| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 7 Apr 2024 19:22:17 +0200
From: Erick Archer <erick.archer@...look.com>
To: Vinod Koul <vkoul@...nel.org>
Cc: Erick Archer <erick.archer@...look.com>,
Kees Cook <keescook@...omium.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
dmaengine@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] dmaengine: pl08x: Use kcalloc() instead of kzalloc()
Hi Vinod,
On Sun, Apr 07, 2024 at 05:09:39PM +0530, Vinod Koul wrote:
> On 30-03-24, 16:23, Erick Archer wrote:
> > This is an effort to get rid of all multiplications from allocation
> > functions in order to prevent integer overflows [1].
> >
> > Here the multiplication is obviously safe because the "channels"
> > member can only be 8 or 2. This value is set when the "vendor_data"
> > structs are initialized.
> >
> > static struct vendor_data vendor_pl080 = {
> > [...]
> > .channels = 8,
> > [...]
> > };
> >
> > static struct vendor_data vendor_nomadik = {
> > [...]
> > .channels = 8,
> > [...]
> > };
> >
> > static struct vendor_data vendor_pl080s = {
> > [...]
> > .channels = 8,
> > [...]
> > };
> >
> > static struct vendor_data vendor_pl081 = {
> > [...]
> > .channels = 2,
> > [...]
> > };
> >
> > However, using kcalloc() is more appropriate [1] and improves
> > readability. This patch has no effect on runtime behavior.
> >
> > Link: https://github.com/KSPP/linux/issues/162 [1]
> > Link: https://www.kernel.org/doc/html/next/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments [1]
> > Reviewed-by: Gustavo A. R. Silva <gustavoars@...nel.org>
> > Signed-off-by: Erick Archer <erick.archer@...look.com>
> > ---
> > Changes in v2:
> > - Add the "Reviewed-by:" tag.
> > - Rebase against linux-next.
> >
> > Previous versions:
> > v1 -> https://lore.kernel.org/linux-hardening/20240128115236.4791-1-erick.archer@gmx.com/
> >
> > Hi everyone,
> >
> > This patch seems to be lost. Gustavo reviewed it on January 30, 2024
> > but the patch has not been applied since.
> >
> > Thanks,
> > Erick
> > ---
> > drivers/dma/amba-pl08x.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/dma/amba-pl08x.c b/drivers/dma/amba-pl08x.c
> > index fbf048f432bf..73a5cfb4da8a 100644
> > --- a/drivers/dma/amba-pl08x.c
> > +++ b/drivers/dma/amba-pl08x.c
> > @@ -2855,8 +2855,8 @@ static int pl08x_probe(struct amba_device *adev, const struct amba_id *id)
> > }
> >
> > /* Initialize physical channels */
> > - pl08x->phy_chans = kzalloc((vd->channels * sizeof(*pl08x->phy_chans)),
> > - GFP_KERNEL);
> > + pl08x->phy_chans = kcalloc(vd->channels, sizeof(*pl08x->phy_chans),
> > + GFP_KERNEL);
>
> How is one better than the other?
>
The advantage of kcalloc is that it will prevent integer overflows that
could result from the multiplication of number of elements and size, and
it is also a bit nicer to read.
However, in this case the multiplication is obviously safe but the best
practice is to use the two factor form if available (as explained in the
section "open-coded arithmetic in allocator arguments" of the "Deprecated
Interfaces, Language Features, Attributes, and Conventions [1]"
[1] https://www.kernel.org/doc/html/next/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments
Regards,
Erick
>
> > if (!pl08x->phy_chans) {
> > ret = -ENOMEM;
> > goto out_no_phychans;
> > --
> > 2.25.1
>
> --
> ~Vinod
Powered by blists - more mailing lists