LinuxLists.cc - [PATCH v2] firmware: microchip: Fix over-requested allocation size

2024-03-04 10:30:08

Subject: [PATCH v2] firmware: microchip: Fix over-requested allocation size

cocci warnings: (new ones prefixed by >>)
>> drivers/firmware/microchip/mpfs-auto-update.c:387:72-78:
ERROR: application of sizeof to pointer
drivers/firmware/microchip/mpfs-auto-update.c:170:72-78:
ERROR: application of sizeof to pointer

response_msg is a pointer to u32, so the size of element it points to is
supposed to be a multiple of sizeof(u32), rather than sizeof(u32 *).

Reported-by: kernel test robot <[email protected]>
Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
Signed-off-by: Dawei Li <[email protected]>
---

V1 -> V2:
sizeof(u32)->sizeof(*response_msg)

V1:
https://lore.kernel.org/lkml/[email protected]/

drivers/firmware/microchip/mpfs-auto-update.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/microchip/mpfs-auto-update.c b/drivers/firmware/microchip/mpfs-auto-update.c
index 682e417be5a3..fbeeaee4ac85 100644
--- a/drivers/firmware/microchip/mpfs-auto-update.c
+++ b/drivers/firmware/microchip/mpfs-auto-update.c
@@ -384,7 +384,8 @@ static int mpfs_auto_update_available(struct mpfs_auto_update_priv *priv)
u32 *response_msg;
int ret;

- response_msg = devm_kzalloc(priv->dev, AUTO_UPDATE_FEATURE_RESP_SIZE * sizeof(response_msg),
+ response_msg = devm_kzalloc(priv->dev,
+ AUTO_UPDATE_FEATURE_RESP_SIZE * sizeof(*response_msg),
GFP_KERNEL);
if (!response_msg)
return -ENOMEM;
--
2.27.0

2024-03-04 19:22:02

by Conor Dooley

[permalink] [raw]

Subject: Re: [PATCH v2] firmware: microchip: Fix over-requested allocation size

On Mon, Mar 04, 2024 at 06:16:53PM +0800, Dawei Li wrote:
> cocci warnings: (new ones prefixed by >>)
> >> drivers/firmware/microchip/mpfs-auto-update.c:387:72-78:
> ERROR: application of sizeof to pointer
> drivers/firmware/microchip/mpfs-auto-update.c:170:72-78:
> ERROR: application of sizeof to pointer
>
> response_msg is a pointer to u32, so the size of element it points to is
> supposed to be a multiple of sizeof(u32), rather than sizeof(u32 *).
>
> Reported-by: kernel test robot <[email protected]>
> Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
> Signed-off-by: Dawei Li <[email protected]>
> ---
>
> V1 -> V2:
> sizeof(u32)->sizeof(*response_msg)

Thanks for the quick respin. I'll send this as 6.9 material cos of the
proximity to the merge window and the fact that we just over-allocate
here. Thanks!

I added a Fixes: tag when I applied this, you should add those in the
future. I should've mentioned this earlier but forgot.

Thanks,
Conor.

https://git.kernel.org/conor/c/af1e0a7d39f98c0dea1b186a76fcee7da6a5f7bc

Attachments:

(No filename) (1.09 kB)
signature.asc (235.00 B)
Download all attachments