| Message ID | 20180823174415.GA26008@embeddedor.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] usb: iowarrior: replace kmalloc with kmalloc_array | expand |
On Do, 2018-08-23 at 12:44 -0500, Gustavo A. R. Silva wrote: > A common flaw in the kernel is integer overflow during memory allocation > size calculations. In an effort to reduce the frequency of these bugs, > kmalloc_array was implemented, which allocates memory for an array, > while at the same time detects integer overflow. > > This patch replaces cases of: > > kmalloc(a * b, gfp) > > with: > kmalloc_array(a * b, gfp) I am afraid there is a problem here. The driver currently is a gross violation of the DMA rules. Unfortunately your patch does not fix that. That is on anyrhing other than x86 you cannot take the size of a report, but you must use the size of a cache line. Regards Oliver
diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c index c2991b8..ba05dd8 100644 --- a/drivers/usb/misc/iowarrior.c +++ b/drivers/usb/misc/iowarrior.c @@ -808,8 +808,8 @@ static int iowarrior_probe(struct usb_interface *interface, dev->int_in_endpoint->bInterval); /* create an internal buffer for interrupt data from the device */ dev->read_queue = - kmalloc(((dev->report_size + 1) * MAX_INTERRUPT_BUFFER), - GFP_KERNEL); + kmalloc_array(dev->report_size + 1, MAX_INTERRUPT_BUFFER, + GFP_KERNEL); if (!dev->read_queue) goto error; /* Get the serial-number of the chip */
A common flaw in the kernel is integer overflow during memory allocation size calculations. In an effort to reduce the frequency of these bugs, kmalloc_array was implemented, which allocates memory for an array, while at the same time detects integer overflow. This patch replaces cases of: kmalloc(a * b, gfp) with: kmalloc_array(a * b, gfp) Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> --- Changes in v2: - Align GFP_KERNEL to open parenthesis. drivers/usb/misc/iowarrior.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)