From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
Mike Marshall <hubcap@omnibond.com>
Subject: [PATCH 5.15 03/28] orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
Date: Tue, 18 Jan 2022 17:05:49 +0100 [thread overview]
Message-ID: <20220118160451.986308939@linuxfoundation.org> (raw)
In-Reply-To: <20220118160451.879092022@linuxfoundation.org>
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit 40a74870b2d1d3d44e13b3b73c6571dd34f5614d upstream.
'buffer_index_array' really looks like a bitmap. So it should be allocated
as such.
When kzalloc is called, a number of bytes is expected, but a number of
longs is passed instead.
In get(), if not enough memory is allocated, un-allocated memory may be
read or written.
So use bitmap_zalloc() to safely allocate the correct memory size and
avoid un-expected behavior.
While at it, change the corresponding kfree() into bitmap_free() to keep
the semantic.
Fixes: ea2c9c9f6574 ("orangefs: bufmap rewrite")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/orangefs/orangefs-bufmap.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/fs/orangefs/orangefs-bufmap.c
+++ b/fs/orangefs/orangefs-bufmap.c
@@ -176,7 +176,7 @@ orangefs_bufmap_free(struct orangefs_buf
{
kfree(bufmap->page_array);
kfree(bufmap->desc_array);
- kfree(bufmap->buffer_index_array);
+ bitmap_free(bufmap->buffer_index_array);
kfree(bufmap);
}
@@ -226,8 +226,7 @@ orangefs_bufmap_alloc(struct ORANGEFS_de
bufmap->desc_size = user_desc->size;
bufmap->desc_shift = ilog2(bufmap->desc_size);
- bufmap->buffer_index_array =
- kzalloc(DIV_ROUND_UP(bufmap->desc_count, BITS_PER_LONG), GFP_KERNEL);
+ bufmap->buffer_index_array = bitmap_zalloc(bufmap->desc_count, GFP_KERNEL);
if (!bufmap->buffer_index_array)
goto out_free_bufmap;
@@ -250,7 +249,7 @@ orangefs_bufmap_alloc(struct ORANGEFS_de
out_free_desc_array:
kfree(bufmap->desc_array);
out_free_index_array:
- kfree(bufmap->buffer_index_array);
+ bitmap_free(bufmap->buffer_index_array);
out_free_bufmap:
kfree(bufmap);
out:
next prev parent reply other threads:[~2022-01-18 16:10 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 16:05 [PATCH 5.15 00/28] 5.15.16-rc1 review Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 01/28] devtmpfs regression fix: reconfigure on each mount Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 02/28] drm/amd/display: explicitly set is_dsc_supported to false before use Greg Kroah-Hartman
2022-01-18 16:05 ` Greg Kroah-Hartman [this message]
2022-01-18 16:05 ` [PATCH 5.15 04/28] remoteproc: qcom: pil_info: Dont memcpy_toio more than is provided Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 05/28] vfs: fs_context: fix up param length parsing in legacy_parse_param Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 06/28] perf: Protect perf_guest_cbs with RCU Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 07/28] KVM: x86: Register perf callbacks after calling vendors hardware_setup() Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 08/28] KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 09/28] KVM: x86: dont print when fail to read/write pv eoi memory Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 10/28] KVM: s390: Clarify SIGP orders versus STOP/RESTART Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 11/28] remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 12/28] 9p: only copy valid iattrs in 9P2000.L setattr implementation Greg Kroah-Hartman
2022-01-18 16:05 ` [PATCH 5.15 13/28] video: vga16fb: Only probe for EGA and VGA 16 color graphic cards Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 14/28] media: uvcvideo: fix division by zero at stream start Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 15/28] rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 16/28] firmware: qemu_fw_cfg: fix sysfs information leak Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 17/28] firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 18/28] firmware: qemu_fw_cfg: fix kobject leak in probe error path Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 19/28] perf annotate: Avoid TUI crash when navigating in the annotation of recursive functions Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 20/28] KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 21/28] ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 22/28] ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP laptop Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 23/28] ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 24/28] ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 25/28] ALSA: hda/tegra: Fix Tegra194 HDA reset failure Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 26/28] ALSA: hda/realtek: Add quirk for Legion Y9000X 2020 Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 27/28] ALSA: hda/realtek: Re-order quirk entries for Lenovo Greg Kroah-Hartman
2022-01-18 16:06 ` [PATCH 5.15 28/28] mtd: fixup CFI on ixp4xx Greg Kroah-Hartman
2022-01-18 19:39 ` [PATCH 5.15 00/28] 5.15.16-rc1 review Florian Fainelli
2022-01-18 20:49 ` Jon Hunter
2022-01-18 22:22 ` Shuah Khan
2022-01-19 2:16 ` Ron Economos
2022-01-19 10:21 ` Naresh Kamboju
2022-01-20 1:48 ` Guenter Roeck
2022-01-22 0:29 ` Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220118160451.986308939@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=christophe.jaillet@wanadoo.fr \
--cc=hubcap@omnibond.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.