Merge tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull overflow updates from Kees Cook: "This adds the new overflow checking helpers and adds them to the 2-factor argument allocators. And this adds the saturating size helpers and does a treewide replacement for the struct_size() usage. Additionally this adds the overflow testing modules to make sure everything works. I'm still working on the treewide replacements for allocators with "simple" multiplied arguments: *alloc(a * b, ...) -> *alloc_array(a, b, ...) and *zalloc(a * b, ...) -> *calloc(a, b, ...) as well as the more complex cases, but that's separable from this portion of the series. I expect to have the rest sent before -rc1 closes; there are a lot of messy cases to clean up. Summary: - Introduce arithmetic overflow test helper functions (Rasmus) - Use overflow helpers in 2-factor allocators (Kees, Rasmus) - Introduce overflow test module (Rasmus, Kees) - Introduce saturating size helper functions (Matthew, Kees) - Treewide use of struct_size() for allocators (Kees)" * tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: treewide: Use struct_size() for devm_kmalloc() and friends treewide: Use struct_size() for vmalloc()-family treewide: Use struct_size() for kmalloc()-family device: Use overflow helpers for devm_kmalloc() mm: Use overflow helpers in kvmalloc() mm: Use overflow helpers in kmalloc_array*() test_overflow: Add memory allocation overflow tests overflow.h: Add allocation size calculation helpers test_overflow: Report test failures test_overflow: macrofy some more, do more tests for free lib: add runtime test of check_*_overflow functions compiler.h: enable builtin overflow checkers and add fallback code
author: Linus Torvalds <torvalds@linux-foundation.org> 2018-06-06 20:27:14 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2018-06-06 20:27:14 -0400
commit: 285767604576148fc1be7fcd112e4a90eb0d6ad2 (patch)
tree: b4c611689f95e1a2ba0fe7b6407e05469251fc2f /net
parent: 5eb6eed7e0fe880dc8de8da203cc888716bbf196 (diff)
parent: 0ed2dd03b94b7b7f66e23f25073b5385d0416589 (diff)
4 files changed, 6 insertions, 9 deletions
diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
index 21ac6e3b96bb..d7a7a2330ef7 100644
--- a/net/ceph/mon_client.c
+++ b/net/ceph/mon_client.c
@@ -62,7 +62,7 @@ struct ceph_monmap *ceph_monmap_decode(void *p, void *end)
        if (num_mon > CEPH_MAX_MON)
                goto bad;
-        m = kmalloc(sizeof(*m) + sizeof(m->mon_inst[0])*num_mon, GFP_NOFS);
+        m = kmalloc(struct_size(m, mon_inst, num_mon), GFP_NOFS);
        if (m == NULL)
                return ERR_PTR(-ENOMEM);
        m->fsid = fsid;
@@ -1000,8 +1000,7 @@ static int build_initial_monmap(struct ceph_mon_client *monc)
        int i;
        /* build initial monmap */
-        monc->monmap = kzalloc(sizeof(*monc->monmap) +
+        monc->monmap = kzalloc(struct_size(monc->monmap, mon_inst, num_mon),
-                               num_mon*sizeof(monc->monmap->mon_inst[0]),
                               GFP_KERNEL);
        if (!monc->monmap)
                return -ENOMEM;
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index d2667e5dddc3..69a2581ddbba 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -584,8 +584,7 @@ struct ceph_osd_request *ceph_osdc_alloc_request(struct ceph_osd_client *osdc,
                req = kmem_cache_alloc(ceph_osd_request_cache, gfp_flags);
        } else {
                BUG_ON(num_ops > CEPH_OSD_MAX_OPS);
-                req = kmalloc(sizeof(*req) + num_ops * sizeof(req->r_ops[0]),
+                req = kmalloc(struct_size(req, r_ops, num_ops), gfp_flags);
-                              gfp_flags);
        }
        if (unlikely(!req))
                return NULL;
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 9bbfc17ce3ec..07085c22b19c 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -184,8 +184,7 @@ recent_entry_init(struct recent_table *t, const union nf_inet_addr *addr,
        }
        nstamps_max += 1;
-        e = kmalloc(sizeof(*e) + sizeof(e->stamps[0]) * nstamps_max,
+        e = kmalloc(struct_size(e, stamps, nstamps_max), GFP_ATOMIC);
-                    GFP_ATOMIC);
        if (e == NULL)
                return NULL;
        memcpy(&e->addr, addr, sizeof(e->addr));
diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
index e2f5a3ee41a7..40c7eb941bc9 100644
--- a/net/sctp/endpointola.c
+++ b/net/sctp/endpointola.c
@@ -73,8 +73,8 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
                 * variables.  There are arrays that we encode directly
                 * into parameters to make the rest of the operations easier.
                 */
-                auth_hmacs = kzalloc(sizeof(*auth_hmacs) +
+                auth_hmacs = kzalloc(struct_size(auth_hmacs, hmac_ids,
-                                     sizeof(__u16) * SCTP_AUTH_NUM_HMACS, gfp);
+                                                 SCTP_AUTH_NUM_HMACS), gfp);
                if (!auth_hmacs)
                        goto nomem;
author	Linus Torvalds <torvalds@linux-foundation.org>	2018-06-06 20:27:14 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-06-06 20:27:14 -0400
commit	285767604576148fc1be7fcd112e4a90eb0d6ad2 (patch)
tree	b4c611689f95e1a2ba0fe7b6407e05469251fc2f /net
parent	5eb6eed7e0fe880dc8de8da203cc888716bbf196 (diff)
parent	0ed2dd03b94b7b7f66e23f25073b5385d0416589 (diff)