Re: [PATCH][net-next] net/mlx4: Use array_size() helper in copy_to_user()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 9/29/21 3:24 AM, Tariq Toukan wrote:
> 
> 
> On 9/28/2021 11:17 PM, Gustavo A. R. Silva wrote:
>> Use array_size() helper instead of the open-coded version in
>> copy_to_user(). These sorts of multiplication factors need
>> to be wrapped in array_size().
>>
>> Link: https://github.com/KSPP/linux/issues/160
>> Signed-off-by: Gustavo A. R. Silva <gustavoars@xxxxxxxxxx>
>> ---
>>   drivers/net/ethernet/mellanox/mlx4/cq.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/net/ethernet/mellanox/mlx4/cq.c b/drivers/net/ethernet/mellanox/mlx4/cq.c
>> index f7053a74e6a8..4d4f9cf9facb 100644
>> --- a/drivers/net/ethernet/mellanox/mlx4/cq.c
>> +++ b/drivers/net/ethernet/mellanox/mlx4/cq.c
>> @@ -314,7 +314,8 @@ static int mlx4_init_user_cqes(void *buf, int entries, int cqe_size)
>>               buf += PAGE_SIZE;
>>           }
>>       } else {
>> -        err = copy_to_user((void __user *)buf, init_ents, entries * cqe_size) ?
>> +        err = copy_to_user((void __user *)buf, init_ents,
>> +                   array_size(entries, cqe_size)) ?
>>               -EFAULT : 0;
>>       }
>>  
> 
> Thanks for your patch.
> Reviewed-by: Tariq Toukan <tariqt@xxxxxxxxxx>

Not sure why avoiding size_t overflows would make this code safer.
init_ents contains PAGE_SIZE bytes...

BTW

Is @entries guaranteed to be a power of two ?

This function seems to either copy one chunk ( <= PAGE_SIZE),
or a number of full pages.




[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux