lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <02e617bec795d2ef371069f2d5fb954dfb31a450@intel.com>
Date: Mon, 20 Oct 2025 12:50:04 +0300
From: Jani Nikula <jani.nikula@...ux.intel.com>
To: Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@...il.com>, Thomas
 Zimmermann <tzimmermann@...e.de>, Greg KH <gregkh@...uxfoundation.org>
Cc: lanzano.alex@...il.com, maarten.lankhorst@...ux.intel.com,
 mripard@...nel.org, airlied@...il.com, simona@...ll.ch,
 dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
 skhan@...uxfoundation.org, david.hunter.linux@...il.com,
 khalid@...nel.org, linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH] drm/tiny: Use kmalloc_array() instead of kmalloc()

On Sun, 19 Oct 2025, Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@...il.com> wrote:
> On 10/19/25 3:47 PM, Thomas Zimmermann wrote:
>> Hi
>> 
>> Am 19.10.25 um 16:34 schrieb Greg KH:
>>> On Sun, Oct 19, 2025 at 04:12:28PM +0100, Mehdi Ben Hadj Khelifa wrote:
>>>> Replace kmalloc() with kmalloc_array() to correctly
>>>> handle array allocations and benefit from built-in overflow checking[1].
>>>>
>>>> [1]:https://docs.kernel.org/process/deprecated.html
>>>>
>>>> Signed-off-by: Mehdi Ben Hadj Khelifa <mehdi.benhadjkhelifa@...il.com>
>>>> ---
>>>>   drivers/gpu/drm/tiny/repaper.c | 2 +-
>>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/gpu/drm/tiny/repaper.c b/drivers/gpu/drm/tiny/ 
>>>> repaper.c
>>>> index 4824f863fdba..290132c24ff9 100644
>>>> --- a/drivers/gpu/drm/tiny/repaper.c
>>>> +++ b/drivers/gpu/drm/tiny/repaper.c
>>>> @@ -534,7 +534,7 @@ static int repaper_fb_dirty(struct 
>>>> drm_framebuffer *fb, const struct iosys_map *
>>>>       DRM_DEBUG("Flushing [FB:%d] st=%ums\n", fb->base.id,
>>>>             epd->factored_stage_time);
>>>> -    buf = kmalloc(fb->width * fb->height / 8, GFP_KERNEL);
>>>> +    buf = kmalloc_array(fb->height / 8, fb->width, GFP_KERNEL);

Also worth emphasizing that this is wildly wrong for any height that is
not a multiple of 8.

And I thought I shot down a similar patch not long ago.

Is there some tool that suggests doing this? Fix the tool instead
please.

BR,
Jani.




>>> This isn't an array, so this function change doesn't seem to make much
>>> sense, right?  The size should have already been checked earlier in the
>>> call change to be correct.
> Yes,I was intending to say framebuffer but I was working on another 
> similar patch simultaneously so I reused same words by mistake. Thanks 
> for clarifying that.>
>> Yes, we've recently received plenty of these pointless changes. The 
>> correct code would compute the number of bytes per pixel using 
>> drm_format_info_min_pitch() and multiply with fb->height. The latter 
>> could (maybe) use kmalloc_array(). It would still not be an array in the 
>> common sense.
>> 
> Thanks for the review and suggestion.I will be sending a v2 patch with 
> the recommended code change.
>
> Best Regards,
> Mehdi Ben Hadj Khelifa> Best regards
>> Thomas
>> 
>>>
>>> thanks,
>>>
>>> greg k-h
>> 
>> -- 
>> -- 
>> Thomas Zimmermann
>> Graphics Driver Developer
>> SUSE Software Solutions Germany GmbH
>> Frankenstrasse 146, 90461 Nuernberg, Germany
>> GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
>> HRB 36809 (AG Nuernberg)
>

-- 
Jani Nikula, Intel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ