[PATCH v2] staging: vc04_services: rework ioctl code path

Michael Zoran mzoran at crowfest.net
Mon Nov 14 10:28:38 PST 2016


On Mon, 2016-11-14 at 12:48 +0300, Dan Carpenter wrote:
> On Thu, Nov 10, 2016 at 10:15:31PM -0800, Michael Zoran wrote:
> > +static void *
> > +vchiq_ioctl_kmalloc(struct vchiq_ioctl_call_context *ctxt, size_t
> > size)
> > +{
> > +	void *mem;
> > +
> > +	if (!ctxt->stackmem_used && size < sizeof(ctxt->stackmem)) 
> > {
> > +		ctxt->stackmem_used = true;
> > +		return ctxt->stackmem;
> > +	}
> > +
> > +	mem = kmalloc(size + sizeof(void *), GFP_KERNEL);
> 
> This is a potential integer overflow leading to corruption.  I don't
> understand why we need this complicated memory management anyway...
> 

You could be right.  This patch was very large and it hasn't received
the review that it probably should get.   Also the checkpatch.pl
utility is complaining about obsolete kernel functionality that the old
code had and I really don't have the time to redo.

Perhaps the entire patch should be removed from consideration until I
can possibly work out a V3?

> > +	if (!mem)
> > +		return NULL;
> > +
> > +	*(void **)mem = ctxt->prev_kmalloc;
> > +	ctxt->prev_kmalloc = mem;
> > +
> > +	return mem + sizeof(void *);
> > +}
> 
> regards,
> dan carpenter



More information about the linux-rpi-kernel mailing list