lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 20 Aug 2023 17:02:42 +0200
From:   Christophe JAILLET <christophe.jaillet@...adoo.fr>
To:     Steven Rostedt <rostedt@...dmis.org>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Beau Belgrave <beaub@...ux.microsoft.com>
Cc:     linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
        Christophe JAILLET <christophe.jaillet@...adoo.fr>,
        linux-trace-kernel@...r.kernel.org
Subject: [PATCH] tracing/user_events: Fix an erroneous usage of struct_size()

If struct_size() returns a value that does not fit in a 'int', the size
passed to kzalloc() is wrong.

Remove the intermediate 'size' variable and use struct_size() directly.

Fixes: 7f5a08c79df3 ("user_events: Add minimal support for trace_event into ftrace")
Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
---
I don't know if 'size' can get bigger than a int in the real world, but the
change looks safe in any cases.

On x86_64, looking at the .s files, the previous code had an extra:
    movslq	%r13d, %r13
which really looks wrong to me.
---
 kernel/trace/trace_events_user.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 33cb6af31f39..67cc71a872b0 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -2153,7 +2153,7 @@ static int user_events_ref_add(struct user_event_file_info *info,
 {
 	struct user_event_group *group = info->group;
 	struct user_event_refs *refs, *new_refs;
-	int i, size, count = 0;
+	int i, count = 0;
 
 	refs = rcu_dereference_protected(info->refs,
 					 lockdep_is_held(&group->reg_mutex));
@@ -2166,10 +2166,8 @@ static int user_events_ref_add(struct user_event_file_info *info,
 				return i;
 	}
 
-	size = struct_size(refs, events, count + 1);
-
-	new_refs = kzalloc(size, GFP_KERNEL_ACCOUNT);
-
+	new_refs = kzalloc(struct_size(refs, events, count + 1),
+			   GFP_KERNEL_ACCOUNT);
 	if (!new_refs)
 		return -ENOMEM;
 
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ