mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-29 23:53:32 +00:00
mlxsw: Use size_mul() in call to struct_size()
[ Upstream commite22c6ea025
] If, for any reason, the open-coded arithmetic causes a wraparound, the protection that `struct_size()` adds against potential integer overflows is defeated. Fix this by hardening call to `struct_size()` with `size_mul()`. Fixes:2285ec872d
("mlxsw: spectrum_acl_bloom_filter: use struct_size() in kzalloc()") Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
3fc79c5686
commit
be25fc451e
1 changed files with 1 additions and 1 deletions
|
@ -496,7 +496,7 @@ mlxsw_sp_acl_bf_init(struct mlxsw_sp *mlxsw_sp, unsigned int num_erp_banks)
|
|||
* is 2^ACL_MAX_BF_LOG
|
||||
*/
|
||||
bf_bank_size = 1 << MLXSW_CORE_RES_GET(mlxsw_sp->core, ACL_MAX_BF_LOG);
|
||||
bf = kzalloc(struct_size(bf, refcnt, bf_bank_size * num_erp_banks),
|
||||
bf = kzalloc(struct_size(bf, refcnt, size_mul(bf_bank_size, num_erp_banks)),
|
||||
GFP_KERNEL);
|
||||
if (!bf)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
|
Loading…
Reference in a new issue