Commit d0184830 authored by Julia Lawall's avatar Julia Lawall Committed by Manivannan Sadhasivam
Browse files

bus: mhi: host: use vmalloc_array and vcalloc 



Use vmalloc_array and vcalloc to protect against
multiplication overflows.

The changes were done using the following Coccinelle
semantic patch:

// <smpl>
@initialize:ocaml@
@@

let rename alloc =
  match alloc with
    "vmalloc" -> "vmalloc_array"
  | "vzalloc" -> "vcalloc"
  | _ -> failwith "unknown"

@@
    size_t e1,e2;
    constant C1, C2;
    expression E1, E2, COUNT, x1, x2, x3;
    typedef u8;
    typedef __u8;
    type t = {u8,__u8,char,unsigned char};
    identifier alloc = {vmalloc,vzalloc};
    fresh identifier realloc = script:ocaml(alloc) { rename alloc };
@@

(
      alloc(x1*x2*x3)
|
      alloc(C1 * C2)
|
      alloc((sizeof(t)) * (COUNT), ...)
|
-     alloc((e1) * (e2))
+     realloc(e1, e2)
|
-     alloc((e1) * (COUNT))
+     realloc(COUNT, e1)
|
-     alloc((E1) * (E2))
+     realloc(E1, E2)
)
// </smpl>

Reviewed-by: default avatarJeffrey Hugo <quic_jhugo@quicinc.com>
Signed-off-by: default avatarJulia Lawall <Julia.Lawall@inria.fr>
Link: https://lore.kernel.org/r/20230627144339.144478-11-Julia.Lawall@inria.fr


Signed-off-by: default avatarManivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
parent 104a8c5d

drivers/bus/mhi/host/init.c

+1 −1
Original line number Diff line number Diff line
@@ -759,7 +759,7 @@ static int parse_ch_cfg(struct mhi_controller *mhi_cntrl, 
	 * so to avoid any memory possible allocation failures, vzalloc is

	 * used here

	 */

	mhi_cntrl->mhi_chan = vzalloc(mhi_cntrl->max_chan *

	mhi_cntrl->mhi_chan = vcalloc(mhi_cntrl->max_chan,

				      sizeof(*mhi_cntrl->mhi_chan));

	if (!mhi_cntrl->mhi_chan)

		return -ENOMEM;