys.c
@@ -7477,8 +7477,8 @@ static int asc_build_req(struct asc_board *boardp, struct scsi_cmnd *scp,
return ASC_ERROR;
}
- asc_sg_head = kzalloc(sizeof(asc_scsi_q->sg_head) +
- use_sg * sizeof(struct asc_sg_list), GFP_ATOMIC);
+ asc_sg_head = kzalloc(struct_size(asc_sg_head, sg_list, use_sg),
+ GFP_ATOMIC);
if (!asc_sg_head) {
scsi_dma_unmap(scp);
set_host_byte(scp, DID_SOFT_ERROR);
It perfectly fits withing the 80 columns, which by the way is deprecated
but still good-to-have.
Also, if you are finding these instances with the help of Coccinelle, it'd be nice
if you mention that in the changelog text. :)
Thanks!
--
Gustavo
> if (!asc_sg_head) {
> scsi_dma_unmap(scp);
> set_host_byte(scp, DID_SOFT_ERROR);
> --
> 2.25.1
>
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-21 0:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-18 11:18 [PATCH] scsi: advansys: Prefer struct_size over open coded arithmetic Len Baker
2021-09-20 23:57 ` Gustavo A. R. Silva
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.