lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250206052523.16683-1-jiashengjiangcool@gmail.com>
Date: Thu,  6 Feb 2025 05:25:21 +0000
From: Jiasheng Jiang <jiashengjiangcool@...il.com>
To: markus.elfring@....de
Cc: GR-QLogic-Storage-Upstream@...vell.com,
	James.Bottomley@...senpartnership.com,
	arun.easi@...ium.com,
	bvanassche@....org,
	jhasan@...vell.com,
	jiashengjiangcool@...il.com,
	linux-kernel@...r.kernel.org,
	linux-scsi@...r.kernel.org,
	manish.rangankar@...ium.com,
	martin.petersen@...cle.com,
	nilesh.javali@...ium.com,
	skashyap@...vell.com
Subject: [PATCH 0/2] scsi: qedf: Replace alloction API and add null check

This patch series improves memory safety in the qedf SCSI driver by:

1. Replace kmalloc_array() with kcalloc() to avoid old (dirty) data being
   used/freed.
2. Add a check for "bdt_info". Otherwise, if one of the allocations
   for "cmgr->io_bdt_pool[i]" fails, "bdt_info->bd_tbl" will cause a NULL
   pointer dereference.

### Changelog:
#### v2:
- Replace kzalloc() with kcalloc().

Jiasheng Jiang (2):
  scsi: qedf: Replace kmalloc_array() with kcalloc()
  scsi: qedf: Add check for bdt_info

 drivers/scsi/qedf/qedf_io.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ