On Mon, Jul 2, 2018 at 2:41 PM, Richard Weinberger <richard@xxxxxx> wrote: > Am Montag, 2. Juli 2018, 20:27:00 CEST schrieb Kees Cook: >> > Let's queue another patch for the next merge window which converts >> > kmalloc() -> kmalloc_array(). >> >> I'd prefer to leave it as-is for 4.18 because it would be the only >> unconverted kmalloc()-with-multiplication in the entire tree. We did >> treewide conversions and a revert would be undoing that here. (The >> scripts that check for this case would run "clean" for 4.18.) >> >> So, this gets back to the question of the int vs u32: if you just >> didn't revert this patch, then the kmalloc_array() would stand too. >> Easy! :) > > I can queue the kmalloc_array() conversion on top of the revert. > But TBH, using kmalloc_array() here is just ridiculous, we allocate > dn->size times 2 where dn->size is at most 4k. Right, I don't think this spot still suddenly become vulnerable again, but it'll generate the same machine code (since one arg is a constant value), and then static checkers never have to flag on it again. :) Thanks! -Kees -- Kees Cook Pixel Security