Re: [PATCH][next] gve: Use size_add() in call to struct_size()

From: Kees Cook
Date: Fri Sep 15 2023 - 14:47:01 EST

Next message: Frank Li: "[PATCH 3/3] PCI: layerscape: add suspend/resume for ls1043a"
Previous message: Dmitry Baryshkov: "Re: [PATCH V2 3/4] thermal/drivers/tsens: Add support for IPQ5018 tsens"
In reply to: Gustavo A. R. Silva: "[PATCH][next] gve: Use size_add() in call to struct_size()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 15, 2023 at 12:17:49PM -0600, Gustavo A. R. Silva wrote:
> If, for any reason, `tx_stats_num + rx_stats_num` wraps around, the
> protection that struct_size() adds against potential integer overflows
> is defeated. Fix this by hardening call to struct_size() with size_add().
>
> Fixes: 691f4077d560 ("gve: Replace zero-length array with flexible-array member")
> Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>

Thanks, yes, this will maintain SIZE_MAX saturation if it happens.

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

--
Kees Cook

Next message: Frank Li: "[PATCH 3/3] PCI: layerscape: add suspend/resume for ls1043a"
Previous message: Dmitry Baryshkov: "Re: [PATCH V2 3/4] thermal/drivers/tsens: Add support for IPQ5018 tsens"
In reply to: Gustavo A. R. Silva: "[PATCH][next] gve: Use size_add() in call to struct_size()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]