diff options
author | Kees Cook <keescook@chromium.org> | 2018-05-09 08:29:52 +0300 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2018-06-05 22:16:51 +0300 |
commit | 2509b561f7c6599907c08cb364c86b8c45466e4f (patch) | |
tree | 4d9002abaf08e2ebcda9d313a2d825aeb198d102 | |
parent | 3b3b1a29eb89ba93f91213cbebb332a2ac31fa8b (diff) | |
download | linux-2509b561f7c6599907c08cb364c86b8c45466e4f.tar.xz |
device: Use overflow helpers for devm_kmalloc()
Use the overflow helpers both in existing multiplication-using inlines as
well as the addition-overflow case in the core allocation routine.
Signed-off-by: Kees Cook <keescook@chromium.org>
-rw-r--r-- | drivers/base/devres.c | 7 | ||||
-rw-r--r-- | include/linux/device.h | 8 |
2 files changed, 12 insertions, 3 deletions
diff --git a/drivers/base/devres.c b/drivers/base/devres.c index 95b67281cd2a..f98a097e73f2 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -84,9 +84,14 @@ static struct devres_group * node_to_group(struct devres_node *node) static __always_inline struct devres * alloc_dr(dr_release_t release, size_t size, gfp_t gfp, int nid) { - size_t tot_size = sizeof(struct devres) + size; + size_t tot_size; struct devres *dr; + /* We must catch any near-SIZE_MAX cases that could overflow. */ + if (unlikely(check_add_overflow(sizeof(struct devres), size, + &tot_size))) + return NULL; + dr = kmalloc_node_track_caller(tot_size, gfp, nid); if (unlikely(!dr)) return NULL; diff --git a/include/linux/device.h b/include/linux/device.h index 477956990f5e..897efa647203 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -25,6 +25,7 @@ #include <linux/ratelimit.h> #include <linux/uidgid.h> #include <linux/gfp.h> +#include <linux/overflow.h> #include <asm/device.h> struct device; @@ -668,9 +669,12 @@ static inline void *devm_kzalloc(struct device *dev, size_t size, gfp_t gfp) static inline void *devm_kmalloc_array(struct device *dev, size_t n, size_t size, gfp_t flags) { - if (size != 0 && n > SIZE_MAX / size) + size_t bytes; + + if (unlikely(check_mul_overflow(n, size, &bytes))) return NULL; - return devm_kmalloc(dev, n * size, flags); + + return devm_kmalloc(dev, bytes, flags); } static inline void *devm_kcalloc(struct device *dev, size_t n, size_t size, gfp_t flags) |