| Message ID | 20230623211457.102544-1-Julia.Lawall@inria.fr |
|---|---|
| Headers | show |
| Series | use array_size | expand |
On Fri, Jun 23, 2023 at 2:15 PM Julia Lawall <Julia.Lawall@inria.fr> wrote: > > Use array_size to protect against multiplication overflows. > > The changes were done using the following Coccinelle semantic patch: > > // <smpl> > @@ > size_t e1,e2; > expression COUNT; > identifier alloc = {vmalloc,vzalloc,kvmalloc,kvzalloc}; > @@ > > ( > alloc( > - (e1) * (e2) > + array_size(e1, e2) > ,...) > | > alloc( > - (e1) * (COUNT) > + array_size(COUNT, e1) > ,...) > ) > // </smpl> > > Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> Thanks for sending this out! Acked-by: John Stultz <jstultz@google.com>
Use array_size to protect against multiplication overflows. This follows up on the following patches by Kees Cook from 2018. 42bc47b35320 ("treewide: Use array_size() in vmalloc()") fad953ce0b22 ("treewide: Use array_size() in vzalloc()") The changes were done using the following Coccinelle semantic patch, adapted from the one posted by Kees. // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; type t = {u8,__u8,char,unsigned char}; identifier alloc = {vmalloc,vzalloc}; @@ alloc( - (sizeof(t)) * (COUNT) + COUNT , ...) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression COUNT; size_t e1, e2, e3; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc( - (e1) * (e2) * (e3) + array3_size(e1, e2, e3) ,...) | alloc( - (e1) * (e2) * (COUNT) + array3_size(COUNT, e1, e2) ,...) ) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression STRIDE, COUNT; size_t e; identifier alloc = {vmalloc,vzalloc}; @@ alloc( - (e) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, e) ,...) // Any remaining multi-factor products, first at least 3-factor products // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc(C1 * C2 * C3,...) | alloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) ,...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ size_t e1,e2; expression COUNT; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc( - (e1) * (e2) + array_size(e1, e2) ,...) | alloc( - (e1) * (COUNT) + array_size(COUNT, e1) ,...) ) // And then all remaining 2 factors products when they're not all constants. @@ expression E1, E2; constant C1, C2; identifier alloc = {vmalloc,vzalloc}; @@ ( alloc(C1 * C2,...) | alloc( - (E1) * (E2) + array_size(E1, E2) ,...) ) --- arch/x86/kernel/cpu/sgx/main.c | 3 ++- drivers/accel/habanalabs/common/device.c | 3 ++- drivers/accel/habanalabs/common/state_dump.c | 6 +++--- drivers/bus/mhi/host/init.c | 4 ++-- drivers/comedi/comedi_buf.c | 4 ++-- drivers/dma-buf/heaps/system_heap.c | 2 +- drivers/gpu/drm/gud/gud_pipe.c | 2 +- drivers/gpu/drm/i915/gvt/gtt.c | 6 ++++-- drivers/gpu/drm/vmwgfx/vmwgfx_devcaps.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 4 ++-- drivers/infiniband/hw/erdma/erdma_verbs.c | 4 ++-- drivers/infiniband/sw/siw/siw_qp.c | 4 ++-- drivers/infiniband/sw/siw/siw_verbs.c | 6 +++--- drivers/iommu/tegra-gart.c | 4 ++-- drivers/net/ethernet/amd/pds_core/core.c | 4 ++-- drivers/net/ethernet/freescale/enetc/enetc.c | 4 ++-- drivers/net/ethernet/google/gve/gve_tx.c | 2 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 2 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 ++-- drivers/scsi/fnic/fnic_trace.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 4 ++-- drivers/staging/media/ipu3/ipu3-mmu.c | 2 +- drivers/vdpa/vdpa_user/iova_domain.c | 3 +-- drivers/virtio/virtio_mem.c | 6 +++--- fs/btrfs/zoned.c | 5 +++-- kernel/kcov.c | 2 +- lib/test_vmalloc.c | 12 ++++++------ 28 files changed, 56 insertions(+), 52 deletions(-)