Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp5491874pxb; Mon, 7 Feb 2022 03:20:23 -0800 (PST) X-Google-Smtp-Source: ABdhPJxsdP2jUt6j86XNb90L4oj9CzYd3nE4WHYnNsnBGSpB3bhGHBif84jQmpSrWXqRKwhn83ER X-Received: by 2002:a05:6402:228e:: with SMTP id cw14mr13141448edb.378.1644232822821; Mon, 07 Feb 2022 03:20:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644232822; cv=none; d=google.com; s=arc-20160816; b=qAVcgfYs1DlMFXPcitSnvvkAZxhG4XL7UWXdP1Y/yp+U3QdlleWQUTP0OnwCu3ppNM IQk6iJRzdpaOXwOFBq/51edHNAELpbn988GxHzPqyYsM33Dp+Zd+LDO8MJgmNoJQOa2X W3Y8dj7ZdDID4oWHNL+wWRKZSw6pDgmGNvXZJDGxjGnA3zbxY8tHEYCLn8EdG9+IN2Xm ThNJlXARSoAFxHd0PVKKNglRXI1++PQE4T2WOB0vptX+XppLx1JMiPDGVee6euL+K3Bj xyG23G+SemCVJVrIbfDPr2uhk09R0CYADf55E9veu3aVkBXmbu1behLQxfqaLOuUWFJ1 By+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:thread-index:thread-topic :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date; bh=C/ek9ppfsH+tYgoIis6r16NIYdvIIRz2X69QhfvuAC4=; b=r3NVdRHDRWjVGcrmu2EDRTa6DASDgtYKsjI2/PkdzW7qeYlz1godT6qQ+0EwGVOVP+ Xt/NKkW56I9hT9eLv0HcN4rJVd8H8/PMqojYT5ZUlWkVy8cQ+k0vpvj56qaHxMp+z4ZJ r+jPPhxZqHcJBKy70L5/0mXLtEzeOqtTFbgFbCiT1Pls2hBgzktQeSNSkeMIsccX5rCj bKqgFEA8fPC5Q6Qeqq/FO+O+x1tPhl4XLp0MjLSZTAkM+thYEwV/b0G2VHeqMcJdiNhK 9jPKrtNxAXYXvdDnDUVQFXMC1N9eZEQ7rit/i7ZDT0gvb6tivDtIqGWr8FN6M9GHX/DJ J0vA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y7si895549edw.271.2022.02.07.03.19.57; Mon, 07 Feb 2022 03:20:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236425AbiBCJTB convert rfc822-to-8bit (ORCPT + 99 others); Thu, 3 Feb 2022 04:19:01 -0500 Received: from lithops.sigma-star.at ([195.201.40.130]:37448 "EHLO lithops.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230259AbiBCJS7 (ORCPT ); Thu, 3 Feb 2022 04:18:59 -0500 Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id CB4CE614E2C9; Thu, 3 Feb 2022 10:18:57 +0100 (CET) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id ig2hg8HhEsea; Thu, 3 Feb 2022 10:18:57 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id 21F80613AFDF; Thu, 3 Feb 2022 10:18:57 +0100 (CET) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6NhwpoOldHN9; Thu, 3 Feb 2022 10:18:57 +0100 (CET) Received: from lithops.sigma-star.at (lithops.sigma-star.at [195.201.40.130]) by lithops.sigma-star.at (Postfix) with ESMTP id EEED3613AFD6; Thu, 3 Feb 2022 10:18:56 +0100 (CET) Date: Thu, 3 Feb 2022 10:18:56 +0100 (CET) From: Richard Weinberger To: =?utf-8?B?TWljaGHFgiBLxJlwaWXFhA==?= Cc: Miquel Raynal , Vignesh Raghavendra , Boris Brezillon , linux-mtd , linux-kernel Message-ID: <1173246756.12597.1643879936765.JavaMail.zimbra@nod.at> In-Reply-To: <20220125104822.8420-5-kernel@kempniu.pl> References: <20220125104822.8420-1-kernel@kempniu.pl> <20220125104822.8420-5-kernel@kempniu.pl> Subject: Re: [PATCH v3 4/4] mtdchar: add MEMREAD ioctl MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-Originating-IP: [195.201.40.130] X-Mailer: Zimbra 8.8.12_GA_3807 (ZimbraWebClient - FF96 (Linux)/8.8.12_GA_3809) Thread-Topic: mtdchar: add MEMREAD ioctl Thread-Index: 4v2g4Z4lx0v5vFZ8+gLXLp2J71QhHg== Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Michał, ----- Ursprüngliche Mail ----- > Von: "Michał Kępień" > An: "Miquel Raynal" , "richard" , "Vignesh Raghavendra" > CC: "Boris Brezillon" , "linux-mtd" , "linux-kernel" > > Gesendet: Dienstag, 25. Januar 2022 11:48:22 > Betreff: [PATCH v3 4/4] mtdchar: add MEMREAD ioctl > + if (req.start + req.len > mtd->size) { I think this can overflow since both req.start and req.len are u64. So an evil-doer might bypass this check. > + ret = -EINVAL; > + goto out; > + } > + > + datbuf_len = min_t(size_t, req.len, mtd->erasesize); > + if (datbuf_len > 0) { > + datbuf = kmalloc(datbuf_len, GFP_KERNEL); If mtd->erasesize is large (which is not uncommon these days) you might request more from kmalloc() than it can serve. Maybe kvmalloc() makes more sense? > + if (!datbuf) { > + ret = -ENOMEM; > + goto out; > + } > + } > + > + oobbuf_len = min_t(size_t, req.ooblen, mtd->erasesize); > + if (oobbuf_len > 0) { > + oobbuf = kmalloc(oobbuf_len, GFP_KERNEL); Same. Thanks, //richard