On Fri, Sep 18, 2020 at 05:05:00AM -0700, Rustam Kovhaev wrote:
> Make use of the struct_size() helper to avoid any potential type
> mistakes and protect against potential integer overflows
> Make use of the flex_array_size() helper to calculate the size of a
> flexible array member within an enclosing structure
>
> Cc: stable@xxxxxxxxxxxxxxx
I don't think this change applies for -stable.
> Suggested-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
> Signed-off-by: Rustam Kovhaev <rkovhaev@xxxxxxxxx>
Reviewed-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
Thanks!
--
Gustavo
> ---
> virt/kvm/kvm_main.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index cf88233b819a..68edd25dcb11 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -4350,10 +4350,10 @@ void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
> new_bus = kmalloc(struct_size(bus, range, bus->dev_count - 1),
> GFP_KERNEL_ACCOUNT);
> if (new_bus) {
> - memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range));
> + memcpy(new_bus, bus, struct_size(bus, range, i));
> new_bus->dev_count--;
> memcpy(new_bus->range + i, bus->range + i + 1,
> - (new_bus->dev_count - i) * sizeof(struct kvm_io_range));
> + flex_array_size(new_bus, range, new_bus->dev_count - i));
> } else {
> pr_err("kvm: failed to shrink bus, removing it completely\n");
> for (j = 0; j < bus->dev_count; j++) {
> --
> 2.28.0
>
