| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <878qi54myd.fsf@>
Date: Tue, 23 Sep 2025 10:01:14 +0200
From: Miquel Sabaté Solà <mssola@...ola.com>
To: linux-btrfs@...r.kernel.org
Cc: clm@...com, dsterba@...e.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] btrfs: Remove open-coded arithmetic in kmalloc
Miquel Sabaté Solà @ 2025-09-23 09:56 +02:
> This is an API cleanup in which the deprecated use of 'kmalloc' with
> open-coded arithmetic is being removed in favor of 'kmalloc_array'. This
> doesn't fix any overflow we are currently facing as all multipliers are
> bounded small numbers derived from number of items in leaves/nodes, but
> it's still a good idea to move away from deprecated uses of 'kmalloc'.
>
> Signed-off-by: Miquel Sabaté Solà <mssola@...ola.com>
>
> ---
>
> Changes in v2:
> - Provide better wording since this is not fixing any current overflow
> issues.
> - Drop commit introducing some new __free(kfree) uses in favor of a
> new patch set to be provided in the future which does a more
> systematic change.
>
> fs/btrfs/delayed-inode.c | 4 ++--
> fs/btrfs/tree-log.c | 9 +++------
> 2 files changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c
> index 6adfe62cd0c4..81577a0c601f 100644
> --- a/fs/btrfs/delayed-inode.c
> +++ b/fs/btrfs/delayed-inode.c
> @@ -738,8 +738,8 @@ static int btrfs_insert_delayed_item(struct btrfs_trans_handle *trans,
> u32 *ins_sizes;
> int i = 0;
>
> - ins_data = kmalloc(batch.nr * sizeof(u32) +
> - batch.nr * sizeof(struct btrfs_key), GFP_NOFS);
> + ins_data = kmalloc_array(batch.nr,
> + sizeof(u32) + sizeof(struct btrfs_key), GFP_NOFS);
> if (!ins_data) {
> ret = -ENOMEM;
> goto out;
> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
> index 7d19a8c5b2a3..d6471cd33f7f 100644
> --- a/fs/btrfs/tree-log.c
> +++ b/fs/btrfs/tree-log.c
> @@ -4062,8 +4062,7 @@ static int flush_dir_items_batch(struct btrfs_trans_handle *trans,
> struct btrfs_key *ins_keys;
> u32 *ins_sizes;
>
> - ins_data = kmalloc(count * sizeof(u32) +
> - count * sizeof(struct btrfs_key), GFP_NOFS);
> + ins_data = kmalloc_array(count, sizeof(u32) + sizeof(struct btrfs_key), GFP_NOFS);
> if (!ins_data)
> return -ENOMEM;
>
> @@ -4826,8 +4825,7 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
>
> src = src_path->nodes[0];
>
> - ins_data = kmalloc(nr * sizeof(struct btrfs_key) +
> - nr * sizeof(u32), GFP_NOFS);
> + ins_data = kmalloc_array(nr, sizeof(struct btrfs_key) + sizeof(u32), GFP_NOFS);
> if (!ins_data)
> return -ENOMEM;
>
> @@ -6532,8 +6530,7 @@ static int log_delayed_insertion_items(struct btrfs_trans_handle *trans,
> if (!first)
> return 0;
>
> - ins_data = kmalloc(max_batch_size * sizeof(u32) +
> - max_batch_size * sizeof(struct btrfs_key), GFP_NOFS);
> + ins_data = kmalloc_array(max_batch_size, sizeof(u32) + sizeof(struct btrfs_key), GFP_NOFS);
> if (!ins_data)
> return -ENOMEM;
> ins_sizes = (u32 *)ins_data;
As discussed with David Sterba, you can ignore this one as it has
already been addressed on his side.
Sorry for the noise.
Miquel
Download attachment "signature.asc" of type "application/pgp-signature" (898 bytes)
Powered by blists - more mailing lists