On Mon, Jun 26, 2023 at 11:26:55AM +0200, Andi Shyti wrote: > > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > > index 4ec85308379a..df52385ad436 100644 > > --- a/drivers/gpu/drm/i915/gvt/gtt.c > > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > > @@ -1969,14 +1969,16 @@ static struct intel_vgpu_mm *intel_vgpu_create_ggtt_mm(struct intel_vgpu *vgpu) > > return ERR_PTR(-ENOMEM); > > } > > > > - mm->ggtt_mm.host_ggtt_aperture = vzalloc((vgpu_aperture_sz(vgpu) >> PAGE_SHIFT) * sizeof(u64)); > > + mm->ggtt_mm.host_ggtt_aperture = > > + vzalloc(array_size(vgpu_aperture_sz(vgpu) >> PAGE_SHIFT, sizeof(u64))); > > if (!mm->ggtt_mm.host_ggtt_aperture) { > > vfree(mm->ggtt_mm.virtual_ggtt); > > vgpu_free_mm(mm); > > return ERR_PTR(-ENOMEM); > > } > > > > - mm->ggtt_mm.host_ggtt_hidden = vzalloc((vgpu_hidden_sz(vgpu) >> PAGE_SHIFT) * sizeof(u64)); > > + mm->ggtt_mm.host_ggtt_hidden = > > + vzalloc(array_size(vgpu_hidden_sz(vgpu) >> PAGE_SHIFT, sizeof(u64))); > > thanks for this patch, but I see an issue here. array_size() > truncates the allocation to SIZE_MAX, and I'm OK with it. > > The problem is that no error is notified and the user doesn't > know that a truncation has happened. So that if we save from an > overflow here, we might encur to an unwanted access later when we > would start using the array for the size we think is allocated. SIZE_MAX allocations are guaranteed to fail, so the NULL check will still return -ENOMEM. > > kmalloc_array(), for example, returns NULL of there is a > multiplication overflow and I think that's a better behaviour, > although more drastic. It's the same either way. regards, dan carpenter