From: Gleb C. <lna...@ya...> - 2023-07-21 07:39:29
|
Commit: 87235df GitHub URL: https://github.com/SCST-project/scst/commit/87235dfe3a2093b12ec8239553a80eacd3a59b22 Author: Gleb Chesnokov Date: 2023-07-21T10:38:34+03:00 Log Message: ----------- scst: Use vmalloc_array() and vcalloc() Use vmalloc_array() and vcalloc() to protect against multiplication overflows. The changes were done using the following Coccinelle semantic patch: // <smpl> @initialize:ocaml@ @@ let rename alloc = match alloc with "vmalloc" -> "vmalloc_array" | "vzalloc" -> "vcalloc" | _ -> failwith "unknown" @@ size_t e1,e2; constant C1, C2; expression E1, E2, COUNT, x1, x2, x3; typedef u8; typedef __u8; type t = {u8,__u8,char,unsigned char}; identifier alloc = {vmalloc,vzalloc}; fresh identifier realloc = script:ocaml(alloc) { rename alloc }; @@ ( alloc(x1*x2*x3) | alloc(C1 * C2) | alloc((sizeof(t)) * (COUNT), ...) | - alloc((e1) * (e2)) + realloc(e1, e2) | - alloc((e1) * (COUNT)) + realloc(COUNT, e1) | - alloc((E1) * (E2)) + realloc(E1, E2) ) // </smpl> Modified Paths: -------------- iscsi-scst/kernel/isert-scst/iser_rdma.c | 3 +- qla2x00t-32gbit/qla_init.c | 4 +-- scst/include/backport.h | 22 +++++++++++++++ scst/src/scst_dlm.c | 7 ++--- 4 files changed, 28 insertions(+), 8 deletions(-) =================================================================== diff --git a/iscsi-scst/kernel/isert-scst/iser_rdma.c b/iscsi-scst/kernel/isert-scst/iser_rdma.c index bad41bf..439e369 100644 --- a/iscsi-scst/kernel/isert-scst/iser_rdma.c +++ b/iscsi-scst/kernel/isert-scst/iser_rdma.c @@ -938,8 +938,7 @@ static struct isert_device *isert_device_create(struct ib_device *ib_dev) goto free_isert_dev; } - isert_dev->cq_desc = vmalloc(sizeof(*isert_dev->cq_desc) * - isert_dev->num_cqs); + isert_dev->cq_desc = vmalloc_array(isert_dev->num_cqs, sizeof(*isert_dev->cq_desc)); if (unlikely(isert_dev->cq_desc == NULL)) { PRINT_ERROR("Failed to allocate %zd bytes for iser cq_desc", sizeof(*isert_dev->cq_desc) * isert_dev->num_cqs); diff --git a/qla2x00t-32gbit/qla_init.c b/qla2x00t-32gbit/qla_init.c index 88da7b5..980c8f7 100644 --- a/qla2x00t-32gbit/qla_init.c +++ b/qla2x00t-32gbit/qla_init.c @@ -8437,7 +8437,7 @@ qla24xx_load_risc_flash(scsi_qla_host_t *vha, uint32_t *srisc_addr, ql_dbg(ql_dbg_init, vha, 0x0163, "-> fwdt%u template allocate template %#x words...\n", j, risc_size); - fwdt->template = vmalloc(risc_size * sizeof(*dcode)); + fwdt->template = vmalloc_array(risc_size, sizeof(*dcode)); if (!fwdt->template) { ql_log(ql_log_warn, vha, 0x0164, "-> fwdt%u failed allocate template.\n", j); @@ -8692,7 +8692,7 @@ qla24xx_load_risc_blob(scsi_qla_host_t *vha, uint32_t *srisc_addr) ql_dbg(ql_dbg_init, vha, 0x0173, "-> fwdt%u template allocate template %#x words...\n", j, risc_size); - fwdt->template = vmalloc(risc_size * sizeof(*dcode)); + fwdt->template = vmalloc_array(risc_size, sizeof(*dcode)); if (!fwdt->template) { ql_log(ql_log_warn, vha, 0x0174, "-> fwdt%u failed allocate template.\n", j); diff --git a/scst/include/backport.h b/scst/include/backport.h index f4fc281..a57cf53 100644 --- a/scst/include/backport.h +++ b/scst/include/backport.h @@ -849,6 +849,28 @@ static inline void kvfree(void *addr) } #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 18, 0) && \ + (LINUX_VERSION_CODE >> 8 != KERNEL_VERSION(5, 15, 0) >> 8 || \ + LINUX_VERSION_CODE < KERNEL_VERSION(5, 15, 54)) && \ + (!defined(RHEL_RELEASE_CODE) || \ + RHEL_RELEASE_CODE -0 < RHEL_RELEASE_VERSION(9, 0)) && \ + (!defined(UEK_KABI_RENAME) || \ + LINUX_VERSION_CODE < KERNEL_VERSION(5, 15, 0)) +/* + * See also commit a8749a35c3990 ("mm: vmalloc: introduce array allocation functions") # v5.18, + * v5.15.54. + */ +static inline void *vmalloc_array(size_t n, size_t size) +{ + return vmalloc(n * size); +} + +static inline void *vcalloc(size_t n, size_t size) +{ + return vzalloc(n * size); +} +#endif + /* <linux/shrinker.h> */ #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 0, 0) && \ diff --git a/scst/src/scst_dlm.c b/scst/src/scst_dlm.c index 8afedb1..7e634af 100644 --- a/scst/src/scst_dlm.c +++ b/scst/src/scst_dlm.c @@ -304,11 +304,10 @@ static int scst_copy_from_dlm(struct scst_device *dev, dlm_lockspace_t *ls, nr_registrants = be32_to_cpu(lvb->nr_registrants); if (nr_registrants) { - reg_lksb = vzalloc((sizeof(*reg_lksb) + PR_DLM_LVB_LEN) * - nr_registrants); + reg_lksb = vcalloc(nr_registrants, sizeof(*reg_lksb) + PR_DLM_LVB_LEN); if (!reg_lksb) { - PRINT_ERROR("%s: failed to allocate %d * %zd bytes of" - " memory", __func__, nr_registrants, + PRINT_ERROR("%s: failed to allocate %u * %zu bytes of memory", + __func__, nr_registrants, sizeof(*reg_lksb) + PR_DLM_LVB_LEN); goto out; } |