Instead of silently returning NULL on size overflows from array allocations, saturate the request to SIZE_MAX so the error will be surfaced to the allocator (and still return NULL).
Suggested-by: Vlastimil Babka <[email protected]> Link: https://lore.kernel.org/lkml/[email protected]/ Signed-off-by: Kees Cook <[email protected]> --- Cc: Vlastimil Babka <[email protected]> Cc: Andrew Morton <[email protected]> Cc: Christoph Lameter <[email protected]> Cc: David Rientjes <[email protected]> Cc: Roman Gushchin <[email protected]> Cc: Harry Yoo <[email protected]> Cc: <[email protected]> --- include/linux/slab.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index a5a5e4108ae5..8453c81c75c3 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -1105,7 +1105,7 @@ static inline __alloc_size(1, 2) void *kmalloc_array_noprof(size_t n, size_t siz size_t bytes; if (unlikely(check_mul_overflow(n, size, &bytes))) - return NULL; + bytes = SIZE_MAX; return kmalloc_noprof(bytes, flags); } #define kmalloc_array(...) alloc_hooks(kmalloc_array_noprof(__VA_ARGS__)) @@ -1135,7 +1135,7 @@ static inline __realloc_size(2, 3) void * __must_check krealloc_array_noprof(voi size_t bytes; if (unlikely(check_mul_overflow(new_n, new_size, &bytes))) - return NULL; + bytes = SIZE_MAX; return krealloc_noprof(p, bytes, flags); } @@ -1175,7 +1175,7 @@ static inline __alloc_size(1, 2) void *kmalloc_array_node_noprof(size_t n, size_ size_t bytes; if (unlikely(check_mul_overflow(n, size, &bytes))) - return NULL; + bytes = SIZE_MAX; if (__builtin_constant_p(n) && __builtin_constant_p(size)) return kmalloc_node_noprof(bytes, flags, node); return __kmalloc_node_noprof(PASS_BUCKET_PARAMS(bytes, NULL), flags, node); @@ -1223,7 +1223,7 @@ kvmalloc_array_node_noprof(size_t n, size_t size, gfp_t flags, int node) size_t bytes; if (unlikely(check_mul_overflow(n, size, &bytes))) - return NULL; + bytes = SIZE_MAX; return kvmalloc_node_align_noprof(bytes, 1, flags, node); } -- 2.34.1
