| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Aug 2021 17:41:02 +0200
From: Len Baker <len.baker@....com>
To: Kees Cook <keescook@...omium.org>
Cc: Len Baker <len.baker@....com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Michael Straube <straube.linux@...il.com>,
Lee Jones <lee.jones@...aro.org>,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH 2/2] staging/rtl8192u: Prefer kcalloc over open coded
arithmetic
Hi Kees,
On Sun, Aug 22, 2021 at 07:59:51AM -0700, Kees Cook wrote:
> On Sun, Aug 22, 2021 at 04:28:20PM +0200, Len Baker wrote:
> > Dynamic size calculations (especially multiplication) should not be
> > performed in memory allocator (or similar) function arguments due to the
> > risk of them overflowing. This could lead to values wrapping around and
> > a smaller allocation being made than the caller was expecting. Using
> > those allocations could lead to linear overflows of heap memory and
> > other misbehaviors.
> >
> > So, use the purpose specific kcalloc() function instead of the argument
> > size * count in the kzalloc() function.
>
> It might be useful to reference the documentation on why this change is
> desired:
> https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments
Ok, I will add this info to the next version. Thanks for the advise.
> Here and in the docs, though, it's probably worth noting that these
> aren't actually dynamic sizes: both sides of the multiplication are
> constant values. I still think it's best to refactor these anyway, just
> to keep the open-coded math idiom out of code, though.
Ok, I will change the commit message to note this. Also I will send
a patch to add this info to the documentation.
> Also, have you looked at Coccinelle at all? I have a hideous pile of
> rules that try to find these instances, but it really needs improvement:
> https://github.com/kees/coccinelle-linux-allocator-overflow/tree/trunk/array_size
I think my script is even worst ;) but find some arithmetic to improve :)
I will take a look. Thanks for the info.
> Reviewed-by: Kees Cook <keescook@...omium.org>
>
Regards,
Len
> >
> > Signed-off-by: Len Baker <len.baker@....com>
> > ---
> > drivers/staging/rtl8192u/r819xU_phy.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/staging/rtl8192u/r819xU_phy.c b/drivers/staging/rtl8192u/r819xU_phy.c
> > index ff6fe2ee3349..97f4d89500ae 100644
> > --- a/drivers/staging/rtl8192u/r819xU_phy.c
> > +++ b/drivers/staging/rtl8192u/r819xU_phy.c
> > @@ -1195,17 +1195,17 @@ static u8 rtl8192_phy_SwChnlStepByStep(struct net_device *dev, u8 channel,
> > u8 e_rfpath;
> > bool ret;
> >
> > - pre_cmd = kzalloc(sizeof(*pre_cmd) * MAX_PRECMD_CNT, GFP_KERNEL);
> > + pre_cmd = kcalloc(MAX_PRECMD_CNT, sizeof(*pre_cmd), GFP_KERNEL);
> > if (!pre_cmd)
> > return false;
> >
> > - post_cmd = kzalloc(sizeof(*post_cmd) * MAX_POSTCMD_CNT, GFP_KERNEL);
> > + post_cmd = kcalloc(MAX_POSTCMD_CNT, sizeof(*post_cmd), GFP_KERNEL);
> > if (!post_cmd) {
> > kfree(pre_cmd);
> > return false;
> > }
> >
> > - rf_cmd = kzalloc(sizeof(*rf_cmd) * MAX_RFDEPENDCMD_CNT, GFP_KERNEL);
> > + rf_cmd = kcalloc(MAX_RFDEPENDCMD_CNT, sizeof(*rf_cmd), GFP_KERNEL);
> > if (!rf_cmd) {
> > kfree(pre_cmd);
> > kfree(post_cmd);
> > --
> > 2.25.1
> >
>
> --
> Kees Cook
Powered by blists - more mailing lists