UPSTREAM: introduce SIZE_MAX

ULONG_MAX is often used to check for integer overflow when calculating
allocation size.  While ULONG_MAX happens to work on most systems, there
is no guarantee that `size_t' must be the same size as `long'.

This patch introduces SIZE_MAX, the maximum value of `size_t', to improve
portability and readability for allocation size validation.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Acked-by: Alex Elder <elder@dreamhost.com>
Cc: David Airlie <airlied@linux.ie>
Cc: Pekka Enberg <penberg@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit a3860c1c5dd1137db23d7786d284939c5761d517)

Change-Id: Ic87ed61f0bbcd4d92ab3c8e898d0519d4d905ffb
BUG=chromium-os:38211
TEST=adhoc
build, boot, test for gobi presence

Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Change-Id: I82b6bf09368b7cc6a1ea1d2813f482cdf4fab424
Reviewed-on: https://gerrit.chromium.org/gerrit/42742
Reviewed-by: Kees Cook <keescook@chromium.org>

diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c
index f04c0961f9937eb6f553978f10942800818528ba..e5206fc765620f3b550c2457e1f271cb9d81c8c8 100644 (file)
--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -331,7 +331,7 @@ static int build_snap_context(struct ceph_snap_realm *realm)
 
        /* alloc new snap context */
        err = -ENOMEM;
-       if (num > (ULONG_MAX - sizeof(*snapc)) / sizeof(u64))
+       if (num > (SIZE_MAX - sizeof(*snapc)) / sizeof(u64))
                goto fail;
        snapc = kzalloc(sizeof(*snapc) + num*sizeof(u64), GFP_NOFS);
        if (!snapc)

diff --git a/include/drm/drm_mem_util.h b/include/drm/drm_mem_util.h
index 6bd325fedc873ae4785a619e8a679f339d562485..19a240446fca657e9928e93defa3ead34905ee56 100644 (file)
--- a/include/drm/drm_mem_util.h
+++ b/include/drm/drm_mem_util.h
@@ -31,7 +31,7 @@
 
 static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
 {
-       if (size != 0 && nmemb > ULONG_MAX / size)
+       if (size != 0 && nmemb > SIZE_MAX / size)
                return NULL;
 
        if (size * nmemb <= PAGE_SIZE)
@@ -44,7 +44,7 @@ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
 /* Modeled after cairo's malloc_ab, it's like calloc but without the zeroing. */
 static __inline__ void *drm_malloc_ab(size_t nmemb, size_t size)
 {
-       if (size != 0 && nmemb > ULONG_MAX / size)
+       if (size != 0 && nmemb > SIZE_MAX / size)
                return NULL;
 
        if (size * nmemb <= PAGE_SIZE)

diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index fbabfba0c319e1c581b4e9e50207429353563dc2..6dc379f0b8e45080b993353e52dd275ac439f5c8 100644 (file)
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -35,6 +35,7 @@
 #define LLONG_MAX      ((long long)(~0ULL>>1))
 #define LLONG_MIN      (-LLONG_MAX - 1)
 #define ULLONG_MAX     (~0ULL)
+#define SIZE_MAX       (~(size_t)0)
 
 #define STACK_MAGIC    0xdeadbeef
 

diff --git a/include/linux/slab.h b/include/linux/slab.h
index a595dce6b0c7596d1481e2c87a2b55028c66a449..67d5d94b783a4b4ba97b53fc9d0adf9fd885af34 100644 (file)
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -242,7 +242,7 @@ size_t ksize(const void *);
  */
 static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags)
 {
-       if (size != 0 && n > ULONG_MAX / size)
+       if (size != 0 && n > SIZE_MAX / size)
                return NULL;
        return __kmalloc(n * size, flags);
 }