| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e4f0290b-5d15-472f-acee-e1e1b0629ec0@gmail.com> Date: Mon, 20 Oct 2025 22:38:55 +0100 From: Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@...il.com> To: Shuah Khan <skhan@...uxfoundation.org>, javierm@...hat.com, maarten.lankhorst@...ux.intel.com, mripard@...nel.org, tzimmermann@...e.de, airlied@...il.com, simona@...ll.ch Cc: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org, david.hunter.linux@...il.com, khalid@...nel.org, linux-kernel-mentees@...ts.linuxfoundation.org Subject: Re: [PATCH] drm/solomon: Use kmalloc_array() instead of kmalloc() On 10/20/25 9:08 PM, Shuah Khan wrote: > On 10/19/25 08:58, Mehdi Ben Hadj Khelifa wrote: >> Replace kmalloc() with kmalloc_array() in several places to correctly >> handle array allocations and benefit from built-in overflow checking. >> This prevents potential integer overflows[1] when computing allocation >> sizes from width, height, pitch, or page values. >> >> [1]:https://docs.kernel.org/process/deprecated.html > > Mu understanding is that this document lists deprecates APIs so people > don't keep adding new ones. > > I didn't get the impression that we are supposed to go delete them from > the kernel and cause a churn. > the document[1] specifically quotes the following:" Dynamic size calculations (especially multiplication) should not be performed in memory allocator (or similar) function arguments due to the risk of them overflowing. This could lead to values wrapping around and a smaller allocation being made than the caller was expecting. Using those allocations could lead to linear overflows of heap memory and other misbehaviors. (One exception to this is literal values where the compiler can warn if they might overflow. However, the preferred way in these cases is to refactor the code as suggested below to avoid the open-coded arithmetic.)" Specifically mentionned the refactor of the code base in such cases which is why i'm doing the patches in the first place.Also i'm trying the best to send patches related to the issue where such issues of overflow are present or to be consistent with the same API used within the same subsystem. [1]:https://docs.kernel.org/process/deprecated.html> How are you testing these changes - do you have this hardware? > >> I have a raspberrypi zero 2 wh that i'm using in combination with the ssd1306 OLED panel via I2C to test it's rendering and it's working properly by using modetest and seeing no regressions or warnings in dmesg. Best Regards, Mehdi Ben Hadj Khelifa >> Signed-off-by: Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@...il.com> >> --- >> drivers/gpu/drm/solomon/ssd130x.c | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) >> > > thanks, > -- Shuah
Powered by blists - more mailing lists