mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-25 20:05:39 +00:00
mlxsw: Use size_mul() in call to struct_size()
If, for any reason, the open-coded arithmetic causes a wraparound, the
protection that `struct_size()` adds against potential integer overflows
is defeated. Fix this by hardening call to `struct_size()` with `size_mul()`.
Fixes: 2285ec872d
("mlxsw: spectrum_acl_bloom_filter: use struct_size() in kzalloc()")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
74fa1a8238
commit
e22c6ea025
1 changed files with 1 additions and 1 deletions
|
@ -496,7 +496,7 @@ mlxsw_sp_acl_bf_init(struct mlxsw_sp *mlxsw_sp, unsigned int num_erp_banks)
|
|||
* is 2^ACL_MAX_BF_LOG
|
||||
*/
|
||||
bf_bank_size = 1 << MLXSW_CORE_RES_GET(mlxsw_sp->core, ACL_MAX_BF_LOG);
|
||||
bf = kzalloc(struct_size(bf, refcnt, bf_bank_size * num_erp_banks),
|
||||
bf = kzalloc(struct_size(bf, refcnt, size_mul(bf_bank_size, num_erp_banks)),
|
||||
GFP_KERNEL);
|
||||
if (!bf)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
|
Loading…
Reference in a new issue