On 9/15/23 14:25, Gustavo A. R. Silva wrote:
> If, for any reason, the open-coded arithmetic causes a wraparound,
> the protection that `struct_size()` adds against potential integer
> overflows is defeated. Fix this by hardening call to `struct_size()`
> with `size_add()`.
>
> Fixes: 3f1071ec39f7 ("net: spider_net: Use struct_size() helper")
> Signed-off-by: Gustavo A. R. Silva <gustavo...@kernel.org>
> ---
> drivers/net/ethernet/toshiba/spider_net.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/toshiba/spider_net.c
> b/drivers/net/ethernet/toshiba/spider_net.c
> index 50d7eacfec58..87e67121477c 100644
> --- a/drivers/net/ethernet/toshiba/spider_net.c
> +++ b/drivers/net/ethernet/toshiba/spider_net.c
> @@ -2332,7 +2332,7 @@ spider_net_alloc_card(void)
> struct spider_net_card *card;
>
> netdev = alloc_etherdev(struct_size(card, darray,
> - tx_descriptors + rx_descriptors));
> + size_add(tx_descriptors,
> rx_descriptors)));
> if (!netdev)
> return NULL;
>
Looks good to me. Thanks for your fix-up.
Signed-off-by: Geoff Levand <ge...@infradead.org>
