From patchwork Fri Jun 1 00:42:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10442261 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 26D40603D7 for ; Fri, 1 Jun 2018 00:45:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2360228E54 for ; Fri, 1 Jun 2018 00:45:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 168D029020; Fri, 1 Jun 2018 00:45:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 4A02F28E54 for ; Fri, 1 Jun 2018 00:45:42 +0000 (UTC) Received: (qmail 28347 invoked by uid 550); 1 Jun 2018 00:44:08 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 28148 invoked from network); 1 Jun 2018 00:43:59 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=DwNEonIHIFheAa6fjiUZY2ler4ciSoofQy/do2M29L4=; b=KdLg8OKY5+GoGGKyMoIaTOU1cr3IKoW6xKmTzeEB3wnfilft6/nWwMaw/LhPPeP50Q T+ZwzCzSfrKewfzcfr000yginL9eIbc6vPBW82RVKAlkgYb1SyCs+15fC/0tkvWOoY/E wKezlvLC5qmORsKCHduE9Y3Zl4k0SBWx+3ZWM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=DwNEonIHIFheAa6fjiUZY2ler4ciSoofQy/do2M29L4=; b=KnCSsXyHg0+DFs18R73M0woNnl544g81M99o7WXHX9LRC1VtVkmykw2q9aw7YrX8t3 L//xnGThPjvKjbscgWjfDaSGsX0UbVIPDQXri6IXTxYJwQOGrUmqr2+b7uXDRgUZoJp/ 57maYU3fLhPj/674757TpFQUe3CB6ru9ZZY1BPIzBlsYBJRxUeZvCrs4rjPCErEhKRyn RPppyungwVCWzY/oXN3QP+f/9R71Znr3OqAzafqEjXGsoPhF0/CTciS/yrMGahgs7Nx9 AkrUl39MYJM+aD3mA9jsE5Qi+woX9xoztOzZm5W+MlUxRxZOnbu7EWT02sPhPOdFuqiC apJg== X-Gm-Message-State: ALKqPwefBvNL1Xkao+/hRexVeClDSsmtLdN6980wZrPxsmiNpqJEcSW8 9sdcIuheczfMK00ZCI5xCCAcAg== X-Google-Smtp-Source: ADUXVKLhpQY2Ue1FUR6jY3ghSEs9wqh0bmNXd3qgkEVcRBQLMHpyxC9PY1iyZLXBC5PZf4UkcJlPCw== X-Received: by 2002:a63:b705:: with SMTP id t5-v6mr10452pgf.343.1527813827534; Thu, 31 May 2018 17:43:47 -0700 (PDT) From: Kees Cook To: Matthew Wilcox Cc: Kees Cook , Linus Torvalds , Rasmus Villemoes , Matthew Wilcox , LKML , Linux-MM , Kernel Hardening Subject: [PATCH v3 06/16] mm: Use overflow helpers in kmalloc_array*() Date: Thu, 31 May 2018 17:42:23 -0700 Message-Id: <20180601004233.37822-7-keescook@chromium.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180601004233.37822-1-keescook@chromium.org> References: <20180601004233.37822-1-keescook@chromium.org> X-Virus-Scanned: ClamAV using ClamSMTP Instead of open-coded multiplication and bounds checking, use the new overflow helper. Signed-off-by: Kees Cook --- include/linux/slab.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index 81ebd71f8c03..4d759e1ddc33 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -13,6 +13,7 @@ #define _LINUX_SLAB_H #include +#include #include #include @@ -624,11 +625,13 @@ int memcg_update_all_caches(int num_memcgs); */ static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) { - if (size != 0 && n > SIZE_MAX / size) + size_t bytes; + + if (unlikely(check_mul_overflow(n, size, &bytes))) return NULL; if (__builtin_constant_p(n) && __builtin_constant_p(size)) - return kmalloc(n * size, flags); - return __kmalloc(n * size, flags); + return kmalloc(bytes, flags); + return __kmalloc(bytes, flags); } /** @@ -657,11 +660,13 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); static inline void *kmalloc_array_node(size_t n, size_t size, gfp_t flags, int node) { - if (size != 0 && n > SIZE_MAX / size) + size_t bytes; + + if (unlikely(check_mul_overflow(n, size, &bytes))) return NULL; if (__builtin_constant_p(n) && __builtin_constant_p(size)) - return kmalloc_node(n * size, flags, node); - return __kmalloc_node(n * size, flags, node); + return kmalloc_node(bytes, flags, node); + return __kmalloc_node(bytes, flags, node); } static inline void *kcalloc_node(size_t n, size_t size, gfp_t flags, int node)