lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2026020529-maturing-whoops-0c55@gregkh>
Date: Thu, 5 Feb 2026 17:12:38 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: jindongyang <jindongyang@...inos.cn>
Cc: linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/usb: misc: use kmalloc_array() instead of
 kmalloc() to prevent overflow

On Thu, Jan 29, 2026 at 05:32:02PM +0800, jindongyang wrote:
> Documentation/process/deprecated.rst recommends against the use of
> kmalloc with dynamic size calculations due to the risk of overflow.
> 
> Replace kmalloc() with kmalloc_array() in adutux.c to make the
> intended allocation size clearer and avoid potential overflow issues.
> 
> No functional change intended.
> 
> Signed-off-by: jindongyang <jindongyang@...inos.cn>

We need a name here, not an email alias.

> ---
>  drivers/usb/misc/adutux.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/misc/adutux.c b/drivers/usb/misc/adutux.c
> index ed6a19254d2f..000a3ade7432 100644
> --- a/drivers/usb/misc/adutux.c
> +++ b/drivers/usb/misc/adutux.c
> @@ -680,7 +680,7 @@ static int adu_probe(struct usb_interface *interface,
>  	in_end_size = usb_endpoint_maxp(dev->interrupt_in_endpoint);
>  	out_end_size = usb_endpoint_maxp(dev->interrupt_out_endpoint);
>  
> -	dev->read_buffer_primary = kmalloc((4 * in_end_size), GFP_KERNEL);
> +	dev->read_buffer_primary = kmalloc_array(4, in_end_size, GFP_KERNEL);

This really doesn't do anything, as there can't be an overflow, right?
So please don't imply that there is in the changelog and subject line.

This is just a "janitorial" patch that does not do anything different.
So there is not really a need for it that I can determine, correct?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ