summaryrefslogtreecommitdiff
path: root/drivers/base
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2018-05-09 08:29:52 +0300
committerKees Cook <keescook@chromium.org>2018-06-05 22:16:51 +0300
commit2509b561f7c6599907c08cb364c86b8c45466e4f (patch)
tree4d9002abaf08e2ebcda9d313a2d825aeb198d102 /drivers/base
parent3b3b1a29eb89ba93f91213cbebb332a2ac31fa8b (diff)
downloadlinux-2509b561f7c6599907c08cb364c86b8c45466e4f.tar.xz
device: Use overflow helpers for devm_kmalloc()
Use the overflow helpers both in existing multiplication-using inlines as well as the addition-overflow case in the core allocation routine. Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'drivers/base')
-rw-r--r--drivers/base/devres.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/base/devres.c b/drivers/base/devres.c
index 95b67281cd2a..f98a097e73f2 100644
--- a/drivers/base/devres.c
+++ b/drivers/base/devres.c
@@ -84,9 +84,14 @@ static struct devres_group * node_to_group(struct devres_node *node)
static __always_inline struct devres * alloc_dr(dr_release_t release,
size_t size, gfp_t gfp, int nid)
{
- size_t tot_size = sizeof(struct devres) + size;
+ size_t tot_size;
struct devres *dr;
+ /* We must catch any near-SIZE_MAX cases that could overflow. */
+ if (unlikely(check_add_overflow(sizeof(struct devres), size,
+ &tot_size)))
+ return NULL;
+
dr = kmalloc_node_track_caller(tot_size, gfp, nid);
if (unlikely(!dr))
return NULL;