diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-06 17:27:14 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-06 17:27:14 -0700 |
| commit | 285767604576148fc1be7fcd112e4a90eb0d6ad2 (patch) | |
| tree | b4c611689f95e1a2ba0fe7b6407e05469251fc2f /net | |
| parent | 5eb6eed7e0fe880dc8de8da203cc888716bbf196 (diff) | |
| parent | 0ed2dd03b94b7b7f66e23f25073b5385d0416589 (diff) | |
Merge tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull overflow updates from Kees Cook:
"This adds the new overflow checking helpers and adds them to the
2-factor argument allocators. And this adds the saturating size
helpers and does a treewide replacement for the struct_size() usage.
Additionally this adds the overflow testing modules to make sure
everything works.
I'm still working on the treewide replacements for allocators with
"simple" multiplied arguments:
*alloc(a * b, ...) -> *alloc_array(a, b, ...)
and
*zalloc(a * b, ...) -> *calloc(a, b, ...)
as well as the more complex cases, but that's separable from this
portion of the series. I expect to have the rest sent before -rc1
closes; there are a lot of messy cases to clean up.
Summary:
- Introduce arithmetic overflow test helper functions (Rasmus)
- Use overflow helpers in 2-factor allocators (Kees, Rasmus)
- Introduce overflow test module (Rasmus, Kees)
- Introduce saturating size helper functions (Matthew, Kees)
- Treewide use of struct_size() for allocators (Kees)"
* tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
treewide: Use struct_size() for devm_kmalloc() and friends
treewide: Use struct_size() for vmalloc()-family
treewide: Use struct_size() for kmalloc()-family
device: Use overflow helpers for devm_kmalloc()
mm: Use overflow helpers in kvmalloc()
mm: Use overflow helpers in kmalloc_array*()
test_overflow: Add memory allocation overflow tests
overflow.h: Add allocation size calculation helpers
test_overflow: Report test failures
test_overflow: macrofy some more, do more tests for free
lib: add runtime test of check_*_overflow functions
compiler.h: enable builtin overflow checkers and add fallback code
Diffstat (limited to 'net')
| -rw-r--r-- | net/ceph/mon_client.c | 5 | ||||
| -rw-r--r-- | net/ceph/osd_client.c | 3 | ||||
| -rw-r--r-- | net/netfilter/xt_recent.c | 3 | ||||
| -rw-r--r-- | net/sctp/endpointola.c | 4 |
4 files changed, 6 insertions, 9 deletions
diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c index 21ac6e3b96bb..d7a7a2330ef7 100644 --- a/net/ceph/mon_client.c +++ b/net/ceph/mon_client.c @@ -62,7 +62,7 @@ struct ceph_monmap *ceph_monmap_decode(void *p, void *end) if (num_mon > CEPH_MAX_MON) goto bad; - m = kmalloc(sizeof(*m) + sizeof(m->mon_inst[0])*num_mon, GFP_NOFS); + m = kmalloc(struct_size(m, mon_inst, num_mon), GFP_NOFS); if (m == NULL) return ERR_PTR(-ENOMEM); m->fsid = fsid; @@ -1000,8 +1000,7 @@ static int build_initial_monmap(struct ceph_mon_client *monc) int i; /* build initial monmap */ - monc->monmap = kzalloc(sizeof(*monc->monmap) + - num_mon*sizeof(monc->monmap->mon_inst[0]), + monc->monmap = kzalloc(struct_size(monc->monmap, mon_inst, num_mon), GFP_KERNEL); if (!monc->monmap) return -ENOMEM; diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c index d2667e5dddc3..69a2581ddbba 100644 --- a/net/ceph/osd_client.c +++ b/net/ceph/osd_client.c @@ -584,8 +584,7 @@ struct ceph_osd_request *ceph_osdc_alloc_request(struct ceph_osd_client *osdc, req = kmem_cache_alloc(ceph_osd_request_cache, gfp_flags); } else { BUG_ON(num_ops > CEPH_OSD_MAX_OPS); - req = kmalloc(sizeof(*req) + num_ops * sizeof(req->r_ops[0]), - gfp_flags); + req = kmalloc(struct_size(req, r_ops, num_ops), gfp_flags); } if (unlikely(!req)) return NULL; diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index 9bbfc17ce3ec..07085c22b19c 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c @@ -184,8 +184,7 @@ recent_entry_init(struct recent_table *t, const union nf_inet_addr *addr, } nstamps_max += 1; - e = kmalloc(sizeof(*e) + sizeof(e->stamps[0]) * nstamps_max, - GFP_ATOMIC); + e = kmalloc(struct_size(e, stamps, nstamps_max), GFP_ATOMIC); if (e == NULL) return NULL; memcpy(&e->addr, addr, sizeof(e->addr)); diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c index e2f5a3ee41a7..40c7eb941bc9 100644 --- a/net/sctp/endpointola.c +++ b/net/sctp/endpointola.c @@ -73,8 +73,8 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep, * variables. There are arrays that we encode directly * into parameters to make the rest of the operations easier. */ - auth_hmacs = kzalloc(sizeof(*auth_hmacs) + - sizeof(__u16) * SCTP_AUTH_NUM_HMACS, gfp); + auth_hmacs = kzalloc(struct_size(auth_hmacs, hmac_ids, + SCTP_AUTH_NUM_HMACS), gfp); if (!auth_hmacs) goto nomem; |