| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120213194446.GD26353@mwanda>
Date: Mon, 13 Feb 2012 22:44:46 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Christoph Lameter <cl@...ux.com>
Cc: Xi Wang <xi.wang@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Jesper Juhl <jj@...osbits.net>, Jens Axboe <axboe@...nel.dk>,
Pekka Enberg <penberg@...nel.org>,
linux-kernel@...r.kernel.org, Matt Mackall <mpm@...enic.com>,
David Rientjes <rientjes@...gle.com>
Subject: Re: [PATCH RFC v2] slab: introduce kmalloc_array
On Mon, Feb 13, 2012 at 10:01:42AM -0600, Christoph Lameter wrote:
> Well I think the best is just not do any of this. One can already do
> k[zm]alloc(x * sizeof(struct whatever)). Do x*x for 2 dimensions etc etc.
> No need to change the API.
>
The point was that there are a bunch of places where we have had
integer overflows caused by doing kmalloc(x * sizeof(struct whatever)).
For kzalloc(x * sizeof(struct whatever)), you just write it like
kcalloc(x, sizeof(struct whatever)) and avoid the overflow, but we
don't have a non-zeroing version of kcalloc() to do that.
Probably once we have the kmalloc_array() and people start using it,
we get a bunch of overflow checking automatically and it's a kernel
hardenning thing. As well we could remove the duplicative checking
so it's a cleanup.
> If you add these variants then please think
> about the necessity to add other variants (like the kmalloc_node() NUMA
> call) etc in the future.
>
We don't have a kcalloc_node(), so I don't think this is likely to
be a big issue.
regards,
dan carpenter
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists