| Message ID | 20201027121725.24660-4-brgl@bgdev.pl (mailing list archive) |
|---|---|
| State | Not Applicable, archived |
| Headers |
Received: from vger.kernel.org ([23.128.96.18])
by www.linuxtv.org with esmtp (Exim 4.92)
(envelope-from <linux-media-owner@vger.kernel.org>)
id 1kXNvA-002aqH-QE; Tue, 27 Oct 2020 12:17:49 +0000
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S2899711AbgJ0MRq (ORCPT <rfc822;mkrufky@linuxtv.org> + 1 other);
Tue, 27 Oct 2020 08:17:46 -0400
Received: from mail-wr1-f68.google.com ([209.85.221.68]:40033 "EHLO
mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S2899672AbgJ0MRp (ORCPT
<rfc822;linux-media@vger.kernel.org>);
Tue, 27 Oct 2020 08:17:45 -0400
Received: by mail-wr1-f68.google.com with SMTP id h5so1638685wrv.7
for <linux-media@vger.kernel.org>;
Tue, 27 Oct 2020 05:17:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=bgdev-pl.20150623.gappssmtp.com; s=20150623;
h=from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=83y0wprNKfgsPdFQwYqYyBfxNCy5k5K/4PHHSUQ4ytQ=;
b=zjDtGi7YCC7prpyZ+g0XEgVkSu5ur1n0Z+4Onn8lSH6l5HhaPb2usVEdHqyUF70A1t
aUTOf8Tq+CbFmCsQoZg/QZDfe6BYR/DFPrrBJwD6HiW7tjdfR/sBEWsWaZKnLZINtomX
mE7Ig/cZHx2rYZqBTjkzv3ijY8hAIfVQDit/QeJSY5MeOkcFLBiM+J08PWHqktFzZQwX
UlgrIFCSx9xqlv1zNEtaXs3tPI9VHBmr65ek6JPy/L/FS56cLdvQizETmDuasggJPK/w
ztxubnZy+sT2oOAiJOCkZTqyimYvjT8WSyK/j0zpzQcNL15qg7LbhswKDAJng2PiYjm9
YBtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=83y0wprNKfgsPdFQwYqYyBfxNCy5k5K/4PHHSUQ4ytQ=;
b=YqV5dd6KVW7AofucJfExYz2iBJj8h6GBcS2OKBaDnDGOR1NurN0ye/c+Y0DQfs3zd1
dA2BPD/uv7kBt3gvrmcc2jOO/JvD2LEHAwbZEZp1MLOwThGI7Ql6ZuCnx91pJM0RWrsf
RKG7Mh1D8GIssuQg0+Jc6neh2IE+judaLzhkwxHlChWqpLVg0HdZwYeH+PKD26txBN/Y
2cB3RTcL12kT+Jrd4/bzuMbpOZju11WimUpq/p2YWyDVBzmeW5Oikd7BtwMcVt5CbXzm
GvAoCersVlRFBYHo5VlWnOYoCAtg6VM2jRCFPloiKJpElGiZsR0DXsFbZwCwKufued6A
TAgg==
X-Gm-Message-State: AOAM532CEZo0u7qCCSlm2eM72r1e1fSttblU1J5VtikJvuGu8p+oir0n
uooAgoqKp9MLqjERkC20VRidJQ==
X-Google-Smtp-Source:
ABdhPJxMHI/sTmjLh3ji2z2BWBH7Xp+55j5r8SrJ3qqB6liqhHnL/S90fy042cmGylsf7I4Q+2Y+Yg==
X-Received: by 2002:a5d:6a49:: with SMTP id t9mr2477521wrw.194.1603801062271;
Tue, 27 Oct 2020 05:17:42 -0700 (PDT)
Received: from debian-brgl.home (amarseille-656-1-4-167.w90-8.abo.wanadoo.fr.
[90.8.158.167])
by smtp.gmail.com with ESMTPSA id
a2sm1731908wrs.55.2020.10.27.05.17.40
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 27 Oct 2020 05:17:41 -0700 (PDT)
From: Bartosz Golaszewski <brgl@bgdev.pl>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Sumit Semwal <sumit.semwal@linaro.org>,
Gustavo Padovan <gustavo@padovan.org>,
=?utf-8?q?Christian_K=C3=B6nig?= <christian.koenig@amd.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>, Borislav Petkov <bp@alien8.de>,
Tony Luck <tony.luck@intel.com>, James Morse <james.morse@arm.com>,
Robert Richter <rric@kernel.org>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>, Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@linux.ie>, Daniel Vetter <daniel@ffwll.ch>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Linus Walleij <linus.walleij@linaro.org>,
"Michael S . Tsirkin" <mst@redhat.com>, Jason Wang <jasowang@redhat.com>,
Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>, Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>, Jaroslav Kysela <perex@perex.cz>,
Takashi Iwai <tiwai@suse.com>
Cc: linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org,
linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org,
linux-edac@vger.kernel.org, linux-gpio@vger.kernel.org,
kvm@vger.kernel.org, virtualization@lists.linux-foundation.org,
netdev@vger.kernel.org, linux-mm@kvack.org,
alsa-devel@alsa-project.org,
Bartosz Golaszewski <bgolaszewski@baylibre.com>
Subject: [PATCH 3/8] vhost: vringh: use krealloc_array()
Date: Tue, 27 Oct 2020 13:17:20 +0100
Message-Id: <20201027121725.24660-4-brgl@bgdev.pl>
X-Mailer: git-send-email 2.29.1
In-Reply-To: <20201027121725.24660-1-brgl@bgdev.pl>
References: <20201027121725.24660-1-brgl@bgdev.pl>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-media.vger.kernel.org>
X-Mailing-List: linux-media@vger.kernel.org
X-LSpam-Score: -2.4 (--)
X-LSpam-Report: No,
score=-2.4 required=5.0 tests=BAYES_00=-1.9,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.5,MAILING_LIST_MULTI=-1
autolearn=ham autolearn_force=no
|
| Series |
slab: provide and use krealloc_array()
|
|
Commit Message
Bartosz Golaszewski
Oct. 27, 2020, 12:17 p.m. UTC
From: Bartosz Golaszewski <bgolaszewski@baylibre.com> Use the helper that checks for overflows internally instead of manually calculating the size of the new array. Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> --- drivers/vhost/vringh.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Comments
On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote: > From: Bartosz Golaszewski <bgolaszewski@baylibre.com> > > Use the helper that checks for overflows internally instead of manually > calculating the size of the new array. > > Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> No problem with the patch, it does introduce some symmetry in the code. Acked-by: Michael S. Tsirkin <mst@redhat.com> > --- > drivers/vhost/vringh.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c > index 8bd8b403f087..08a0e1c842df 100644 > --- a/drivers/vhost/vringh.c > +++ b/drivers/vhost/vringh.c > @@ -198,7 +198,8 @@ static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp) > > flag = (iov->max_num & VRINGH_IOV_ALLOCATED); > if (flag) > - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp); > + new = krealloc_array(iov->iov, new_num, > + sizeof(struct iovec), gfp); > else { > new = kmalloc_array(new_num, sizeof(struct iovec), gfp); > if (new) { > -- > 2.29.1
On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote: > On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote: > > From: Bartosz Golaszewski <bgolaszewski@baylibre.com> > > > > Use the helper that checks for overflows internally instead of manually > > calculating the size of the new array. > > > > Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> > > No problem with the patch, it does introduce some symmetry in the code. Perhaps more symmetry by using kmemdup --- drivers/vhost/vringh.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c index 8bd8b403f087..99222a3651cd 100644 --- a/drivers/vhost/vringh.c +++ b/drivers/vhost/vringh.c @@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh *vrh, static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp) { struct kvec *new; - unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; + size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; + size_t size; if (new_num < 8) new_num = 8; - flag = (iov->max_num & VRINGH_IOV_ALLOCATED); - if (flag) - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp); - else { - new = kmalloc_array(new_num, sizeof(struct iovec), gfp); - if (new) { - memcpy(new, iov->iov, - iov->max_num * sizeof(struct iovec)); - flag = VRINGH_IOV_ALLOCATED; - } - } + if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), &size))) + return -ENOMEM; + + if (iov->max_num & VRINGH_IOV_ALLOCATED) + new = krealloc(iov->iov, size, gfp); + else + new = kmemdup(iov->iov, size, gfp); if (!new) return -ENOMEM; iov->iov = new; - iov->max_num = (new_num | flag); + iov->max_num = new_num | VRINGH_IOV_ALLOCATED; return 0; }
On Tue, Oct 27, 2020 at 5:50 PM Joe Perches <joe@perches.com> wrote: > > On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote: > > On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote: > > > From: Bartosz Golaszewski <bgolaszewski@baylibre.com> > > > > > > Use the helper that checks for overflows internally instead of manually > > > calculating the size of the new array. > > > > > > Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> > > > > No problem with the patch, it does introduce some symmetry in the code. > > Perhaps more symmetry by using kmemdup > --- > drivers/vhost/vringh.c | 23 ++++++++++------------- > 1 file changed, 10 insertions(+), 13 deletions(-) > > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c > index 8bd8b403f087..99222a3651cd 100644 > --- a/drivers/vhost/vringh.c > +++ b/drivers/vhost/vringh.c > @@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh *vrh, > static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp) > { > struct kvec *new; > - unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; > + size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; > + size_t size; > > if (new_num < 8) > new_num = 8; > > - flag = (iov->max_num & VRINGH_IOV_ALLOCATED); > - if (flag) > - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp); > - else { > - new = kmalloc_array(new_num, sizeof(struct iovec), gfp); > - if (new) { > - memcpy(new, iov->iov, > - iov->max_num * sizeof(struct iovec)); > - flag = VRINGH_IOV_ALLOCATED; > - } > - } > + if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), &size))) > + return -ENOMEM; > + The whole point of using helpers such as kmalloc_array() is not doing these checks manually. Bartosz > + if (iov->max_num & VRINGH_IOV_ALLOCATED) > + new = krealloc(iov->iov, size, gfp); > + else > + new = kmemdup(iov->iov, size, gfp); > if (!new) > return -ENOMEM; > iov->iov = new; > - iov->max_num = (new_num | flag); > + iov->max_num = new_num | VRINGH_IOV_ALLOCATED; > return 0; > } > > >
On Tue, 2020-10-27 at 17:58 +0100, Bartosz Golaszewski wrote: > On Tue, Oct 27, 2020 at 5:50 PM Joe Perches <joe@perches.com> wrote: > > > > On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote: > > > On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote: > > > > From: Bartosz Golaszewski <bgolaszewski@baylibre.com> > > > > > > > > Use the helper that checks for overflows internally instead of manually > > > > calculating the size of the new array. > > > > > > > > Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> > > > > > > No problem with the patch, it does introduce some symmetry in the code. > > > > Perhaps more symmetry by using kmemdup > > --- > > drivers/vhost/vringh.c | 23 ++++++++++------------- > > 1 file changed, 10 insertions(+), 13 deletions(-) > > > > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c > > index 8bd8b403f087..99222a3651cd 100644 > > --- a/drivers/vhost/vringh.c > > +++ b/drivers/vhost/vringh.c > > @@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh *vrh, > > static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp) > > { > > struct kvec *new; > > - unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; > > + size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; > > + size_t size; > > > > if (new_num < 8) > > new_num = 8; > > > > - flag = (iov->max_num & VRINGH_IOV_ALLOCATED); > > - if (flag) > > - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp); > > - else { > > - new = kmalloc_array(new_num, sizeof(struct iovec), gfp); > > - if (new) { > > - memcpy(new, iov->iov, > > - iov->max_num * sizeof(struct iovec)); > > - flag = VRINGH_IOV_ALLOCATED; > > - } > > - } > > + if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), &size))) > > + return -ENOMEM; > > + > > The whole point of using helpers such as kmalloc_array() is not doing > these checks manually. Tradeoffs for in readability for overflow and not mistyping or doing the multiplication of iov->max_num * sizeof(struct iovec) twice. Just fyi: the realloc doesn't do a multiplication overflow test as written so the suggestion is slightly more resistant to defect.
On Tue, Oct 27, 2020 at 6:08 PM Joe Perches <joe@perches.com> wrote: > > On Tue, 2020-10-27 at 17:58 +0100, Bartosz Golaszewski wrote: > > On Tue, Oct 27, 2020 at 5:50 PM Joe Perches <joe@perches.com> wrote: > > > > > > On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote: > > > > On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote: > > > > > From: Bartosz Golaszewski <bgolaszewski@baylibre.com> > > > > > > > > > > Use the helper that checks for overflows internally instead of manually > > > > > calculating the size of the new array. > > > > > > > > > > Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> > > > > > > > > No problem with the patch, it does introduce some symmetry in the code. > > > > > > Perhaps more symmetry by using kmemdup > > > --- > > > drivers/vhost/vringh.c | 23 ++++++++++------------- > > > 1 file changed, 10 insertions(+), 13 deletions(-) > > > > > > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c > > > index 8bd8b403f087..99222a3651cd 100644 > > > --- a/drivers/vhost/vringh.c > > > +++ b/drivers/vhost/vringh.c > > > @@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh *vrh, > > > static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp) > > > { > > > struct kvec *new; > > > - unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; > > > + size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2; > > > + size_t size; > > > > > > if (new_num < 8) > > > new_num = 8; > > > > > > - flag = (iov->max_num & VRINGH_IOV_ALLOCATED); > > > - if (flag) > > > - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp); > > > - else { > > > - new = kmalloc_array(new_num, sizeof(struct iovec), gfp); > > > - if (new) { > > > - memcpy(new, iov->iov, > > > - iov->max_num * sizeof(struct iovec)); > > > - flag = VRINGH_IOV_ALLOCATED; > > > - } > > > - } > > > + if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), &size))) > > > + return -ENOMEM; > > > + > > > > The whole point of using helpers such as kmalloc_array() is not doing > > these checks manually. > > Tradeoffs for in readability for overflow and not mistyping or doing > the multiplication of iov->max_num * sizeof(struct iovec) twice. > It's out of scope for this series - I want to add users for krealloc_array(), not refactor code I don't really know. If the maintainer of this bit objects, it can be dropped. > Just fyi: > > the realloc doesn't do a multiplication overflow test as written so the > suggestion is slightly more resistant to defect. > I'm not sure what your point is. I used krealloc_array() exactly for this reason - to add the overflow test. BTW I suppose kmalloc_array() here can be replaced with krealloc_array() if the original pointer is NULL the first time it's called. Bartosz
diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c index 8bd8b403f087..08a0e1c842df 100644 --- a/drivers/vhost/vringh.c +++ b/drivers/vhost/vringh.c @@ -198,7 +198,8 @@ static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp) flag = (iov->max_num & VRINGH_IOV_ALLOCATED); if (flag) - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp); + new = krealloc_array(iov->iov, new_num, + sizeof(struct iovec), gfp); else { new = kmalloc_array(new_num, sizeof(struct iovec), gfp); if (new) {