lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180411003331.GM30522@ZenIV.linux.org.uk>
Date:   Wed, 11 Apr 2018 01:33:31 +0100
From:   Al Viro <viro@...IV.linux.org.uk>
To:     Kyle Spiers <ksspiers@...gle.com>
Cc:     jack@...e.cz, arnd@...db.de, dhowells@...hat.com,
        gregkh@...uxfoundation.org, keescook@...omium.org, joe@...ches.com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] isofs compress: Remove VLA usage

On Tue, Apr 10, 2018 at 04:45:32PM -0700, Kyle Spiers wrote:
> As part of the effort to remove VLAs from the kernel[1], this changes
> the allocation of the bhs and pages arrays from being on the stack to being
> kcalloc()ed. This also allows for the removal of the explicit zeroing
> of bhs.
> 
> https://lkml.org/lkml/2018/3/7/621

Do you even bother reading the feedback given to such patches?  I'm just
curious,

> @@ -80,7 +81,9 @@ static loff_t zisofs_uncompress_block(struct inode *inode, loff_t block_start,
>  
>  	/* Because zlib is not thread-safe, do all the I/O at the top. */
>  	blocknum = block_start >> bufshift;
> -	memset(bhs, 0, (needblocks + 1) * sizeof(struct buffer_head *));
> +	bhs = kcalloc(needblocks + 1, sizeof(*bhs), GFP_KERNEL);
> +	if (!bhs)
> +		return -ENOMEM;

... because I distinctly remember comments along the lines of "check what
other failure exits look like in there, such as
                *errp = -EIO;
                return 0;
nearby".

> @@ -330,6 +334,10 @@ static int zisofs_readpage(struct file *file, struct page *page)
>  		full_page = 0;
>  		pcount = 1;
>  	}
> +	pages = kcalloc(max_t(unsigned int, zisofs_pages_per_cblock, 1),
> +					sizeof(*pages), GFP_KERNEL);
> +	if (!pages)
> +		return -ENOMEM;
>  	pages[full_page] = page;

What, in your opinion, is going to unlock that page after that failure exit?

Powered by blists - more mailing lists