VMCI: Remove handle_arr_calc_size()

Use struct_size() instead of handle_arr_calc_size().
This is much more conventional.

While at it, use size_add() when computing the needed size in
vmci_handle_arr_append_entry(). This prevents from (unlikely) overflow
when computing the new size to reallocate.

Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/84e7f2d8e7c4c2eab68f958307d56546978f76e3.1702125347.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/misc/vmw_vmci/vmci_handle_array.c b/drivers/misc/vmw_vmci/vmci_handle_array.c
index de7fee7ead1bccbfc3ce1faa052b06b521281321..681b3500125ab38573f2a6a196896d3c1f195cda 100644 (file)
--- a/drivers/misc/vmw_vmci/vmci_handle_array.c
+++ b/drivers/misc/vmw_vmci/vmci_handle_array.c
@@ -8,12 +8,6 @@
 #include <linux/slab.h>
 #include "vmci_handle_array.h"
 
-static size_t handle_arr_calc_size(u32 capacity)
-{
-       return VMCI_HANDLE_ARRAY_HEADER_SIZE +
-           capacity * sizeof(struct vmci_handle);
-}
-
 struct vmci_handle_arr *vmci_handle_arr_create(u32 capacity, u32 max_capacity)
 {
        struct vmci_handle_arr *array;
@@ -25,7 +19,7 @@ struct vmci_handle_arr *vmci_handle_arr_create(u32 capacity, u32 max_capacity)
                capacity = min((u32)VMCI_HANDLE_ARRAY_DEFAULT_CAPACITY,
                               max_capacity);
 
-       array = kmalloc(handle_arr_calc_size(capacity), GFP_ATOMIC);
+       array = kmalloc(struct_size(array, entries, capacity), GFP_ATOMIC);
        if (!array)
                return NULL;
 
@@ -51,8 +45,8 @@ int vmci_handle_arr_append_entry(struct vmci_handle_arr **array_ptr,
                struct vmci_handle_arr *new_array;
                u32 capacity_bump = min(array->max_capacity - array->capacity,
                                        array->capacity);
-               size_t new_size = handle_arr_calc_size(array->capacity +
-                                                      capacity_bump);
+               size_t new_size = struct_size(array, entries,
+                                             size_add(array->capacity, capacity_bump));
 
                if (array->size >= array->max_capacity)
                        return VMCI_ERROR_NO_MEM;