From: Oliver Neukum <oneukum@suse.com>
To: "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
Subject: [v2] usb: iowarrior: replace kmalloc with kmalloc_array
Date: Mon, 27 Aug 2018 11:13:31 +0200 [thread overview]
Message-ID: <1535361211.9321.6.camel@suse.com> (raw)
On Do, 2018-08-23 at 12:44 -0500, Gustavo A. R. Silva wrote:
> A common flaw in the kernel is integer overflow during memory allocation
> size calculations. In an effort to reduce the frequency of these bugs,
> kmalloc_array was implemented, which allocates memory for an array,
> while at the same time detects integer overflow.
>
> This patch replaces cases of:
>
> kmalloc(a * b, gfp)
>
> with:
> kmalloc_array(a * b, gfp)
I am afraid there is a problem here. The driver currently is a gross
violation of the DMA rules. Unfortunately your patch does not fix that.
That is on anyrhing other than x86 you cannot take the size of a
report,
but you must use the size of a cache line.
Regards
Oliver
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Neukum <oneukum@suse.com>
To: "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
Subject: Re: [PATCH v2] usb: iowarrior: replace kmalloc with kmalloc_array
Date: Mon, 27 Aug 2018 11:13:31 +0200 [thread overview]
Message-ID: <1535361211.9321.6.camel@suse.com> (raw)
In-Reply-To: <20180823174415.GA26008@embeddedor.com>
On Do, 2018-08-23 at 12:44 -0500, Gustavo A. R. Silva wrote:
> A common flaw in the kernel is integer overflow during memory allocation
> size calculations. In an effort to reduce the frequency of these bugs,
> kmalloc_array was implemented, which allocates memory for an array,
> while at the same time detects integer overflow.
>
> This patch replaces cases of:
>
> kmalloc(a * b, gfp)
>
> with:
> kmalloc_array(a * b, gfp)
I am afraid there is a problem here. The driver currently is a gross
violation of the DMA rules. Unfortunately your patch does not fix that.
That is on anyrhing other than x86 you cannot take the size of a
report,
but you must use the size of a cache line.
Regards
Oliver
next reply other threads:[~2018-08-27 9:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-27 9:13 Oliver Neukum [this message]
2018-08-27 9:13 ` [PATCH v2] usb: iowarrior: replace kmalloc with kmalloc_array Oliver Neukum
-- strict thread matches above, loose matches on Subject: below --
2018-08-23 17:44 [v2] " Gustavo A. R. Silva
2018-08-23 17:44 ` [PATCH v2] " Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1535361211.9321.6.camel@suse.com \
--to=oneukum@suse.com \
--cc=gregkh@linuxfoundation.org \
--cc=gustavo@embeddedor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.