From: Erick Archer <erick.archer@gmx.com>
To: Dan Carpenter <dan.carpenter@linaro.org>
Cc: Erick Archer <erick.archer@gmx.com>,
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>,
Jeffrey Hugo <quic_jhugo@quicinc.com>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
linux-arm-msm@vger.kernel.org, mhi@lists.linux.dev,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] bus: mhi: ep: Use kcalloc() instead of kzalloc()
Date: Fri, 2 Feb 2024 18:48:17 +0100 [thread overview]
Message-ID: <20240202174817.GA4528@titan> (raw)
In-Reply-To: <3b175cb6-fcbe-4521-b6ac-442c8a11c297@moroto.mountain>
Hi Dan,
On Mon, Jan 29, 2024 at 08:20:26AM +0300, Dan Carpenter wrote:
> On Sun, Jan 28, 2024 at 11:29:33AM +0100, Erick Archer wrote:
> > > It's a bit concerning that ->event_rings is set multiple times, but only
> > > allocated one time. It's either unnecessary or there is a potential
> > > memory corruption bug. If it's really necessary then there should be a
> > > check that the new size is <= the size of the original buffer that we
> > > allocated.
> >
> > The ->event_rings is set twice. In the mhi_ep_mmio_init function and in
> > the mhi_ep_mmio_update_ner function.
> >
>
> It's not about the type.
>
> The event_rings struct member is the number of elements in the
> mhi_cntrl->mhi_event array. However, we ->event_rings without
> re-allocating mhi_cntrl->mhi_event so those are not in sync any more.
> So since we don't know the number of elements in the mhi_cntrl->mhi_event
> array leading to memory corruption.
Thanks for this clarification. Now I understand what you are explaining
to me.
Regards,
Erick
next prev parent reply other threads:[~2024-02-02 17:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-20 15:25 [PATCH] bus: mhi: ep: Use kcalloc() instead of kzalloc() Erick Archer
2024-01-22 7:15 ` Dan Carpenter
2024-01-28 10:29 ` Erick Archer
2024-01-29 5:20 ` Dan Carpenter
2024-02-02 17:48 ` Erick Archer [this message]
2024-01-30 8:34 ` Manivannan Sadhasivam
2024-01-22 17:50 ` Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240202174817.GA4528@titan \
--to=erick.archer@gmx.com \
--cc=dan.carpenter@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=gustavoars@kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=manivannan.sadhasivam@linaro.org \
--cc=mhi@lists.linux.dev \
--cc=quic_jhugo@quicinc.com \
--cc=rafael@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.