Re: Input issues in current -git?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jul 18, 2018 at 12:00 PM, Dmitry Torokhov
<dmitry.torokhov@xxxxxxxxx> wrote:
> On Wed, Jul 18, 2018 at 1:01 PM Linus Torvalds
> <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>>
>> On Wed, Jul 18, 2018 at 9:52 AM Dmitry Torokhov
>> <dmitry.torokhov@xxxxxxxxx> wrote:
>> >
>> > OK, I see it, it is busted conversion to struct_size(). The macro
>> > expects that the array is an array of pointers, whereas in input leds
>> > helper we have an array of real structs, and struct_size() calculates
>> > too small size for them.
>>
>> Which one exactly?
>
> Hmm, might be I am full of crap. I'll blame it on the fact that I'm
> flying trying to get home since Monday Europe time.
>
> I still suspect that conversion though as it is the only thing that
> changed in input-leds.c in the last few releases.

Hi, based on the thread, it sounds like this was a false alarm?
Regardless, I thought I'd take a close look at the conversion again,
just to be sure.

static inline __must_check size_t __ab_c_size(size_t n, size_t size, size_t c)
{
        size_t bytes;

        if (check_mul_overflow(n, size, &bytes))
                return SIZE_MAX;
        if (check_add_overflow(bytes, c, &bytes))
                return SIZE_MAX;

        return bytes;
}
...
#define struct_size(p, member, n)                                       \
        __ab_c_size(n,                                                  \
                    sizeof(*(p)->member) + __must_be_array((p)->member),\
                    sizeof(*(p)))
...
struct input_leds {
        struct input_handle handle;
        unsigned int num_leds;
        struct input_led leds[];
};
...
        struct input_leds *leds;
...
-       leds = kzalloc(sizeof(*leds) + num_leds * sizeof(*leds->leds),
-                      GFP_KERNEL);
+       leds = kzalloc(struct_size(leds, leds, num_leds), GFP_KERNEL);

The removed is:

sizeof(struct input_leds) +
num_leds * sizeof(struct input_led)

The added is:

c == sizeof(*(leds)) == sizeof(struct input_leds)
n == num_leds
size == sizeof(*(leds)->leds) == sizeof(struct input_led)

calculated (via check_mul_overflow() and check_add_overflow()) as:

c +
n * size

this should be the same result in both cases. The overflow selftests
also continue to check out, so I think this is all good.

If a revert of that change does actually fix it, though... I want to know! :P

-Kees

-- 
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media Devel]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Linux Wireless Networking]     [Linux Omap]

  Powered by Linux