From: Bartosz Golaszewski <brgl@bgdev.pl>
To: Joe Perches <joe@perches.com>
Cc: Linux-ALSA <alsa-devel@alsa-project.org>,
kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>,
"David Airlie" <airlied@linux.ie>,
"Gustavo Padovan" <gustavo@padovan.org>,
"Linus Walleij" <linus.walleij@linaro.org>,
linux-drm <dri-devel@lists.freedesktop.org>,
linux-mm@kvack.org, "Christoph Lameter" <cl@linux.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Andy Shevchenko" <andriy.shevchenko@linux.intel.com>,
"Bartosz Golaszewski" <bgolaszewski@baylibre.com>,
"David Rientjes" <rientjes@google.com>,
virtualization@lists.linux-foundation.org,
"Jason Wang" <jasowang@redhat.com>,
linux-media <linux-media@vger.kernel.org>,
"Robert Richter" <rric@kernel.org>,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Maarten Lankhorst" <maarten.lankhorst@linux.intel.com>,
"Maxime Ripard" <mripard@kernel.org>,
linaro-mm-sig@lists.linaro.org,
linux-gpio <linux-gpio@vger.kernel.org>,
"Borislav Petkov" <bp@alien8.de>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
linux-edac@vger.kernel.org, "Tony Luck" <tony.luck@intel.com>,
netdev <netdev@vger.kernel.org>, "Takashi Iwai" <tiwai@suse.com>,
"Alexander Shishkin" <alexander.shishkin@linux.intel.com>,
LKML <linux-kernel@vger.kernel.org>,
"Pekka Enberg" <penberg@kernel.org>,
"James Morse" <james.morse@arm.com>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Christian König" <christian.koenig@amd.com>
Subject: Re: [PATCH 3/8] vhost: vringh: use krealloc_array()
Date: Tue, 27 Oct 2020 19:00:46 +0100 [thread overview]
Message-ID: <CAMRc=McvW_E0aE2Ep=3aZvb=kNDMz6=ZH-EQzARAD-tyJG5Rrg@mail.gmail.com> (raw)
In-Reply-To: <2767969b94fd66db1fb0fc13b5783ae65b7deb2f.camel@perches.com>
On Tue, Oct 27, 2020 at 6:08 PM Joe Perches <joe@perches.com> wrote:
>
> On Tue, 2020-10-27 at 17:58 +0100, Bartosz Golaszewski wrote:
> > On Tue, Oct 27, 2020 at 5:50 PM Joe Perches <joe@perches.com> wrote:
> > >
> > > On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote:
> > > > On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote:
> > > > > From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
> > > > >
> > > > > Use the helper that checks for overflows internally instead of manually
> > > > > calculating the size of the new array.
> > > > >
> > > > > Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
> > > >
> > > > No problem with the patch, it does introduce some symmetry in the code.
> > >
> > > Perhaps more symmetry by using kmemdup
> > > ---
> > > drivers/vhost/vringh.c | 23 ++++++++++-------------
> > > 1 file changed, 10 insertions(+), 13 deletions(-)
> > >
> > > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> > > index 8bd8b403f087..99222a3651cd 100644
> > > --- a/drivers/vhost/vringh.c
> > > +++ b/drivers/vhost/vringh.c
> > > @@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh *vrh,
> > > static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp)
> > > {
> > > struct kvec *new;
> > > - unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2;
> > > + size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2;
> > > + size_t size;
> > >
> > > if (new_num < 8)
> > > new_num = 8;
> > >
> > > - flag = (iov->max_num & VRINGH_IOV_ALLOCATED);
> > > - if (flag)
> > > - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp);
> > > - else {
> > > - new = kmalloc_array(new_num, sizeof(struct iovec), gfp);
> > > - if (new) {
> > > - memcpy(new, iov->iov,
> > > - iov->max_num * sizeof(struct iovec));
> > > - flag = VRINGH_IOV_ALLOCATED;
> > > - }
> > > - }
> > > + if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), &size)))
> > > + return -ENOMEM;
> > > +
> >
> > The whole point of using helpers such as kmalloc_array() is not doing
> > these checks manually.
>
> Tradeoffs for in readability for overflow and not mistyping or doing
> the multiplication of iov->max_num * sizeof(struct iovec) twice.
>
It's out of scope for this series - I want to add users for
krealloc_array(), not refactor code I don't really know. If the
maintainer of this bit objects, it can be dropped.
> Just fyi:
>
> the realloc doesn't do a multiplication overflow test as written so the
> suggestion is slightly more resistant to defect.
>
I'm not sure what your point is. I used krealloc_array() exactly for
this reason - to add the overflow test.
BTW I suppose kmalloc_array() here can be replaced with
krealloc_array() if the original pointer is NULL the first time it's
called.
Bartosz
next prev parent reply other threads:[~2020-10-28 8:12 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-27 12:17 [PATCH 0/8] slab: provide and use krealloc_array() Bartosz Golaszewski
2020-10-27 12:17 ` [PATCH 1/8] mm: slab: provide krealloc_array() Bartosz Golaszewski
2020-10-27 18:20 ` Vlastimil Babka
2020-10-28 8:47 ` Mike Rapoport
2020-10-27 12:17 ` [PATCH 2/8] ALSA: pcm: use krealloc_array() Bartosz Golaszewski
2020-10-27 12:39 ` Takashi Iwai
2020-10-27 12:17 ` [PATCH 3/8] vhost: vringh: " Bartosz Golaszewski
2020-10-27 15:28 ` Michael S. Tsirkin
2020-10-27 16:50 ` Joe Perches
2020-10-27 16:58 ` Bartosz Golaszewski
2020-10-27 17:08 ` Joe Perches
2020-10-27 18:00 ` Bartosz Golaszewski [this message]
2020-10-27 12:17 ` [PATCH 4/8] pinctrl: " Bartosz Golaszewski
2020-10-27 12:17 ` [PATCH 5/8] edac: ghes: " Bartosz Golaszewski
2020-10-27 18:25 ` Borislav Petkov
2020-10-27 12:17 ` [PATCH 6/8] drm: atomic: " Bartosz Golaszewski
2020-10-27 19:19 ` Daniel Vetter
2020-10-27 12:17 ` [PATCH 7/8] hwtracing: intel: " Bartosz Golaszewski
2020-10-27 12:17 ` [PATCH 8/8] dma-buf: " Bartosz Golaszewski
2020-10-27 12:21 ` Christian König
2020-11-05 10:52 ` [PATCH 0/8] slab: provide and " Linus Walleij
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMRc=McvW_E0aE2Ep=3aZvb=kNDMz6=ZH-EQzARAD-tyJG5Rrg@mail.gmail.com' \
--to=brgl@bgdev.pl \
--cc=airlied@linux.ie \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=alsa-devel@alsa-project.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bgolaszewski@baylibre.com \
--cc=bp@alien8.de \
--cc=christian.koenig@amd.com \
--cc=cl@linux.com \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=gustavo@padovan.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=james.morse@arm.com \
--cc=jasowang@redhat.com \
--cc=joe@perches.com \
--cc=kvm@vger.kernel.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linus.walleij@linaro.org \
--cc=linux-edac@vger.kernel.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mchehab@kernel.org \
--cc=mripard@kernel.org \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=rric@kernel.org \
--cc=sumit.semwal@linaro.org \
--cc=tiwai@suse.com \
--cc=tony.luck@intel.com \
--cc=tzimmermann@suse.de \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).