From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA799C433EF for ; Sat, 4 Sep 2021 15:41:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CAEFA60F22 for ; Sat, 4 Sep 2021 15:41:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231757AbhIDPmg (ORCPT ); Sat, 4 Sep 2021 11:42:36 -0400 Received: from mout.gmx.net ([212.227.15.19]:33649 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230312AbhIDPmg (ORCPT ); Sat, 4 Sep 2021 11:42:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1630770087; bh=OZtiJphuOZiymShv6jIHIa+0m3md61/j1EJ52nNdmpU=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date; b=abE/QikUO73fUuTEdflYyli8YfMo7zoy7HI+1snwhtqYVfwgaps69o+ArL97Ew+g7 cj5zjhNXiYb1DNZ7slmZpLKXiIk5IbXBRM0BCKu4oZkva2tS7fXNiotmoGMIJSPTD1 NIczoAXAizyqoRRKlSUZii6lKeN4XE5aFHkPKM+I= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from localhost.localdomain ([79.150.72.99]) by mail.gmx.net (mrgmx004 [212.227.17.184]) with ESMTPSA (Nemesis) id 1MryXH-1mjFYY2AEv-00nwYh; Sat, 04 Sep 2021 17:41:27 +0200 From: Len Baker To: Alex Deucher , =?UTF-8?q?Christian=20K=C3=B6nig?= , "Pan, Xinhui" , David Airlie , Daniel Vetter Cc: Len Baker , Kees Cook , amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] drm/radeon: Prefer kcalloc over open coded arithmetic Date: Sat, 4 Sep 2021 17:41:06 +0200 Message-Id: <20210904154106.9550-1-len.baker@gmx.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:g78TReDYEcEf342gsWjMpYj895XYqOvDT7IgDccIGAZ3cG9CKY8 J3OarlOX08+QjZpPDCsJ2h8Vep7hMZ1g8Wm9xhuAJ4V3LXZgvIGYtaUrr6UFJ1NQzxB5YLw BXe0HeK8+mOHBYfy6tEcsqcAhRk2cuRNxaC/CtUd76HFciMzDGwEzQyzUNFlisPxjGdVR2t Xr3LTk6QlVSnKVxpnPiEw== X-UI-Out-Filterresults: notjunk:1;V03:K0:eGRB9xg1zms=:85yEomvdk+F7/JkBp56Nji YzEcCkNvC3r6w2zSxUHtid69XdzZZbPxxsfA6tDlgGYQr/0tP9FJZMMn4n+Mxq6x19QG+ttj2 qYAxIwh5LDvOuz4Cci6GqATzYKS6A6EFYsOlZmU4vM85IHOXTnL49qLRc0e/YN+EuLfcGJGvb XASMgKJASIhhxbWuk9RkQ9v7Y49A8C8+ElPkO1G0oQxE6UJ9nAMsyx99/s3oG+tqgDpDnEwPa gXhpONB7OeY5VIM2okfL7VOOGU2A6y05GvufPYHB4YHrjVpvjUxvq2BQxROy0D+xOSE7G9JaW /tiZF4Bn3HXxiHMOBrh8UcE2j2A7u5ETRE8fOhP67lD4AyV6rEMCTSu4ic0DPejDbwik3PRPt 8D7JLtp5NWszZ8MgxtXykz0jjqUbe/Ey645HHfBH0S+PKJBeTLF0pZid/CaVflv2mAOz6KaYR lakhzO8nh691l6kJTgIPyq3zlKBS2U7F3zhAjTvQDKt7S/gtRqMZ07o3GJ0VkidAnkZFVcCO9 KTOsJd4ZR2QLGoS0U5eJ8BETYlyTs9QZEZb23MhP8DmkXsMJl3jpOI6ivedrhWCHFVZRHC95S /zm37SRWCZ7H+FAtHP4rqg5oG+wvPj0VTxd/rVhag7VqnJw5+wfLmWlImCHz62oEmGBzurcCT 512U8fUkfN6PgHrhcWAiJZoG94uhN21v4alOcjYM13gn4fT6PHshd7kbxUf/5rVSvCCjoIeiP /8gC9zvaLvI+y3RXuH38Jo/i3HqWxr51Q2SDt7cRk1FGQCxsa1Fr5BATHg0ttg48EeuMZqWBm YlkXNwOc0v5vRWA9k6hU6FttIaz468AOh6MROW4wgUOqZ70O8gxYC2cP8oK4zUUUxeMM1ebm7 TGmnywDLShYqgi2UqIsSc/fJyCumSFiN9yevBoiw4PJMmGeSwUKWIoGHbeuykqQO8cc4hik7R YLe8oghDabqcT0jCAaQ/y4N5Pcya8HoIi4HyZ9vmuBS92hhHr/UGK4Ke8FyjkUZtMttyWRqwo AhOmvGvRMO9X1x0KOhmsMfFjKxHBNoPZ1lBR1kYxYGE3PhRisZwbArzufpl3AUTr+++Y6CIGA o8dnWf3NH1KYvP/xSTcTsPZEd+nqQGb60sRTs0zTpILFnIIwa6TUSt+rg== Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org As noted in the "Deprecated Interfaces, Language Features, Attributes, and Conventions" documentation [1], size calculations (especially multiplication) should not be performed in memory allocator (or similar) function arguments due to the risk of them overflowing. This could lead to values wrapping around and a smaller allocation being made than the caller was expecting. Using those allocations could lead to linear overflows of heap memory and other misbehaviors. So, refactor the code a bit to use the purpose specific kcalloc() function instead of the calculated size argument in the kzalloc() function. [1] https://www.kernel.org/doc/html/v5.14/process/deprecated.html#open-cod= ed-arithmetic-in-allocator-arguments Signed-off-by: Len Baker =2D-- drivers/gpu/drm/radeon/r600_dpm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/radeon/r600_dpm.c b/drivers/gpu/drm/radeon/r6= 00_dpm.c index 35b77c944701..fd4226b99862 100644 =2D-- a/drivers/gpu/drm/radeon/r600_dpm.c +++ b/drivers/gpu/drm/radeon/r600_dpm.c @@ -820,12 +820,12 @@ union fan_info { static int r600_parse_clk_voltage_dep_table(struct radeon_clock_voltage_d= ependency_table *radeon_table, ATOM_PPLIB_Clock_Voltage_Dependency_Table *atom_table) { - u32 size =3D atom_table->ucNumEntries * - sizeof(struct radeon_clock_voltage_dependency_entry); int i; ATOM_PPLIB_Clock_Voltage_Dependency_Record *entry; - radeon_table->entries =3D kzalloc(size, GFP_KERNEL); + radeon_table->entries =3D kcalloc(atom_table->ucNumEntries, + sizeof(struct radeon_clock_voltage_dependency_entry), + GFP_KERNEL); if (!radeon_table->entries) return -ENOMEM; =2D- 2.25.1