lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1718537455-20208-1-git-send-email-quic_zijuhu@quicinc.com>
Date: Sun, 16 Jun 2024 19:30:55 +0800
From: Zijun Hu <quic_zijuhu@...cinc.com>
To: <gregkh@...uxfoundation.org>, <rafael@...nel.org>
CC: <andriy.shevchenko@...ux.intel.com>, <brgl@...ev.pl>,
        <linux-kernel@...r.kernel.org>, <stable@...r.kernel.org>,
        Zijun Hu
	<quic_zijuhu@...cinc.com>
Subject: [PATCH v2] devres: Fix devm_krealloc() allocating memory with wrong size

Kernel API devm_krealloc() calls alloc_dr() with wrong argument
@total_new_size, and it will cause more memory to be allocated
than required, fixed by using @new_size as alloc_dr()'s argument.

Fixes: f82485722e5d ("devres: provide devm_krealloc()")
Cc: stable@...r.kernel.org
Signed-off-by: Zijun Hu <quic_zijuhu@...cinc.com>
---
V2: Add inline comments and stable tag

Previous discussion link:
https://lore.kernel.org/all/1718531655-29761-1-git-send-email-quic_zijuhu@quicinc.com/

 drivers/base/devres.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/base/devres.c b/drivers/base/devres.c
index 3df0025d12aa..0d4e5d1b9967 100644
--- a/drivers/base/devres.c
+++ b/drivers/base/devres.c
@@ -896,9 +896,12 @@ void *devm_krealloc(struct device *dev, void *ptr, size_t new_size, gfp_t gfp)
 	/*
 	 * Otherwise: allocate new, larger chunk. We need to allocate before
 	 * taking the lock as most probably the caller uses GFP_KERNEL.
+	 * alloc_dr() will call check_dr_size() to reserve extra memory such
+	 * as struct devres_node automatically, so size @new_size user request
+	 * is delivered to it directly as devm_kmalloc() does.
 	 */
 	new_dr = alloc_dr(devm_kmalloc_release,
-			  total_new_size, gfp, dev_to_node(dev));
+			  new_size, gfp, dev_to_node(dev));
 	if (!new_dr)
 		return NULL;
 
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ