| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <D81D1EE2-92A0-42D5-9238-9B05E4BDE230@chromium.org>
Date: Sat, 18 Sep 2021 06:51:51 -0700
From: Kees Cook <keescook@...omium.org>
To: Len Baker <len.baker@....com>,
"K. Y. Srinivasan" <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Sumit Semwal <sumit.semwal@...aro.org>,
Christian König <christian.koenig@....com>
CC: Colin Ian King <colin.king@...onical.com>,
linux-hardening@...r.kernel.org, linux-hyperv@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-media@...r.kernel.org, dri-devel@...ts.freedesktop.org,
linaro-mm-sig@...ts.linaro.org
Subject: Re: [PATCH] net: mana: Prefer struct_size over open coded arithmetic
On September 18, 2021 6:20:10 AM PDT, Len Baker <len.baker@....com> wrote:
>Hi,
>
>On Sat, Sep 11, 2021 at 12:28:18PM +0200, Len Baker wrote:
>> As noted in the "Deprecated Interfaces, Language Features, Attributes,
>> and Conventions" documentation [1], size calculations (especially
>> multiplication) should not be performed in memory allocator (or similar)
>> function arguments due to the risk of them overflowing. This could lead
>> to values wrapping around and a smaller allocation being made than the
>> caller was expecting. Using those allocations could lead to linear
>> overflows of heap memory and other misbehaviors.
>>
>> So, use the struct_size() helper to do the arithmetic instead of the
>> argument "size + count * size" in the kzalloc() function.
>>
>> [1] https://www.kernel.org/doc/html/v5.14/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments
>>
>> Signed-off-by: Len Baker <len.baker@....com>
>> ---
>> drivers/net/ethernet/microsoft/mana/hw_channel.c | 4 +---
>> 1 file changed, 1 insertion(+), 3 deletions(-)
>>
>> diff --git a/drivers/net/ethernet/microsoft/mana/hw_channel.c b/drivers/net/ethernet/microsoft/mana/hw_channel.c
>> index 1a923fd99990..0efdc6c3c32a 100644
>> --- a/drivers/net/ethernet/microsoft/mana/hw_channel.c
>> +++ b/drivers/net/ethernet/microsoft/mana/hw_channel.c
>> @@ -398,9 +398,7 @@ static int mana_hwc_alloc_dma_buf(struct hw_channel_context *hwc, u16 q_depth,
>> int err;
>> u16 i;
>>
>> - dma_buf = kzalloc(sizeof(*dma_buf) +
>> - q_depth * sizeof(struct hwc_work_request),
>> - GFP_KERNEL);
>> + dma_buf = kzalloc(struct_size(dma_buf, reqs, q_depth), GFP_KERNEL);
>> if (!dma_buf)
>> return -ENOMEM;
>>
>> --
>> 2.25.1
>>
>
>I have received a email from the linux-media subsystem telling that this
>patch is not applicable. The email is the following:
>
>Hello,
>
>The following patch (submitted by you) has been updated in Patchwork:
>
> * linux-media: net: mana: Prefer struct_size over open coded arithmetic
> - http://patchwork.linuxtv.org/project/linux-media/patch/20210911102818.3804-1-len.baker@gmx.com/
> - for: Linux Media kernel patches
> was: New
> now: Not Applicable
>
>This email is a notification only - you do not need to respond.
>
>The question is: Why it is not applicable?. I have no received any bad comment
>and a "Reviewed-by:" tag from Haiyang Zhang. So, what is the reason for the
>"Not Applicable" state?.
That is the "Media" subsystem patch tracker. The patch appears to be for networking, so the Media tracker has marked it as "not applicable [to the media subsystem]".
The CC list for this patch seems rather wide (media, dri). I would have expected only netdev. Were you using scripts/get_maintainer.pl for getting addresses?
-Kees
Powered by blists - more mailing lists