subject:"\[PATCH 3\/8\] vhost\: vringh\: use krealloc

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

2020-10-28 Thread Bartosz Golaszewski

On Tue, Oct 27, 2020 at 6:08 PM Joe Perches  wrote:
>
> On Tue, 2020-10-27 at 17:58 +0100, Bartosz Golaszewski wrote:
> > On Tue, Oct 27, 2020 at 5:50 PM Joe Perches  wrote:
> > >
> > > On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote:
> > > > On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote:
> > > > > From: Bartosz Golaszewski 
> > > > >
> > > > > Use the helper that checks for overflows internally instead of 
> > > > > manually
> > > > > calculating the size of the new array.
> > > > >
> > > > > Signed-off-by: Bartosz Golaszewski 
> > > >
> > > > No problem with the patch, it does introduce some symmetry in the code.
> > >
> > > Perhaps more symmetry by using kmemdup
> > > ---
> > >  drivers/vhost/vringh.c | 23 ++-
> > >  1 file changed, 10 insertions(+), 13 deletions(-)
> > >
> > > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> > > index 8bd8b403f087..99222a3651cd 100644
> > > --- a/drivers/vhost/vringh.c
> > > +++ b/drivers/vhost/vringh.c
> > > @@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh 
> > > *vrh,
> > >  static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp)
> > >  {
> > > struct kvec *new;
> > > -   unsigned int flag, new_num = (iov->max_num & 
> > > ~VRINGH_IOV_ALLOCATED) * 2;
> > > +   size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2;
> > > +   size_t size;
> > >
> > > if (new_num < 8)
> > > new_num = 8;
> > >
> > > -   flag = (iov->max_num & VRINGH_IOV_ALLOCATED);
> > > -   if (flag)
> > > -   new = krealloc(iov->iov, new_num * sizeof(struct iovec), 
> > > gfp);
> > > -   else {
> > > -   new = kmalloc_array(new_num, sizeof(struct iovec), gfp);
> > > -   if (new) {
> > > -   memcpy(new, iov->iov,
> > > -  iov->max_num * sizeof(struct iovec));
> > > -   flag = VRINGH_IOV_ALLOCATED;
> > > -   }
> > > -   }
> > > +   if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), 
> > > )))
> > > +   return -ENOMEM;
> > > +
> >
> > The whole point of using helpers such as kmalloc_array() is not doing
> > these checks manually.
>
> Tradeoffs for in readability for overflow and not mistyping or doing
> the multiplication of iov->max_num * sizeof(struct iovec) twice.
>

It's out of scope for this series - I want to add users for
krealloc_array(), not refactor code I don't really know. If the
maintainer of this bit objects, it can be dropped.

> Just fyi:
>
> the realloc doesn't do a multiplication overflow test as written so the
> suggestion is slightly more resistant to defect.
>

I'm not sure what your point is. I used krealloc_array() exactly for
this reason - to add the overflow test.

BTW I suppose kmalloc_array() here can be replaced with
krealloc_array() if the original pointer is NULL the first time it's
called.

Bartosz
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

2020-10-28 Thread Bartosz Golaszewski

On Tue, Oct 27, 2020 at 5:50 PM Joe Perches  wrote:
>
> On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote:
> > On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote:
> > > From: Bartosz Golaszewski 
> > >
> > > Use the helper that checks for overflows internally instead of manually
> > > calculating the size of the new array.
> > >
> > > Signed-off-by: Bartosz Golaszewski 
> >
> > No problem with the patch, it does introduce some symmetry in the code.
>
> Perhaps more symmetry by using kmemdup
> ---
>  drivers/vhost/vringh.c | 23 ++-
>  1 file changed, 10 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> index 8bd8b403f087..99222a3651cd 100644
> --- a/drivers/vhost/vringh.c
> +++ b/drivers/vhost/vringh.c
> @@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh *vrh,
>  static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp)
>  {
> struct kvec *new;
> -   unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 
> 2;
> +   size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2;
> +   size_t size;
>
> if (new_num < 8)
> new_num = 8;
>
> -   flag = (iov->max_num & VRINGH_IOV_ALLOCATED);
> -   if (flag)
> -   new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp);
> -   else {
> -   new = kmalloc_array(new_num, sizeof(struct iovec), gfp);
> -   if (new) {
> -   memcpy(new, iov->iov,
> -  iov->max_num * sizeof(struct iovec));
> -   flag = VRINGH_IOV_ALLOCATED;
> -   }
> -   }
> +   if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), 
> )))
> +   return -ENOMEM;
> +

The whole point of using helpers such as kmalloc_array() is not doing
these checks manually.

Bartosz

> +   if (iov->max_num & VRINGH_IOV_ALLOCATED)
> +   new = krealloc(iov->iov, size, gfp);
> +   else
> +   new = kmemdup(iov->iov, size, gfp);
> if (!new)
> return -ENOMEM;
> iov->iov = new;
> -   iov->max_num = (new_num | flag);
> +   iov->max_num = new_num | VRINGH_IOV_ALLOCATED;
> return 0;
>  }
>
>
>
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

[PATCH 3/8] vhost: vringh: use krealloc_array()

2020-10-28 Thread Bartosz Golaszewski

From: Bartosz Golaszewski 

Use the helper that checks for overflows internally instead of manually
calculating the size of the new array.

Signed-off-by: Bartosz Golaszewski 
---
 drivers/vhost/vringh.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 8bd8b403f087..08a0e1c842df 100644
--- a/drivers/vhost/vringh.c
+++ b/drivers/vhost/vringh.c
@@ -198,7 +198,8 @@ static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp)
 
flag = (iov->max_num & VRINGH_IOV_ALLOCATED);
if (flag)
-   new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp);
+   new = krealloc_array(iov->iov, new_num,
+sizeof(struct iovec), gfp);
else {
new = kmalloc_array(new_num, sizeof(struct iovec), gfp);
if (new) {
-- 
2.29.1

___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

2020-10-27 Thread Joe Perches

On Tue, 2020-10-27 at 17:58 +0100, Bartosz Golaszewski wrote:
> On Tue, Oct 27, 2020 at 5:50 PM Joe Perches  wrote:
> > 
> > On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote:
> > > On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote:
> > > > From: Bartosz Golaszewski 
> > > > 
> > > > Use the helper that checks for overflows internally instead of manually
> > > > calculating the size of the new array.
> > > > 
> > > > Signed-off-by: Bartosz Golaszewski 
> > > 
> > > No problem with the patch, it does introduce some symmetry in the code.
> > 
> > Perhaps more symmetry by using kmemdup
> > ---
> >  drivers/vhost/vringh.c | 23 ++-
> >  1 file changed, 10 insertions(+), 13 deletions(-)
> > 
> > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> > index 8bd8b403f087..99222a3651cd 100644
> > --- a/drivers/vhost/vringh.c
> > +++ b/drivers/vhost/vringh.c
> > @@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh *vrh,
> >  static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp)
> >  {
> > struct kvec *new;
> > -   unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) 
> > * 2;
> > +   size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2;
> > +   size_t size;
> > 
> > if (new_num < 8)
> > new_num = 8;
> > 
> > -   flag = (iov->max_num & VRINGH_IOV_ALLOCATED);
> > -   if (flag)
> > -   new = krealloc(iov->iov, new_num * sizeof(struct iovec), 
> > gfp);
> > -   else {
> > -   new = kmalloc_array(new_num, sizeof(struct iovec), gfp);
> > -   if (new) {
> > -   memcpy(new, iov->iov,
> > -  iov->max_num * sizeof(struct iovec));
> > -   flag = VRINGH_IOV_ALLOCATED;
> > -   }
> > -   }
> > +   if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), 
> > )))
> > +   return -ENOMEM;
> > +
> 
> The whole point of using helpers such as kmalloc_array() is not doing
> these checks manually.

Tradeoffs for in readability for overflow and not mistyping or doing
the multiplication of iov->max_num * sizeof(struct iovec) twice.

Just fyi:

the realloc doesn't do a multiplication overflow test as written so the
suggestion is slightly more resistant to defect.

   

___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

2020-10-27 Thread Joe Perches

On Tue, 2020-10-27 at 11:28 -0400, Michael S. Tsirkin wrote:
> On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote:
> > From: Bartosz Golaszewski 
> > 
> > Use the helper that checks for overflows internally instead of manually
> > calculating the size of the new array.
> > 
> > Signed-off-by: Bartosz Golaszewski 
> 
> No problem with the patch, it does introduce some symmetry in the code.

Perhaps more symmetry by using kmemdup
---
 drivers/vhost/vringh.c | 23 ++-
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 8bd8b403f087..99222a3651cd 100644
--- a/drivers/vhost/vringh.c
+++ b/drivers/vhost/vringh.c
@@ -191,26 +191,23 @@ static int move_to_indirect(const struct vringh *vrh,
 static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp)
 {
struct kvec *new;
-   unsigned int flag, new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2;
+   size_t new_num = (iov->max_num & ~VRINGH_IOV_ALLOCATED) * 2;
+   size_t size;
 
if (new_num < 8)
new_num = 8;
 
-   flag = (iov->max_num & VRINGH_IOV_ALLOCATED);
-   if (flag)
-   new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp);
-   else {
-   new = kmalloc_array(new_num, sizeof(struct iovec), gfp);
-   if (new) {
-   memcpy(new, iov->iov,
-  iov->max_num * sizeof(struct iovec));
-   flag = VRINGH_IOV_ALLOCATED;
-   }
-   }
+   if (unlikely(check_mul_overflow(new_num, sizeof(struct iovec), )))
+   return -ENOMEM;
+
+   if (iov->max_num & VRINGH_IOV_ALLOCATED)
+   new = krealloc(iov->iov, size, gfp);
+   else
+   new = kmemdup(iov->iov, size, gfp);
if (!new)
return -ENOMEM;
iov->iov = new;
-   iov->max_num = (new_num | flag);
+   iov->max_num = new_num | VRINGH_IOV_ALLOCATED;
return 0;
 }
 
 

___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

2020-10-27 Thread Michael S. Tsirkin

On Tue, Oct 27, 2020 at 01:17:20PM +0100, Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski 
> 
> Use the helper that checks for overflows internally instead of manually
> calculating the size of the new array.
> 
> Signed-off-by: Bartosz Golaszewski 

No problem with the patch, it does introduce some symmetry in the code.

Acked-by: Michael S. Tsirkin 



> ---
>  drivers/vhost/vringh.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> index 8bd8b403f087..08a0e1c842df 100644
> --- a/drivers/vhost/vringh.c
> +++ b/drivers/vhost/vringh.c
> @@ -198,7 +198,8 @@ static int resize_iovec(struct vringh_kiov *iov, gfp_t 
> gfp)
>  
>   flag = (iov->max_num & VRINGH_IOV_ALLOCATED);
>   if (flag)
> - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp);
> + new = krealloc_array(iov->iov, new_num,
> +  sizeof(struct iovec), gfp);
>   else {
>   new = kmalloc_array(new_num, sizeof(struct iovec), gfp);
>   if (new) {
> -- 
> 2.29.1

___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

[PATCH 3/8] vhost: vringh: use krealloc_array()

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

Re: [PATCH 3/8] vhost: vringh: use krealloc_array()

6 matches

Site Navigation

Mail list logo

Footer information