| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8dc12a18-58ee-4df6-a9f3-12d8c05a0954@gmail.com> Date: Mon, 20 Oct 2025 23:06:34 +0100 From: Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@...il.com> To: Shuah Khan <skhan@...uxfoundation.org>, javierm@...hat.com, maarten.lankhorst@...ux.intel.com, mripard@...nel.org, tzimmermann@...e.de, airlied@...il.com, simona@...ll.ch Cc: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org, david.hunter.linux@...il.com, khalid@...nel.org, linux-kernel-mentees@...ts.linuxfoundation.org Subject: Re: [PATCH] drm/solomon: Use kmalloc_array() instead of kmalloc() On 10/20/25 9:56 PM, Shuah Khan wrote: > On 10/20/25 15:38, Mehdi Ben Hadj Khelifa wrote: >> On 10/20/25 9:08 PM, Shuah Khan wrote: >>> On 10/19/25 08:58, Mehdi Ben Hadj Khelifa wrote: >>>> Replace kmalloc() with kmalloc_array() in several places to correctly >>>> handle array allocations and benefit from built-in overflow checking. >>>> This prevents potential integer overflows[1] when computing allocation >>>> sizes from width, height, pitch, or page values. >>>> >>>> [1]:https://docs.kernel.org/process/deprecated.html >>> >>> Mu understanding is that this document lists deprecates APIs so people >>> don't keep adding new ones. >>> >>> I didn't get the impression that we are supposed to go delete them from >>> the kernel and cause a churn. >>> >> the document[1] specifically quotes the following:" >> Dynamic size calculations (especially multiplication) should not be >> performed in memory allocator (or similar) function arguments due to >> the risk of them overflowing. This could lead to values wrapping >> around and a smaller allocation being made than the caller was >> expecting. Using those allocations could lead to linear overflows of >> heap memory and other misbehaviors. (One exception to this is literal >> values where the compiler can warn if they might overflow. However, >> the preferred way in these cases is to refactor the code as suggested >> below to avoid the open-coded arithmetic.)" >> Specifically mentionned the refactor of the code base in such cases >> which is why i'm doing the patches in the first place.Also i'm trying >> the best to send patches related to the issue where such issues of >> overflow are present or to be consistent with the same API used within >> the same subsystem. >> [1]:https://docs.kernel.org/process/deprecated.html> How are you >> testing these changes - do you have this hardware? >>> >>>> >> I have a raspberrypi zero 2 wh that i'm using in combination with the >> ssd1306 OLED panel via I2C to test it's rendering and it's working >> properly by using modetest and seeing no regressions or warnings in >> dmesg. >> > > Send v2 with all these details and why this change is needed > in the first place. > Okay, I will do that as soon as possible.> When and how does this potential problem trigger? Is this a > theoretical or does this happen in this code path and how? > Next time include all of these details people understand the > problem better. > We'll do in the next iteration.Thanks BR, Mehdi> thanks, > -- Shuah >
Powered by blists - more mailing lists