[PATCH v2] staging: vc04_services: rework ioctl code path
Michael Zoran
mzoran at crowfest.net
Mon Nov 14 10:28:38 PST 2016
On Mon, 2016-11-14 at 12:48 +0300, Dan Carpenter wrote:
> On Thu, Nov 10, 2016 at 10:15:31PM -0800, Michael Zoran wrote:
> > +static void *
> > +vchiq_ioctl_kmalloc(struct vchiq_ioctl_call_context *ctxt, size_t
> > size)
> > +{
> > + void *mem;
> > +
> > + if (!ctxt->stackmem_used && size < sizeof(ctxt->stackmem))
> > {
> > + ctxt->stackmem_used = true;
> > + return ctxt->stackmem;
> > + }
> > +
> > + mem = kmalloc(size + sizeof(void *), GFP_KERNEL);
>
> This is a potential integer overflow leading to corruption. I don't
> understand why we need this complicated memory management anyway...
>
You could be right. This patch was very large and it hasn't received
the review that it probably should get. Also the checkpatch.pl
utility is complaining about obsolete kernel functionality that the old
code had and I really don't have the time to redo.
Perhaps the entire patch should be removed from consideration until I
can possibly work out a V3?
> > + if (!mem)
> > + return NULL;
> > +
> > + *(void **)mem = ctxt->prev_kmalloc;
> > + ctxt->prev_kmalloc = mem;
> > +
> > + return mem + sizeof(void *);
> > +}
>
> regards,
> dan carpenter
More information about the linux-rpi-kernel
mailing list