lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <963bad8f-11d7-ce02-ad01-d925a4ac8771@wanadoo.fr>
Date:   Sat, 27 May 2023 09:43:49 +0200
From:   Christophe JAILLET <christophe.jaillet@...adoo.fr>
To:     vkoul@...nel.org
Cc:     dmaengine@...r.kernel.org, linux-kernel@...r.kernel.org,
        kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] When 'mcf_edma' is allocated, some space is allocated for
 a flexible array at the end of the struct. 'chans' item are allocated, that
 is to say 'pdata->dma_channels'.

Le 27/05/2023 à 09:32, Christophe JAILLET a écrit :
> Then, this number of item is stored in 'mcf_edma->n_chans'.
> 
> A few lines later, if 'mcf_edma->n_chans' is 0, then a default value of 64
> is set.
> 
> This ends to no space allocated by devm_kzalloc() because chans was 0, but
> 64 items are read and/or written in some not allocated memory.
> 
> Change the logic to define a default value before allocating the memory.
> 
> Fixes: e7a3ff92eaf1 ("dmaengine: fsl-edma: add ColdFire mcf5441x edma support")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
> ---
> If I'm correct, then:
> 
>     - the default value is hard-coded as 64. There is also a
>          #define EDMA_CHANNELS 64
>       which maybe could be used, or renamed as EDMA_DEFAULT_CHANNELS
> 
>     - mcf_edma_err_handler() looks bogus, because it considers that
>       mcf_edma->chans has EDMA_CHANNELS items.
>       I guess that something related to mcf_edma->n_chans is what is
>       expected, but how should this be done?
> 
> Maybe, the EDMA_CHANNELS value should be used all the time?
> Maybe, the number of chans should be limited to EDMA_CHANNELS?
> Maybe, the number of chans should be at least EDMA_CHANNELS?
> 
> Maybe, maybe, maybe, but me, I don't know :(
> 
> All I know is that this patch compiles :)
> and that it can gives Dan an idea for smatch for checking access to un-allocated
> memory related to flexible array :)
> ---
>   drivers/dma/mcf-edma.c | 13 +++++++------
>   1 file changed, 7 insertions(+), 6 deletions(-)
> 

NAK, subject line missing.

A better V2 has been sent.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ