lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8c414dd7-4a80-6ff2-03de-5340fb0d9c61@wanadoo.fr>
Date:   Mon, 10 Aug 2020 20:41:14 +0200
From:   Marion & Christophe JAILLET <christophe.jaillet@...adoo.fr>
To:     Dan Carpenter <dan.carpenter@...cle.com>
Cc:     alexander.deucher@....com, christian.koenig@....com,
        airlied@...ux.ie, daniel@...ll.ch, sumit.semwal@...aro.org,
        colton.w.lewis@...tonmail.com, Ori.Messinger@....com,
        m.szyprowski@...sung.com, bernard@...o.com,
        dri-devel@...ts.freedesktop.org, amd-gfx@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] drm: amdgpu: Use the correct size when allocating memory


Le 10/08/2020 à 17:42, Dan Carpenter a écrit :
> On Sun, Aug 09, 2020 at 10:34:06PM +0200, Christophe JAILLET wrote:
>> When '*sgt' is allocated, we must allocated 'sizeof(**sgt)' bytes instead
>> of 'sizeof(*sg)'. 'sg' (i.e. struct scatterlist) is smaller than
>> 'sgt' (i.e struct sg_table), so this could lead to memory corruption.
> The sizeof(*sg) is bigger than sizeof(**sgt) so this wastes memory but
> it won't lead to corruption.
>
>      11  struct scatterlist {
>      12          unsigned long   page_link;
>      13          unsigned int    offset;
>      14          unsigned int    length;
>      15          dma_addr_t      dma_address;
>      16  #ifdef CONFIG_NEED_SG_DMA_LENGTH
>      17          unsigned int    dma_length;
>      18  #endif
>      19  };
>
>      42  struct sg_table {
>      43          struct scatterlist *sgl;        /* the list */
>      44          unsigned int nents;             /* number of mapped entries */
>      45          unsigned int orig_nents;        /* original size of list */
>      46  };
>
> regards,
> dan carpenter


My bad. I read 'struct scatterlist sgl' (without the *)
Thanks for the follow-up, Dan.

Doesn't smatch catch such mismatch?
(I've not run smatch for a while, so it is maybe reported)

Well, the proposal is still valid, even if it has less impact as 
initially thought.

Thx for the review.

CJ

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ