lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Jun 2019 08:09:27 -0700 From: Doug Anderson <dianders@...omium.org> To: "stable@...r.kernel.org" <stable@...r.kernel.org> Cc: LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Denis Kirjanov <kda@...ux-powerpc.org>, Nadav Amit <namit@...are.com>, Mauro Carvalho Chehab <mchehab+samsung@...nel.org>, Laurent Pinchart <laurent.pinchart@...asonboard.com>, Ben Hutchings <ben@...adent.org.uk>, Tomasz Figa <tfiga@...omium.org>, Guenter Roeck <groeck@...omium.org> Subject: Re: [PATCH 3.16 025/305] media: uvcvideo: Fix uvc_alloc_entity() allocation alignment Hi, On Sun, Feb 3, 2019 at 5:50 AM Ben Hutchings <ben@...adent.org.uk> wrote: > > 3.16.63-rc1 review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Nadav Amit <namit@...are.com> > > commit 89dd34caf73e28018c58cd193751e41b1f8bdc56 upstream. > > The use of ALIGN() in uvc_alloc_entity() is incorrect, since the size of > (entity->pads) is not a power of two. As a stop-gap, until a better > solution is adapted, use roundup() instead. > > Found by a static assertion. Compile-tested only. > > Fixes: 4ffc2d89f38a ("uvcvideo: Register subdevices for each entity") > > Signed-off-by: Nadav Amit <namit@...are.com> > Signed-off-by: Laurent Pinchart <laurent.pinchart@...asonboard.com> > Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@...nel.org> > Signed-off-by: Ben Hutchings <ben@...adent.org.uk> > --- > drivers/media/usb/uvc/uvc_driver.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- a/drivers/media/usb/uvc/uvc_driver.c > +++ b/drivers/media/usb/uvc/uvc_driver.c > @@ -826,7 +826,7 @@ static struct uvc_entity *uvc_alloc_enti > unsigned int size; > unsigned int i; > > - extra_size = ALIGN(extra_size, sizeof(*entity->pads)); > + extra_size = roundup(extra_size, sizeof(*entity->pads)); > num_inputs = (type & UVC_TERM_OUTPUT) ? num_pads : num_pads - 1; > size = sizeof(*entity) + extra_size + sizeof(*entity->pads) * num_pads > + num_inputs; Funny that this commit made its way to 3.16 but didn't make its way to 4.19 (at least checking 4.19.43). I haven't seen any actual crashes caused by the lack of this commit but it seems like the kind of thing we probably want picked back to other stable kernels too. -Doug
Powered by blists - more mailing lists