From: Kees Cook <keescook@chromium.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: "Kees Cook" <keescook@chromium.org>,
"Jesse Brandeburg" <jesse.brandeburg@intel.com>,
"Tony Nguyen" <anthony.l.nguyen@intel.com>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org, "Ruhl,
Michael J" <michael.j.ruhl@intel.com>,
"Hyeonggon Yoo" <42.hyeyoo@gmail.com>,
"Christoph Lameter" <cl@linux.com>,
"Pekka Enberg" <penberg@kernel.org>,
"David Rientjes" <rientjes@google.com>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Alex Elder" <elder@kernel.org>,
"Josef Bacik" <josef@toxicpanda.com>,
"David Sterba" <dsterba@suse.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Christian König" <christian.koenig@amd.com>,
"Daniel Micay" <danielmicay@gmail.com>,
"Yonghong Song" <yhs@fb.com>, "Marco Elver" <elver@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-btrfs@vger.kernel.org, linux-media@vger.kernel.org,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
linux-fsdevel@vger.kernel.org, dev@openvswitch.org,
x86@kernel.org, llvm@lists.linux.dev,
linux-hardening@vger.kernel.org
Subject: [PATCH v2 06/16] igb: Proactively round up to kmalloc bucket size
Date: Fri, 23 Sep 2022 13:28:12 -0700 [thread overview]
Message-ID: <20220923202822.2667581-7-keescook@chromium.org> (raw)
In-Reply-To: <20220923202822.2667581-1-keescook@chromium.org>
In preparation for removing the "silently change allocation size"
users of ksize(), explicitly round up all q_vector allocations so that
allocations can be correctly compared to ksize().
Additionally fix potential use-after-free in the case of new allocation
failure: only free memory if the replacement allocation succeeds.
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 2796e81d2726..eb51e531c096 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -1195,15 +1195,16 @@ static int igb_alloc_q_vector(struct igb_adapter *adapter,
return -ENOMEM;
ring_count = txr_count + rxr_count;
- size = struct_size(q_vector, ring, ring_count);
+ size = kmalloc_size_roundup(struct_size(q_vector, ring, ring_count));
/* allocate q_vector and rings */
q_vector = adapter->q_vector[v_idx];
if (!q_vector) {
q_vector = kzalloc(size, GFP_KERNEL);
} else if (size > ksize(q_vector)) {
- kfree_rcu(q_vector, rcu);
q_vector = kzalloc(size, GFP_KERNEL);
+ if (q_vector)
+ kfree_rcu(q_vector, rcu);
} else {
memset(q_vector, 0, size);
}
--
2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: llvm@lists.linux.dev, dri-devel@lists.freedesktop.org, "Ruhl,
Michael J" <michael.j.ruhl@intel.com>,
"Eric Dumazet" <edumazet@google.com>,
"Tony Nguyen" <anthony.l.nguyen@intel.com>,
linux-hardening@vger.kernel.org,
"Hyeonggon Yoo" <42.hyeyoo@gmail.com>,
"Christoph Lameter" <cl@linux.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
dev@openvswitch.org, x86@kernel.org,
"Jesse Brandeburg" <jesse.brandeburg@intel.com>,
intel-wired-lan@lists.osuosl.org,
"David Rientjes" <rientjes@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
linux-media@vger.kernel.org, "Marco Elver" <elver@google.com>,
"Kees Cook" <keescook@chromium.org>,
"Josef Bacik" <josef@toxicpanda.com>,
linaro-mm-sig@lists.linaro.org, "Yonghong Song" <yhs@fb.com>,
"David Sterba" <dsterba@suse.com>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Alex Elder" <elder@kernel.org>,
linux-mm@kvack.org,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
linux-kernel@vger.kernel.org,
"Christian König" <christian.koenig@amd.com>,
"Pekka Enberg" <penberg@kernel.org>,
"Daniel Micay" <danielmicay@gmail.com>,
netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org,
"Andrew Morton" <akpm@linux-foundation.org>,
"David S. Miller" <davem@davemloft.net>,
linux-btrfs@vger.kernel.org
Subject: [PATCH v2 06/16] igb: Proactively round up to kmalloc bucket size
Date: Fri, 23 Sep 2022 13:28:12 -0700 [thread overview]
Message-ID: <20220923202822.2667581-7-keescook@chromium.org> (raw)
In-Reply-To: <20220923202822.2667581-1-keescook@chromium.org>
In preparation for removing the "silently change allocation size"
users of ksize(), explicitly round up all q_vector allocations so that
allocations can be correctly compared to ksize().
Additionally fix potential use-after-free in the case of new allocation
failure: only free memory if the replacement allocation succeeds.
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 2796e81d2726..eb51e531c096 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -1195,15 +1195,16 @@ static int igb_alloc_q_vector(struct igb_adapter *adapter,
return -ENOMEM;
ring_count = txr_count + rxr_count;
- size = struct_size(q_vector, ring, ring_count);
+ size = kmalloc_size_roundup(struct_size(q_vector, ring, ring_count));
/* allocate q_vector and rings */
q_vector = adapter->q_vector[v_idx];
if (!q_vector) {
q_vector = kzalloc(size, GFP_KERNEL);
} else if (size > ksize(q_vector)) {
- kfree_rcu(q_vector, rcu);
q_vector = kzalloc(size, GFP_KERNEL);
+ if (q_vector)
+ kfree_rcu(q_vector, rcu);
} else {
memset(q_vector, 0, size);
}
--
2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: llvm@lists.linux.dev, dri-devel@lists.freedesktop.org, "Ruhl,
Michael J" <michael.j.ruhl@intel.com>,
"Eric Dumazet" <edumazet@google.com>,
linux-hardening@vger.kernel.org,
"Hyeonggon Yoo" <42.hyeyoo@gmail.com>,
"Christoph Lameter" <cl@linux.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
dev@openvswitch.org, x86@kernel.org,
intel-wired-lan@lists.osuosl.org,
"David Rientjes" <rientjes@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
linux-media@vger.kernel.org, "Marco Elver" <elver@google.com>,
"Kees Cook" <keescook@chromium.org>,
"Josef Bacik" <josef@toxicpanda.com>,
linaro-mm-sig@lists.linaro.org, "Yonghong Song" <yhs@fb.com>,
"David Sterba" <dsterba@suse.com>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Alex Elder" <elder@kernel.org>,
linux-mm@kvack.org,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
linux-kernel@vger.kernel.org,
"Christian König" <christian.koenig@amd.com>,
"Pekka Enberg" <penberg@kernel.org>,
"Daniel Micay" <danielmicay@gmail.com>,
netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org,
"Andrew Morton" <akpm@linux-foundation.org>,
"David S. Miller" <davem@davemloft.net>,
linux-btrfs@vger.kernel.org
Subject: [Intel-wired-lan] [PATCH v2 06/16] igb: Proactively round up to kmalloc bucket size
Date: Fri, 23 Sep 2022 13:28:12 -0700 [thread overview]
Message-ID: <20220923202822.2667581-7-keescook@chromium.org> (raw)
In-Reply-To: <20220923202822.2667581-1-keescook@chromium.org>
In preparation for removing the "silently change allocation size"
users of ksize(), explicitly round up all q_vector allocations so that
allocations can be correctly compared to ksize().
Additionally fix potential use-after-free in the case of new allocation
failure: only free memory if the replacement allocation succeeds.
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 2796e81d2726..eb51e531c096 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -1195,15 +1195,16 @@ static int igb_alloc_q_vector(struct igb_adapter *adapter,
return -ENOMEM;
ring_count = txr_count + rxr_count;
- size = struct_size(q_vector, ring, ring_count);
+ size = kmalloc_size_roundup(struct_size(q_vector, ring, ring_count));
/* allocate q_vector and rings */
q_vector = adapter->q_vector[v_idx];
if (!q_vector) {
q_vector = kzalloc(size, GFP_KERNEL);
} else if (size > ksize(q_vector)) {
- kfree_rcu(q_vector, rcu);
q_vector = kzalloc(size, GFP_KERNEL);
+ if (q_vector)
+ kfree_rcu(q_vector, rcu);
} else {
memset(q_vector, 0, size);
}
--
2.34.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
next prev parent reply other threads:[~2022-09-23 20:28 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-23 20:28 [PATCH v2 00/16] slab: Introduce kmalloc_size_roundup() Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 01/16] slab: Remove __malloc attribute from realloc functions Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-28 7:26 ` Geert Uytterhoeven
2022-09-28 7:26 ` [Intel-wired-lan] " Geert Uytterhoeven
2022-09-28 7:26 ` Geert Uytterhoeven
2022-09-28 16:27 ` Vlastimil Babka
2022-09-28 16:27 ` [Intel-wired-lan] " Vlastimil Babka
2022-09-28 16:27 ` Vlastimil Babka
2022-09-28 17:13 ` Kees Cook
2022-09-28 17:13 ` [Intel-wired-lan] " Kees Cook
2022-09-28 17:13 ` Kees Cook
2022-09-28 21:39 ` Vlastimil Babka
2022-09-28 21:39 ` [Intel-wired-lan] " Vlastimil Babka
2022-09-28 21:39 ` Vlastimil Babka
2022-09-29 8:36 ` Michael Ellerman
2022-09-29 8:36 ` [Intel-wired-lan] " Michael Ellerman
2022-09-29 8:36 ` Michael Ellerman
2022-09-29 9:00 ` Geert Uytterhoeven
2022-09-29 9:00 ` [Intel-wired-lan] " Geert Uytterhoeven
2022-09-29 9:00 ` Geert Uytterhoeven
2022-10-01 16:09 ` Hyeonggon Yoo
2022-10-01 16:09 ` [Intel-wired-lan] " Hyeonggon Yoo
2022-10-01 16:09 ` Hyeonggon Yoo
2022-09-23 20:28 ` [PATCH v2 02/16] slab: Introduce kmalloc_size_roundup() Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-26 13:15 ` Vlastimil Babka
2022-09-26 13:15 ` [Intel-wired-lan] " Vlastimil Babka
2022-09-26 13:15 ` Vlastimil Babka
2022-09-26 17:50 ` Kees Cook
2022-09-26 17:50 ` [Intel-wired-lan] " Kees Cook
2022-09-26 17:50 ` Kees Cook
2022-10-01 16:28 ` Hyeonggon Yoo
2022-10-01 16:28 ` [Intel-wired-lan] " Hyeonggon Yoo
2022-10-01 16:28 ` Hyeonggon Yoo
2022-09-23 20:28 ` [PATCH v2 03/16] skbuff: Proactively round up to kmalloc bucket size Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-24 9:11 ` Kees Cook
2022-09-24 9:11 ` [Intel-wired-lan] " Kees Cook
2022-09-24 9:11 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 04/16] skbuff: Phase out ksize() fallback for frag_size Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-25 7:17 ` Paolo Abeni
2022-09-25 7:17 ` [Intel-wired-lan] " Paolo Abeni
2022-09-25 7:17 ` Paolo Abeni
2022-09-26 0:41 ` Kees Cook
2022-09-26 0:41 ` [Intel-wired-lan] " Kees Cook
2022-09-26 0:41 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 05/16] net: ipa: Proactively round up to kmalloc bucket size Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` Kees Cook [this message]
2022-09-23 20:28 ` [Intel-wired-lan] [PATCH v2 06/16] igb: " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-26 15:49 ` Ruhl, Michael J
2022-09-26 15:49 ` [Intel-wired-lan] " Ruhl, Michael J
2022-09-26 15:49 ` Ruhl, Michael J
2022-09-23 20:28 ` [PATCH v2 07/16] btrfs: send: " Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 08/16] dma-buf: " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-26 9:29 ` [Linaro-mm-sig] " Christian König
2022-09-26 9:29 ` [Intel-wired-lan] " Christian König
2022-09-26 9:29 ` Christian König
2022-09-23 20:28 ` [PATCH v2 09/16] coredump: " Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 10/16] openvswitch: Use kmalloc_size_roundup() to match ksize() usage Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` [PATCH v2 11/16] bpf: " Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 12/16] devres: " Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 13/16] mempool: " Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-26 13:50 ` Vlastimil Babka
2022-09-26 13:50 ` [Intel-wired-lan] " Vlastimil Babka
2022-09-26 13:50 ` Vlastimil Babka
2022-09-26 18:24 ` Kees Cook
2022-09-26 18:24 ` [Intel-wired-lan] " Kees Cook
2022-09-26 18:24 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 14/16] kasan: Remove ksize()-related tests Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-24 8:15 ` Dmitry Vyukov
2022-09-24 8:15 ` [Intel-wired-lan] " Dmitry Vyukov
2022-09-24 8:15 ` Dmitry Vyukov
2022-09-26 0:38 ` Kees Cook
2022-09-26 0:38 ` [Intel-wired-lan] " Kees Cook
2022-09-26 0:38 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 15/16] mm: Make ksize() a reporting-only function Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
2022-09-23 20:28 ` [PATCH v2 16/16] slab: Restore __alloc_size attribute to __kmalloc_track_caller Kees Cook
2022-09-23 20:28 ` [Intel-wired-lan] " Kees Cook
2022-09-23 20:28 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220923202822.2667581-7-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=anthony.l.nguyen@intel.com \
--cc=christian.koenig@amd.com \
--cc=cl@linux.com \
--cc=danielmicay@gmail.com \
--cc=davem@davemloft.net \
--cc=dev@openvswitch.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=dsterba@suse.com \
--cc=edumazet@google.com \
--cc=elder@kernel.org \
--cc=elver@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jesse.brandeburg@intel.com \
--cc=josef@toxicpanda.com \
--cc=kuba@kernel.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=llvm@lists.linux.dev \
--cc=michael.j.ruhl@intel.com \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=pabeni@redhat.com \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=sumit.semwal@linaro.org \
--cc=vbabka@suse.cz \
--cc=x86@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.