From: Jonathan Cameron <jic23@kernel.org>
To: Yiyuan Guo <yguoaz@gmail.com>
Cc: tzungbi@kernel.org, lars@metafoo.de, bleung@chromium.org,
groeck@google.com, dianders@chromium.org,
mazziesaccount@gmail.com, gwendal@chromium.org,
linux-iio@vger.kernel.org, chrome-platform@lists.linux.dev
Subject: Re: [PATCH v3] iio: cros_ec: Fix the allocation size for cros_ec_command
Date: Sun, 16 Jul 2023 14:10:28 +0100 [thread overview]
Message-ID: <20230716141028.4c57c5c7@jic23-huawei> (raw)
In-Reply-To: <20230630143719.1513906-1-yguoaz@gmail.com>
On Fri, 30 Jun 2023 22:37:19 +0800
Yiyuan Guo <yguoaz@gmail.com> wrote:
> The struct cros_ec_command contains several integer fields and a
> trailing array. An allocation size neglecting the integer fields can
> lead to buffer overrun.
>
> Reviewed-by: Tzung-Bi Shih <tzungbi@kernel.org>
> Signed-off-by: Yiyuan Guo <yguoaz@gmail.com>
Hi. I'm sitting on this one for a couple of reasons.
1) No fixes tag (replying to this thread with one is fine)
2) Various people commented on earlier versions, and I'm waiting for them to confirm
they are fine with this version.
If I hear nothing in a few more weeks I'll try and figure out the
fixes tag + whether all the reviewer comments have been addressed.
Jonathan
> ---
> v2->v3:
> * Added R-b tag from Tzung-Bi Shih
> * Aligned the code by adding an extra tab before "max"
> * Added a patch changelog
> v1->v2: Prefixed the commit title with "iio: cros_ec:"
>
> drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c b/drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c
> index 943e9e14d1e9..b72d39fc2434 100644
> --- a/drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c
> +++ b/drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c
> @@ -253,7 +253,7 @@ int cros_ec_sensors_core_init(struct platform_device *pdev,
> platform_set_drvdata(pdev, indio_dev);
>
> state->ec = ec->ec_dev;
> - state->msg = devm_kzalloc(&pdev->dev,
> + state->msg = devm_kzalloc(&pdev->dev, sizeof(*state->msg) +
> max((u16)sizeof(struct ec_params_motion_sense),
> state->ec->max_response), GFP_KERNEL);
> if (!state->msg)
next prev parent reply other threads:[~2023-07-16 13:10 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-30 14:37 [PATCH v3] iio: cros_ec: Fix the allocation size for cros_ec_command Yiyuan Guo
2023-07-16 13:10 ` Jonathan Cameron [this message]
2023-07-16 13:55 ` yguoaz
2023-07-17 3:09 ` Tzung-Bi Shih
2023-07-18 9:37 ` Jonathan Cameron
2023-07-29 11:21 ` Jonathan Cameron
2023-09-11 4:31 ` patchwork-bot+chrome-platform
2023-09-11 4:49 ` patchwork-bot+chrome-platform
-- strict thread matches above, loose matches on Subject: below --
2023-06-30 7:36 [PATCH v2] " Tzung-Bi Shih
2023-06-30 8:31 ` [PATCH v3] " Yiyuan Guo
2023-06-30 14:06 ` Guenter Roeck
2023-06-30 14:42 ` yguoaz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230716141028.4c57c5c7@jic23-huawei \
--to=jic23@kernel.org \
--cc=bleung@chromium.org \
--cc=chrome-platform@lists.linux.dev \
--cc=dianders@chromium.org \
--cc=groeck@google.com \
--cc=gwendal@chromium.org \
--cc=lars@metafoo.de \
--cc=linux-iio@vger.kernel.org \
--cc=mazziesaccount@gmail.com \
--cc=tzungbi@kernel.org \
--cc=yguoaz@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox