diff mbox

crypto: zip - Memory corruption in zip_clear_stats()

Message ID 20170317204621.GD16505@mwanda (mailing list archive)
State Accepted
Delegated to: Herbert Xu
Headers show

Commit Message

Dan Carpenter March 17, 2017, 8:46 p.m. UTC 
There is a typo here.  It should be "stats" instead of "state".  The
impact is that we clear 224 bytes instead of 80 and we zero out memory
that we shouldn't.

Fixes: 09ae5d37e093 ("crypto: zip - Add Compression/Decompression statistics")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Comments

Walter Harms March 18, 2017, 10:24 a.m. UTC | #1 
Am 17.03.2017 21:46, schrieb Dan Carpenter:
> There is a typo here.  It should be "stats" instead of "state".  The
> impact is that we clear 224 bytes instead of 80 and we zero out memory
> that we shouldn't.
> 
> Fixes: 09ae5d37e093 ("crypto: zip - Add Compression/Decompression statistics")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/crypto/cavium/zip/zip_main.c b/drivers/crypto/cavium/zip/zip_main.c
> index 0951e20b395b..6ff13d80d82e 100644
> --- a/drivers/crypto/cavium/zip/zip_main.c
> +++ b/drivers/crypto/cavium/zip/zip_main.c
> @@ -530,7 +530,7 @@ static int zip_clear_stats(struct seq_file *s, void *unused)
>  	for (index = 0; index < MAX_ZIP_DEVICES; index++) {
>  		if (zip_dev[index]) {
>  			memset(&zip_dev[index]->stats, 0,
> -			       sizeof(struct zip_state));
> +			       sizeof(struct zip_stats));


as future FIXME some show find a name that differ in more than just the last char.
NTL maybe
 sizeof(zip_dev[index]->stats)
can be used here ?

re,
 wh

>  			seq_printf(s, "Cleared stats for zip %d\n", index);
>  		}
>  	}
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
Dan Carpenter March 18, 2017, 10:59 a.m. UTC | #2 
On Sat, Mar 18, 2017 at 11:24:34AM +0100, walter harms wrote:
> 
> 
> Am 17.03.2017 21:46, schrieb Dan Carpenter:
> > There is a typo here.  It should be "stats" instead of "state".  The
> > impact is that we clear 224 bytes instead of 80 and we zero out memory
> > that we shouldn't.
> > 
> > Fixes: 09ae5d37e093 ("crypto: zip - Add Compression/Decompression statistics")
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > 
> > diff --git a/drivers/crypto/cavium/zip/zip_main.c b/drivers/crypto/cavium/zip/zip_main.c
> > index 0951e20b395b..6ff13d80d82e 100644
> > --- a/drivers/crypto/cavium/zip/zip_main.c
> > +++ b/drivers/crypto/cavium/zip/zip_main.c
> > @@ -530,7 +530,7 @@ static int zip_clear_stats(struct seq_file *s, void *unused)
> >  	for (index = 0; index < MAX_ZIP_DEVICES; index++) {
> >  		if (zip_dev[index]) {
> >  			memset(&zip_dev[index]->stats, 0,
> > -			       sizeof(struct zip_state));
> > +			       sizeof(struct zip_stats));
> 
> 
> as future FIXME some show find a name that differ in more than just the last char.
> NTL maybe
>  sizeof(zip_dev[index]->stats)
> can be used here ?

That's sort of unweildy.  I don't fear that change because I'm confident
I would catch it with static analysis.

regards,
dan carpenter
Mahipal Challa March 20, 2017, 2:22 p.m. UTC | #3 
On Sat, Mar 18, 2017 at 4:29 PM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> On Sat, Mar 18, 2017 at 11:24:34AM +0100, walter harms wrote:
>>
>>
>> Am 17.03.2017 21:46, schrieb Dan Carpenter:
>> > There is a typo here.  It should be "stats" instead of "state".  The
>> > impact is that we clear 224 bytes instead of 80 and we zero out memory
>> > that we shouldn't.

Thank you Dan for identifying the issue. Yes there is a typo and it needs a fix.


>> > Fixes: 09ae5d37e093 ("crypto: zip - Add Compression/Decompression statistics")
>> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>> >
>> > diff --git a/drivers/crypto/cavium/zip/zip_main.c b/drivers/crypto/cavium/zip/zip_main.c
>> > index 0951e20b395b..6ff13d80d82e 100644
>> > --- a/drivers/crypto/cavium/zip/zip_main.c
>> > +++ b/drivers/crypto/cavium/zip/zip_main.c
>> > @@ -530,7 +530,7 @@ static int zip_clear_stats(struct seq_file *s, void *unused)
>> >     for (index = 0; index < MAX_ZIP_DEVICES; index++) {
>> >             if (zip_dev[index]) {
>> >                     memset(&zip_dev[index]->stats, 0,
>> > -                          sizeof(struct zip_state));
>> > +                          sizeof(struct zip_stats));

Yes this resolves the issue.
Thanks for this fix.
Mahipal

>>
>> as future FIXME some show find a name that differ in more than just the last char.
>> NTL maybe
>>  sizeof(zip_dev[index]->stats)
>> can be used here ?
>
> That's sort of unweildy.  I don't fear that change because I'm confident
> I would catch it with static analysis.
>
> regards,
> dan carpenter
>
Herbert Xu March 24, 2017, 2:14 p.m. UTC | #4 
On Fri, Mar 17, 2017 at 11:46:21PM +0300, Dan Carpenter wrote:
> There is a typo here.  It should be "stats" instead of "state".  The
> impact is that we clear 224 bytes instead of 80 and we zero out memory
> that we shouldn't.
> 
> Fixes: 09ae5d37e093 ("crypto: zip - Add Compression/Decompression statistics")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Patch applied.  Thanks.
diff mbox

Patch

diff --git a/drivers/crypto/cavium/zip/zip_main.c b/drivers/crypto/cavium/zip/zip_main.c
index 0951e20b395b..6ff13d80d82e 100644
--- a/drivers/crypto/cavium/zip/zip_main.c
+++ b/drivers/crypto/cavium/zip/zip_main.c
@@ -530,7 +530,7 @@  static int zip_clear_stats(struct seq_file *s, void *unused)
 	for (index = 0; index < MAX_ZIP_DEVICES; index++) {
 		if (zip_dev[index]) {
 			memset(&zip_dev[index]->stats, 0,
-			       sizeof(struct zip_state));
+			       sizeof(struct zip_stats));
 			seq_printf(s, "Cleared stats for zip %d\n", index);
 		}
 	}