All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] usb: iowarrior: replace kmalloc with kmalloc_array
@ 2018-08-23 17:31 ` Gustavo A. R. Silva
  0 siblings, 0 replies; 7+ messages in thread
From: Gustavo A. R. Silva @ 2018-08-23 17:31 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-usb, linux-kernel, Kees Cook, Gustavo A. R. Silva

A common flaw in the kernel is integer overflow during memory allocation
size calculations. In an effort to reduce the frequency of these bugs,
kmalloc_array was implemented, which allocates memory for an array,
while at the same time detects integer overflow.

This patch replaces cases of:

kmalloc(a * b, gfp)

with:
	kmalloc_array(a * b, gfp)

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
 drivers/usb/misc/iowarrior.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index c2991b8..7a22400 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -808,7 +808,7 @@ static int iowarrior_probe(struct usb_interface *interface,
 			 dev->int_in_endpoint->bInterval);
 	/* create an internal buffer for interrupt data from the device */
 	dev->read_queue =
-	    kmalloc(((dev->report_size + 1) * MAX_INTERRUPT_BUFFER),
+	    kmalloc_array(dev->report_size + 1, MAX_INTERRUPT_BUFFER,
 		    GFP_KERNEL);
 	if (!dev->read_queue)
 		goto error;
-- 
2.7.4


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* usb: iowarrior: replace kmalloc with kmalloc_array
@ 2018-08-23 17:31 ` Gustavo A. R. Silva
  0 siblings, 0 replies; 7+ messages in thread
From: Gustavo A. R. Silva @ 2018-08-23 17:31 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-usb, linux-kernel, Kees Cook, Gustavo A. R. Silva

A common flaw in the kernel is integer overflow during memory allocation
size calculations. In an effort to reduce the frequency of these bugs,
kmalloc_array was implemented, which allocates memory for an array,
while at the same time detects integer overflow.

This patch replaces cases of:

kmalloc(a * b, gfp)

with:
	kmalloc_array(a * b, gfp)

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
 drivers/usb/misc/iowarrior.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index c2991b8..7a22400 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -808,7 +808,7 @@ static int iowarrior_probe(struct usb_interface *interface,
 			 dev->int_in_endpoint->bInterval);
 	/* create an internal buffer for interrupt data from the device */
 	dev->read_queue =
-	    kmalloc(((dev->report_size + 1) * MAX_INTERRUPT_BUFFER),
+	    kmalloc_array(dev->report_size + 1, MAX_INTERRUPT_BUFFER,
 		    GFP_KERNEL);
 	if (!dev->read_queue)
 		goto error;

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] usb: iowarrior: replace kmalloc with kmalloc_array
@ 2018-08-23 17:42   ` Gustavo A. R. Silva
  0 siblings, 0 replies; 7+ messages in thread
From: Gustavo A. R. Silva @ 2018-08-23 17:42 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-usb, linux-kernel, Kees Cook

Hi,

Please, drop this.

I'll align GFP_KERNEL and send v2.

Thanks
--
Gustavo

On 8/23/18 12:31 PM, Gustavo A. R. Silva wrote:
> A common flaw in the kernel is integer overflow during memory allocation
> size calculations. In an effort to reduce the frequency of these bugs,
> kmalloc_array was implemented, which allocates memory for an array,
> while at the same time detects integer overflow.
> 
> This patch replaces cases of:
> 
> kmalloc(a * b, gfp)
> 
> with:
> 	kmalloc_array(a * b, gfp)
> 
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
>  drivers/usb/misc/iowarrior.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
> index c2991b8..7a22400 100644
> --- a/drivers/usb/misc/iowarrior.c
> +++ b/drivers/usb/misc/iowarrior.c
> @@ -808,7 +808,7 @@ static int iowarrior_probe(struct usb_interface *interface,
>  			 dev->int_in_endpoint->bInterval);
>  	/* create an internal buffer for interrupt data from the device */
>  	dev->read_queue =
> -	    kmalloc(((dev->report_size + 1) * MAX_INTERRUPT_BUFFER),
> +	    kmalloc_array(dev->report_size + 1, MAX_INTERRUPT_BUFFER,
>  		    GFP_KERNEL);
>  	if (!dev->read_queue)
>  		goto error;
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* usb: iowarrior: replace kmalloc with kmalloc_array
@ 2018-08-23 17:42   ` Gustavo A. R. Silva
  0 siblings, 0 replies; 7+ messages in thread
From: Gustavo A. R. Silva @ 2018-08-23 17:42 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-usb, linux-kernel, Kees Cook

Hi,

Please, drop this.

I'll align GFP_KERNEL and send v2.

Thanks
---
Gustavo

On 8/23/18 12:31 PM, Gustavo A. R. Silva wrote:
> A common flaw in the kernel is integer overflow during memory allocation
> size calculations. In an effort to reduce the frequency of these bugs,
> kmalloc_array was implemented, which allocates memory for an array,
> while at the same time detects integer overflow.
> 
> This patch replaces cases of:
> 
> kmalloc(a * b, gfp)
> 
> with:
> 	kmalloc_array(a * b, gfp)
> 
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
>  drivers/usb/misc/iowarrior.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
> index c2991b8..7a22400 100644
> --- a/drivers/usb/misc/iowarrior.c
> +++ b/drivers/usb/misc/iowarrior.c
> @@ -808,7 +808,7 @@ static int iowarrior_probe(struct usb_interface *interface,
>  			 dev->int_in_endpoint->bInterval);
>  	/* create an internal buffer for interrupt data from the device */
>  	dev->read_queue =
> -	    kmalloc(((dev->report_size + 1) * MAX_INTERRUPT_BUFFER),
> +	    kmalloc_array(dev->report_size + 1, MAX_INTERRUPT_BUFFER,
>  		    GFP_KERNEL);
>  	if (!dev->read_queue)
>  		goto error;
>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] usb: iowarrior: replace kmalloc with kmalloc_array
  2018-08-23 17:31 ` Gustavo A. R. Silva
  (?)
  (?)
@ 2018-08-23 17:43 ` Kees Cook
  2018-08-23 17:51     ` Gustavo A. R. Silva
  -1 siblings, 1 reply; 7+ messages in thread
From: Kees Cook @ 2018-08-23 17:43 UTC (permalink / raw)
  To: Gustavo A. R. Silva; +Cc: Greg Kroah-Hartman, linux-usb, LKML

On Thu, Aug 23, 2018 at 10:31 AM, Gustavo A. R. Silva
<gustavo@embeddedor.com> wrote:
> A common flaw in the kernel is integer overflow during memory allocation
> size calculations. In an effort to reduce the frequency of these bugs,
> kmalloc_array was implemented, which allocates memory for an array,
> while at the same time detects integer overflow.
>
> This patch replaces cases of:
>
> kmalloc(a * b, gfp)
>
> with:
>         kmalloc_array(a * b, gfp)

nit: this should be "kmalloc_array(a, b, gfp)" (This was a typo from
my treewide commit message... :P)

> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
>  drivers/usb/misc/iowarrior.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
> index c2991b8..7a22400 100644
> --- a/drivers/usb/misc/iowarrior.c
> +++ b/drivers/usb/misc/iowarrior.c
> @@ -808,7 +808,7 @@ static int iowarrior_probe(struct usb_interface *interface,
>                          dev->int_in_endpoint->bInterval);
>         /* create an internal buffer for interrupt data from the device */
>         dev->read_queue =
> -           kmalloc(((dev->report_size + 1) * MAX_INTERRUPT_BUFFER),
> +           kmalloc_array(dev->report_size + 1, MAX_INTERRUPT_BUFFER,
>                     GFP_KERNEL);

For this patch with the commit log updated:

Reviewed-by: Kees Cook <keescook@chromium.org>

Thanks!

-Kees

-- 
Kees Cook
Pixel Security

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] usb: iowarrior: replace kmalloc with kmalloc_array
@ 2018-08-23 17:51     ` Gustavo A. R. Silva
  0 siblings, 0 replies; 7+ messages in thread
From: Gustavo A. R. Silva @ 2018-08-23 17:51 UTC (permalink / raw)
  To: Kees Cook; +Cc: Greg Kroah-Hartman, linux-usb, LKML



On 8/23/18 12:43 PM, Kees Cook wrote:
> On Thu, Aug 23, 2018 at 10:31 AM, Gustavo A. R. Silva
> <gustavo@embeddedor.com> wrote:
>> A common flaw in the kernel is integer overflow during memory allocation
>> size calculations. In an effort to reduce the frequency of these bugs,
>> kmalloc_array was implemented, which allocates memory for an array,
>> while at the same time detects integer overflow.
>>
>> This patch replaces cases of:
>>
>> kmalloc(a * b, gfp)
>>
>> with:
>>         kmalloc_array(a * b, gfp)
> 
> nit: this should be "kmalloc_array(a, b, gfp)" (This was a typo from
> my treewide commit message... :P)
> 

Oops... OK. V3 is on the way. :P

>> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
>> ---
>>  drivers/usb/misc/iowarrior.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
>> index c2991b8..7a22400 100644
>> --- a/drivers/usb/misc/iowarrior.c
>> +++ b/drivers/usb/misc/iowarrior.c
>> @@ -808,7 +808,7 @@ static int iowarrior_probe(struct usb_interface *interface,
>>                          dev->int_in_endpoint->bInterval);
>>         /* create an internal buffer for interrupt data from the device */
>>         dev->read_queue =
>> -           kmalloc(((dev->report_size + 1) * MAX_INTERRUPT_BUFFER),
>> +           kmalloc_array(dev->report_size + 1, MAX_INTERRUPT_BUFFER,
>>                     GFP_KERNEL);
> 
> For this patch with the commit log updated:
> 
> Reviewed-by: Kees Cook <keescook@chromium.org>
> 

Thanks!
--
Gustavo

^ permalink raw reply	[flat|nested] 7+ messages in thread

* usb: iowarrior: replace kmalloc with kmalloc_array
@ 2018-08-23 17:51     ` Gustavo A. R. Silva
  0 siblings, 0 replies; 7+ messages in thread
From: Gustavo A. R. Silva @ 2018-08-23 17:51 UTC (permalink / raw)
  To: Kees Cook; +Cc: Greg Kroah-Hartman, linux-usb, LKML

On 8/23/18 12:43 PM, Kees Cook wrote:
> On Thu, Aug 23, 2018 at 10:31 AM, Gustavo A. R. Silva
> <gustavo@embeddedor.com> wrote:
>> A common flaw in the kernel is integer overflow during memory allocation
>> size calculations. In an effort to reduce the frequency of these bugs,
>> kmalloc_array was implemented, which allocates memory for an array,
>> while at the same time detects integer overflow.
>>
>> This patch replaces cases of:
>>
>> kmalloc(a * b, gfp)
>>
>> with:
>>         kmalloc_array(a * b, gfp)
> 
> nit: this should be "kmalloc_array(a, b, gfp)" (This was a typo from
> my treewide commit message... :P)
> 

Oops... OK. V3 is on the way. :P

>> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
>> ---
>>  drivers/usb/misc/iowarrior.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
>> index c2991b8..7a22400 100644
>> --- a/drivers/usb/misc/iowarrior.c
>> +++ b/drivers/usb/misc/iowarrior.c
>> @@ -808,7 +808,7 @@ static int iowarrior_probe(struct usb_interface *interface,
>>                          dev->int_in_endpoint->bInterval);
>>         /* create an internal buffer for interrupt data from the device */
>>         dev->read_queue =
>> -           kmalloc(((dev->report_size + 1) * MAX_INTERRUPT_BUFFER),
>> +           kmalloc_array(dev->report_size + 1, MAX_INTERRUPT_BUFFER,
>>                     GFP_KERNEL);
> 
> For this patch with the commit log updated:
> 
> Reviewed-by: Kees Cook <keescook@chromium.org>
> 

Thanks!
---
Gustavo

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2018-08-23 18:07 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-23 17:31 [PATCH] usb: iowarrior: replace kmalloc with kmalloc_array Gustavo A. R. Silva
2018-08-23 17:31 ` Gustavo A. R. Silva
2018-08-23 17:42 ` [PATCH] " Gustavo A. R. Silva
2018-08-23 17:42   ` Gustavo A. R. Silva
2018-08-23 17:43 ` [PATCH] " Kees Cook
2018-08-23 17:51   ` Gustavo A. R. Silva
2018-08-23 17:51     ` Gustavo A. R. Silva

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.