| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Nov 2021 22:36:05 +0100
From: Krzysztof Wilczyński <kw@...ux.com>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>
Cc: toan@...amperecomputing.com, lorenzo.pieralisi@....com,
robh@...nel.org, bhelgaas@...gle.com, linux-pci@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] PCI: xgene-msi: Use bitmap_zalloc() when applicable
Hi Christophe!
> 'xgene_msi->bitmap' is a bitmap. So use 'bitmap_zalloc()' to simplify code,
> improve the semantic and avoid some open-coded arithmetic in allocator
> arguments.
>
> Also change the corresponding 'kfree()' into 'bitmap_free()' to keep
> consistency.
I believe, after having a brief look, that we might have a few other
candidates that we could also update:
drivers/pci/controller/dwc/pcie-designware-ep.c
717: ep->ib_window_map = devm_kcalloc(dev,
724: ep->ob_window_map = devm_kcalloc(dev,
drivers/pci/controller/pcie-iproc-msi.c
592: msi->bitmap = devm_kcalloc(pcie->dev, BITS_TO_LONGS(msi->nr_msi_vecs),
drivers/pci/controller/pcie-xilinx-nwl.c
470: bit = bitmap_find_free_region(msi->bitmap, INT_PCI_MSI_NR,
567: msi->bitmap = kzalloc(size, GFP_KERNEL);
637: msi->bitmap = NULL;
drivers/pci/controller/pcie-iproc-msi.c
262: hwirq = bitmap_find_free_region(msi->bitmap, msi->nr_msi_vecs,
290: bitmap_release_region(msi->bitmap, hwirq,
drivers/pci/controller/pcie-xilinx-nwl.c
470: bit = bitmap_find_free_region(msi->bitmap, INT_PCI_MSI_NR,
494: bitmap_release_region(msi->bitmap, data->hwirq,
drivers/pci/controller/pcie-brcmstb.c
537: hwirq = bitmap_find_free_region(&msi->used, msi->nr, 0);
546: bitmap_release_region(&msi->used, hwirq, 0);
drivers/pci/controller/pcie-xilinx.c
240: hwirq = bitmap_find_free_region(port->msi_map, XILINX_NUM_MSI_IRQS, order_base_2(nr_irqs));
263: bitmap_release_region(port->msi_map, d->hwirq, order_base_2(nr_irqs));
Some of the above could also potentially benefit from being converted to
use the DECLARE_BITMAP() macro to create the bitmap that is then being
embedded into some struct used to capture details and state, rather than
store a pointer to later allocate memory dynamically. Some controller
drivers already do this, so we could convert rest where appropriate.
What do you think?
We also have this nudge from Coverity that we could fix, as per:
532 static int brcm_msi_alloc(struct brcm_msi *msi)
533 {
534 int hwirq;
535
536 mutex_lock(&msi->lock);
1. address_of: Taking address with &msi->used yields a singleton pointer.
CID 1468487 (#1 of 1): Out-of-bounds access (ARRAY_VS_SINGLETON)2. callee_ptr_arith: Passing &msi->used to function bitmap_find_free_region which uses it as an array. This might corrupt or misinterpret adjacent memory locations. [show details]
537 hwirq = bitmap_find_free_region(&msi->used, msi->nr, 0);
538 mutex_unlock(&msi->lock);
539
540 return hwirq;
541 }
543 static void brcm_msi_free(struct brcm_msi *msi, unsigned long hwirq)
544 {
545 mutex_lock(&msi->lock);
1. address_of: Taking address with &msi->used yields a singleton pointer.
CID 1468424 (#1 of 1): Out-of-bounds access (ARRAY_VS_SINGLETON)2. callee_ptr_arith: Passing &msi->used to function bitmap_release_region which uses it as an array. This might corrupt or misinterpret adjacent memory locations. [show details]
546 bitmap_release_region(&msi->used, hwirq, 0);
547 mutex_unlock(&msi->lock);
548 }
We could look at addressing this too at the same time.
[...]
> - int size = BITS_TO_LONGS(NR_MSI_VEC) * sizeof(long);
> -
> - xgene_msi->bitmap = kzalloc(size, GFP_KERNEL);
> + xgene_msi->bitmap = bitmap_zalloc(NR_MSI_VEC, GFP_KERNEL);
> if (!xgene_msi->bitmap)
> return -ENOMEM;
>
> @@ -360,7 +358,7 @@ static int xgene_msi_remove(struct platform_device *pdev)
>
> kfree(msi->msi_groups);
>
> - kfree(msi->bitmap);
> + bitmap_free(msi->bitmap);
> msi->bitmap = NULL;
>
> xgene_free_domains(msi);
Thank you!
Reviewed-by: Krzysztof Wilczyński <kw@...ux.com>
Krzysztof
Powered by blists - more mailing lists