* [PATCH][next] usb: host: ehci-sched: Use struct_size() in kzalloc()
@ 2022-01-11 7:54 Gustavo A. R. Silva
2022-01-11 18:19 ` Alan Stern
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo A. R. Silva @ 2022-01-11 7:54 UTC (permalink / raw)
To: Alan Stern, Greg Kroah-Hartman
Cc: linux-usb, linux-kernel, Gustavo A. R. Silva, linux-hardening
Make use of the struct_size() helper instead of an open-coded version,
in order to avoid any potential type mistakes or integer overflows that,
in the worse scenario, could lead to heap overflows.
Also, address the following sparse warning:
drivers/usb/host/ehci-sched.c:1168:40: warning: using sizeof on a flexible structure
Link: https://github.com/KSPP/linux/issues/160
Link: https://github.com/KSPP/linux/issues/174
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
drivers/usb/host/ehci-sched.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c
index 0f85aa9b2fb1..bd542b6fc46b 100644
--- a/drivers/usb/host/ehci-sched.c
+++ b/drivers/usb/host/ehci-sched.c
@@ -1165,10 +1165,8 @@ static struct ehci_iso_sched *
iso_sched_alloc(unsigned packets, gfp_t mem_flags)
{
struct ehci_iso_sched *iso_sched;
- int size = sizeof(*iso_sched);
- size += packets * sizeof(struct ehci_iso_packet);
- iso_sched = kzalloc(size, mem_flags);
+ iso_sched = kzalloc(struct_size(iso_sched, packet, packets), mem_flags);
if (likely(iso_sched != NULL))
INIT_LIST_HEAD(&iso_sched->td_list);
--
2.27.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH][next] usb: host: ehci-sched: Use struct_size() in kzalloc()
2022-01-11 7:54 [PATCH][next] usb: host: ehci-sched: Use struct_size() in kzalloc() Gustavo A. R. Silva
@ 2022-01-11 18:19 ` Alan Stern
0 siblings, 0 replies; 2+ messages in thread
From: Alan Stern @ 2022-01-11 18:19 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Greg Kroah-Hartman, linux-usb, linux-kernel, linux-hardening
On Tue, Jan 11, 2022 at 01:54:27AM -0600, Gustavo A. R. Silva wrote:
> Make use of the struct_size() helper instead of an open-coded version,
> in order to avoid any potential type mistakes or integer overflows that,
> in the worse scenario, could lead to heap overflows.
>
> Also, address the following sparse warning:
> drivers/usb/host/ehci-sched.c:1168:40: warning: using sizeof on a flexible structure
>
> Link: https://github.com/KSPP/linux/issues/160
> Link: https://github.com/KSPP/linux/issues/174
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
> ---
Acked-by: Alan Stern <stern@rowland.harvard.edu>
> drivers/usb/host/ehci-sched.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c
> index 0f85aa9b2fb1..bd542b6fc46b 100644
> --- a/drivers/usb/host/ehci-sched.c
> +++ b/drivers/usb/host/ehci-sched.c
> @@ -1165,10 +1165,8 @@ static struct ehci_iso_sched *
> iso_sched_alloc(unsigned packets, gfp_t mem_flags)
> {
> struct ehci_iso_sched *iso_sched;
> - int size = sizeof(*iso_sched);
>
> - size += packets * sizeof(struct ehci_iso_packet);
> - iso_sched = kzalloc(size, mem_flags);
> + iso_sched = kzalloc(struct_size(iso_sched, packet, packets), mem_flags);
> if (likely(iso_sched != NULL))
> INIT_LIST_HEAD(&iso_sched->td_list);
>
> --
> 2.27.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-11 18:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-11 7:54 [PATCH][next] usb: host: ehci-sched: Use struct_size() in kzalloc() Gustavo A. R. Silva
2022-01-11 18:19 ` Alan Stern
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).