lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 23 Feb 2019 19:34:33 -0600
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     Joe Perches <joe@...ches.com>,
        James Smart <james.smart@...adcom.com>,
        Christoph Hellwig <hch@....de>,
        Sagi Grimberg <sagi@...mberg.me>
Cc:     linux-nvme@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] nvmet-fc: use zero-sized array and struct_size() in
 kzalloc()



On 2/23/19 2:28 PM, Gustavo A. R. Silva wrote:
> Hey Joe,
> 
> On 2/23/19 2:05 PM, Joe Perches wrote:
>> On Sat, 2019-02-23 at 12:51 -0600, Gustavo A. R. Silva wrote:
>>> Update the code to use a zero-sized array instead of a pointer in
>>> structure nvmet_fc_tgt_queue and use struct_size() in kzalloc().
>> []
>>> This code was detected with the help of Coccinelle.
>>
>> Really?
>> Impressive script that found this one.
>>
> 
> See my comments below.
> 
>>> diff --git a/drivers/nvme/target/fc.c b/drivers/nvme/target/fc.c
>> []
>>> @@ -128,12 +128,12 @@ struct nvmet_fc_tgt_queue {
>>>  	struct nvmet_cq			nvme_cq;
>>>  	struct nvmet_sq			nvme_sq;
>>>  	struct nvmet_fc_tgt_assoc	*assoc;
>>> -	struct nvmet_fc_fcp_iod		*fod;		/* array of fcp_iods */
>>>  	struct list_head		fod_list;
>>>  	struct list_head		pending_cmd_list;
>>>  	struct list_head		avail_defer_list;
>>>  	struct workqueue_struct		*work_q;
>>>  	struct kref			ref;
>>> +	struct nvmet_fc_fcp_iod		fod[];		/* array of fcp_iods */
>>>  } __aligned(sizeof(unsigned long long));
>>
>> Moving a pointer from the middle of a struct to
>> the end seems unusual for coccinelle.
>>
>>
> 
> Notice that the commit log says "detected", which does not imply
> the script made the transformation by itself. :)
> 
> And all the script detected was this piece of code:
> 
> 	queue = kzalloc((sizeof(*queue) +
> 				(sizeof(struct nvmet_fc_fcp_iod) * sqsize)),
> 				GFP_KERNEL);
> 
> 

Which is enough to mention the tool.

Thanks
--
Gustavo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ