From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
To: kovalev@altlinux.org, keescook@chromium.org
Cc: arnd@arndb.de, bryantan@vmware.com, darren.kenny@oracle.com,
error27@gmail.com, gregkh@linuxfoundation.org,
gustavoars@kernel.org, linux-hardening@vger.kernel.org,
linux-kernel@vger.kernel.org, pv-drivers@vmware.com,
syzkaller@googlegroups.com, vdasa@vmware.com,
vegard.nossum@oracle.com, nickel@altlinux.org,
oficerovas@altlinux.org, dutyrok@altlinux.org
Subject: Re: [PATCH v2 2/2] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Date: Fri, 16 Feb 2024 13:05:35 +0530 [thread overview]
Message-ID: <3c2801be-acb6-4e6b-95e2-5bebe834c258@oracle.com> (raw)
In-Reply-To: <20240111125330.53853-1-kovalev@altlinux.org>
Hi Kovalev,
On 11/01/24 6:23 pm, kovalev@altlinux.org wrote:
> Hello, I was also working on solving this problem
> https://lore.kernel.org/lkml/20240110104042.31865-1-kovalev@altlinux.org/T/#t.
>
> Please note that there are 2 such places in the code, and by analogy with your
> version of the changes, including changes in the approach to calculating the
> size of the allocated memory, additional changes on top of your changes will
> be as follows:
>
> diff --git a/drivers/misc/vmw_vmci/vmci_datagram.c b/drivers/misc/vmw_vmci/vmci_datagram.c
> index ba379cd6d054bd..1a50fcea681bf8 100644
> --- a/drivers/misc/vmw_vmci/vmci_datagram.c
> +++ b/drivers/misc/vmw_vmci/vmci_datagram.c
> @@ -369,8 +369,9 @@ int vmci_datagram_invoke_guest_handler(struct vmci_datagram *dg)
> if (dst_entry->run_delayed) {
> struct delayed_datagram_info *dg_info;
>
> - dg_info = kmalloc(sizeof(*dg_info) + (size_t)dg->payload_size,
> + dg_info = kmalloc(struct_size(dg_info, msg_payload, dg->payload_size),
> GFP_ATOMIC);
> +
> if (!dg_info) {
> vmci_resource_put(resource);
> return VMCI_ERROR_NO_MEM;
> @@ -378,7 +379,9 @@ int vmci_datagram_invoke_guest_handler(struct vmci_datagram *dg)
>
> dg_info->in_dg_host_queue = false;
> dg_info->entry = dst_entry;
> - memcpy(&dg_info->msg, dg, VMCI_DG_SIZE(dg));
> + dg_info->msg = *dg;
> + memcpy(&dg_info->msg_payload, dg + 1, dg->payload_size);
> +
>
> INIT_WORK(&dg_info->work, dg_delayed_dispatch);
> schedule_work(&dg_info->work);
I think you need to send a separate patch/patches for this.
[linux-next]$ git describe
next-20240216
[linux-next]$ git log --oneline drivers/misc/vmw_vmci/vmci_datagram.c
19b070fefd0d VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
e03d4910e6e4 VMCI: Use struct_size() in kmalloc()
I see that the two patches I sent are applied by Kees and are in linux-next.
I am thinking if we can reproduce the above WARNING in
vmci_datagram_invoke_guest_handler() by modifying the C reproducer
generated by Syzkaller for dg_dispatch_as_host()
Thanks,
Harshit
next prev parent reply other threads:[~2024-02-16 7:35 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-05 16:39 [PATCH v2 1/2] VMCI: Use struct_size() in kmalloc() Harshit Mogalapalli
2024-01-05 16:40 ` [PATCH v2 2/2] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Harshit Mogalapalli
2024-01-05 17:11 ` Gustavo A. R. Silva
2024-01-08 7:33 ` Dan Carpenter
2024-01-08 17:03 ` Gustavo A. R. Silva
2024-01-08 17:31 ` Harshit Mogalapalli
2024-01-08 17:38 ` Gustavo A. R. Silva
2024-01-08 18:36 ` Dan Carpenter
2024-01-08 19:21 ` Gustavo A. R. Silva
2024-01-08 22:37 ` Kees Cook
2024-01-09 2:05 ` Gustavo A. R. Silva
2024-01-09 9:07 ` Dan Carpenter
2024-01-09 12:31 ` Gustavo A. R. Silva
2024-01-09 13:22 ` Dan Carpenter
2024-01-09 14:35 ` Gustavo A. R. Silva
2024-01-11 0:03 ` Kees Cook
2024-01-11 7:15 ` Dan Carpenter
2024-01-11 18:13 ` Kees Cook
2024-01-12 5:35 ` Dan Carpenter
2024-01-11 12:53 ` kovalev
2024-02-16 7:35 ` Harshit Mogalapalli [this message]
2024-01-05 16:57 ` [PATCH v2 1/2] VMCI: Use struct_size() in kmalloc() Gustavo A. R. Silva
2024-01-08 22:28 ` Kees Cook
2024-02-01 18:06 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3c2801be-acb6-4e6b-95e2-5bebe834c258@oracle.com \
--to=harshit.m.mogalapalli@oracle.com \
--cc=arnd@arndb.de \
--cc=bryantan@vmware.com \
--cc=darren.kenny@oracle.com \
--cc=dutyrok@altlinux.org \
--cc=error27@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=gustavoars@kernel.org \
--cc=keescook@chromium.org \
--cc=kovalev@altlinux.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nickel@altlinux.org \
--cc=oficerovas@altlinux.org \
--cc=pv-drivers@vmware.com \
--cc=syzkaller@googlegroups.com \
--cc=vdasa@vmware.com \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox