lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <1361219758-112250-1-git-send-email-tim.gardner@canonical.com>
Date:	Mon, 18 Feb 2013 13:35:58 -0700
From:	Tim Gardner <tim.gardner@...onical.com>
To:	linux-kernel@...r.kernel.org
Cc:	Tim Gardner <tim.gardner@...onical.com>,
	Chirag Kantharia <chirag.kantharia@...com>,
	iss_storagedev@...com
Subject: [PATCH linux-next] cpqarray: do_ida_request() - reduce stack frame size

do_ida_request() can be called from within interrupt context.
A stack frame of more then 1K runs the risk of overflowing the
kernel stack. Correct this situation by dynamically allocating
the large (and temporary) scatter/gather array. A failure from kmalloc()
will leave a stack trace in the kernel log.

drivers/block/cpqarray.c: In function ‘do_ida_request’:
drivers/block/cpqarray.c:969:1: warning: the frame size of 1072 bytes is larger than 1024 bytes [-Wframe-larger-than=]

Cc: Chirag Kantharia <chirag.kantharia@...com>
Cc: iss_storagedev@...com
Signed-off-by: Tim Gardner <tim.gardner@...onical.com>
---
 drivers/block/cpqarray.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
index 3f08713..2715b35 100644
--- a/drivers/block/cpqarray.c
+++ b/drivers/block/cpqarray.c
@@ -908,9 +908,13 @@ static void do_ida_request(struct request_queue *q)
 	ctlr_info_t *h = q->queuedata;
 	cmdlist_t *c;
 	struct request *creq;
-	struct scatterlist tmp_sg[SG_MAX];
+	struct scatterlist *tmp_sg;
 	int i, dir, seg;
 
+	tmp_sg = kmalloc(sizeof(*tmp_sg) * SG_MAX, GFP_ATOMIC);
+	if (!tmp_sg)
+		return;
+
 queue_next:
 	creq = blk_peek_request(q);
 	if (!creq)
@@ -966,6 +970,7 @@ DBGPX(	printk("Submitting %u sectors in %d segments\n", blk_rq_sectors(creq), se
 
 startio:
 	start_io(h);
+	kfree(tmp_sg);
 }
 
 /* 
-- 
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ