Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2436367ybt; Tue, 16 Jun 2020 06:13:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwGLrVB2bywZbq9vaVa2V5y1S97XFF0urzgQ6LdKep6pCtJcu9TjKwzD67DxfwIlyOxqFev X-Received: by 2002:a05:6402:6d6:: with SMTP id n22mr2606389edy.362.1592313180634; Tue, 16 Jun 2020 06:13:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592313180; cv=none; d=google.com; s=arc-20160816; b=C7z+fl/D8cN1YtESn0sB76kDfDYZQ71mXziUsDPplngnb9e+Zpv8yGNzq1eJf33EEb g8jQQB2l97wYC5aWsh1dCXKX0D0ZHALCMzkJAZIlO2GlV1bMRMwymiX2wPBeTRd0s3Bt QbHECeFHWthXQaoV0m6qN3KPGychDF6KQj+fYAQe30aMOyykU7GBPWaXyi1/1eVW6mLO gp9jKVb93bUXQHwptMrK/VXvWETfS5MJTWfOWGOmK/N/pj9Fs1z7xO8FNtWDtEROJPe2 CKbJWjYdifY+7dGefw+TuzUYI7oZLJP2ruec3nYNy3lRhV5XkJ4ly5nl22kAnhIDFA0E fWHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject; bh=vF995GToKONrv0nlR6jcm3MhfBWp9AvhnDqNT890oAg=; b=XFyAhbRjpfhTxyeFxIsUpBzRGigA2KVV5UU99hpGb+0RrRJAy93uD28YAB7KUAePZf hTy0xXpmhVS3mW/p7/wHuvGTMolq+16iPHrLCxAbRNHGw9UH50ABxKlVjwpCKu82MFOL CyE0+HoYe/5DX+KdoVHoKK2gV7dyTzKsqZPFwWWEbon8gfEgCpIg2X0C5xtQxXuqoz6G vy1jhvROavMQWl1vbgnvGrF83KlQzc1ngOoymiywyNKEF5TfzNy873jD+Ag1Y5t+Sz18 Y+qqbhxnaVmy5xGiZsfsjwLDnQUeQCz3/Nh+n4x5iW/LlQt5nHhO8XZPfAolsfcQ/DH9 mjBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t5si10998589ejs.458.2020.06.16.06.12.33; Tue, 16 Jun 2020 06:13:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728809AbgFPNKe (ORCPT + 99 others); Tue, 16 Jun 2020 09:10:34 -0400 Received: from www62.your-server.de ([213.133.104.62]:45184 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726306AbgFPNKe (ORCPT ); Tue, 16 Jun 2020 09:10:34 -0400 Received: from sslproxy05.your-server.de ([78.46.172.2]) by www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from ) id 1jlBM0-0004aN-8w; Tue, 16 Jun 2020 15:10:16 +0200 Received: from [178.196.57.75] (helo=pc-9.home) by sslproxy05.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jlBLz-0004ar-ON; Tue, 16 Jun 2020 15:10:15 +0200 Subject: Re: [PATCH] [bpf] xdp_redirect_cpu_user: Fix null pointer dereference To: Gaurav Singh , Alexei Starovoitov , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , John Fastabend , KP Singh , "David S. Miller" , Jakub Kicinski , Jesper Dangaard Brouer , "open list:BPF (Safe dynamic programs and tools)" , "open list:BPF (Safe dynamic programs and tools)" , open list References: <20200614190434.31321-1-gaurav1086@gmail.com> From: Daniel Borkmann Message-ID: Date: Tue, 16 Jun 2020 15:10:14 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <20200614190434.31321-1-gaurav1086@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.102.3/25844/Mon Jun 15 15:06:22 2020) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/14/20 9:04 PM, Gaurav Singh wrote: > Memset() on the pointer right after malloc() can cause > a null pointer dereference if it failed to allocate memory. > Fix this by replacing malloc/memset with a single calloc(). > > Signed-off-by: Gaurav Singh Squashed all three same fixes into one and pushed to bpf, thanks! > @@ -222,11 +219,9 @@ static struct datarec *alloc_record_per_cpu(void) > static struct stats_record *alloc_stats_record(void) > { > struct stats_record *rec; > - int i, size; > + int i; > > - size = sizeof(*rec) + n_cpus * sizeof(struct record); > - rec = malloc(size); > - memset(rec, 0, size); > + rec = calloc(n_cpus + 1, sizeof(struct record)); For the record, this one is buggy, so I fixed it up as well. > if (!rec) { > fprintf(stderr, "Mem alloc error\n"); > exit(EXIT_FAIL_MEM); > Thanks, Daniel