Message ID | 20200921170336.82643-2-efremov@linux.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [1/2] btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() | expand |
On Mon, Sep 21, 2020 at 08:03:36PM +0300, Denis Efremov wrote: > Replace kvzalloc() call with kvcalloc() that checks > the size internally. Use array_size() helper to compute > the memory size for clone_sources_tmp. > > Cc: Kees Cook <keescook@chromium.org> > Signed-off-by: Denis Efremov <efremov@linux.com> > --- > fs/btrfs/send.c | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) > > diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c > index c874ddda6252..9e02aba30651 100644 > --- a/fs/btrfs/send.c > +++ b/fs/btrfs/send.c > @@ -7087,7 +7087,7 @@ long btrfs_ioctl_send(struct file *mnt_file, struct btrfs_ioctl_send_args *arg) > u32 i; > u64 *clone_sources_tmp = NULL; > int clone_sources_to_rollback = 0; > - unsigned alloc_size; > + size_t alloc_size; > int sort_clone_roots = 0; > > if (!capable(CAP_SYS_ADMIN)) > @@ -7179,15 +7179,16 @@ long btrfs_ioctl_send(struct file *mnt_file, struct btrfs_ioctl_send_args *arg) > sctx->waiting_dir_moves = RB_ROOT; > sctx->orphan_dirs = RB_ROOT; > > - alloc_size = sizeof(struct clone_root) * (arg->clone_sources_count + 1); > - > - sctx->clone_roots = kvzalloc(alloc_size, GFP_KERNEL); > + sctx->clone_roots = kvcalloc(sizeof(*sctx->clone_roots), > + arg->clone_sources_count + 1, > + GFP_KERNEL); There is an overflow check in btrfs_ioctl_send a few lines above, it won't overflow at the allocation so this more like a cleanup than adding a missing check, as the subject suggests. Patches added to misc-next, thanks.
diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index c874ddda6252..9e02aba30651 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -7087,7 +7087,7 @@ long btrfs_ioctl_send(struct file *mnt_file, struct btrfs_ioctl_send_args *arg) u32 i; u64 *clone_sources_tmp = NULL; int clone_sources_to_rollback = 0; - unsigned alloc_size; + size_t alloc_size; int sort_clone_roots = 0; if (!capable(CAP_SYS_ADMIN)) @@ -7179,15 +7179,16 @@ long btrfs_ioctl_send(struct file *mnt_file, struct btrfs_ioctl_send_args *arg) sctx->waiting_dir_moves = RB_ROOT; sctx->orphan_dirs = RB_ROOT; - alloc_size = sizeof(struct clone_root) * (arg->clone_sources_count + 1); - - sctx->clone_roots = kvzalloc(alloc_size, GFP_KERNEL); + sctx->clone_roots = kvcalloc(sizeof(*sctx->clone_roots), + arg->clone_sources_count + 1, + GFP_KERNEL); if (!sctx->clone_roots) { ret = -ENOMEM; goto out; } - alloc_size = arg->clone_sources_count * sizeof(*arg->clone_sources); + alloc_size = array_size(sizeof(*arg->clone_sources), + arg->clone_sources_count); if (arg->clone_sources_count) { clone_sources_tmp = kvmalloc(alloc_size, GFP_KERNEL);
Replace kvzalloc() call with kvcalloc() that checks the size internally. Use array_size() helper to compute the memory size for clone_sources_tmp. Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Denis Efremov <efremov@linux.com> --- fs/btrfs/send.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-)