>> Did you notice the check "IS_ERR(bp_data)" and the corresponding reaction >> in this update suggestion? > > Yes, but bp_data may still be a valid (as in "not an error") value. Thanks for your constructive feedback. > Your commit a1708a2eaded836b ("KVM: s390: Improve determination of sizes in > kvm_s390_import_bp_data()") made the code more robust, as kmalloc_array() ha > a builtin overflow check, and will return NULL if overflow is detected. > However, commit 0624a8eb82efd58e ("KVM: s390: Use memdup_user() rather than > duplicating code") dropped that safety net again. * How much are you concerned about the shown software evolution around multiplications for memory allocations? * Does there really a probability remain that an inappropriate product would be calculated here (as the situation was before my two update steps for this software module)? * Can it be that you are looking for a variant of a function like "memdup_user" where values can be passed as separate parameters "count" and "size" so that the needed multiplication and corresponding overflow check would be performed together as desired? Regards, Markus -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html