Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp191489rdb; Sun, 28 Jan 2024 21:20:43 -0800 (PST) X-Google-Smtp-Source: AGHT+IEbCv8sUpHKSKP/GN17WV6HmGsc394dWjaffgTUU7DuwDpEi1dTsyywtCMoH0fDjH7j0EzR X-Received: by 2002:a25:8a8d:0:b0:dbd:b8fa:a0e9 with SMTP id h13-20020a258a8d000000b00dbdb8faa0e9mr2201019ybl.66.1706505643240; Sun, 28 Jan 2024 21:20:43 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706505643; cv=pass; d=google.com; s=arc-20160816; b=WZ5oHIB6AN6NKvwuehz9AmytL6WTi3VDp3x+ltshecTKCaKnBXyqdZQeG0dtdSW9Bj 7EJdjN+Vl11r2boppbC+dwu32aH4G2ISgeEE+Vtr/K1UqS85zKYg0S4bJpBsFiqRFZW0 F1tQjO+7Wg+TxtihTFTyIcFy+10a6QQotRIKA2NQC0O6iF3ek+Wk3BXgoxYwNnANANjd bVof6zHTnx1iQrzyIzCBE39gQYgnDdevNa/nNKzjhE4SCkRElCn6fmPouKMqUkIlx0LB EzJnqYeq39v7tl2yp2qAYFmAI+6ND29Wg2t4V/0pdf0WXBXl0Crlpweifze2ypT7aN+f YPpw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=TG0As8Zf+jaNpWP1oUZ8aP25VHp9LmLOVgXQ/rkSlDI=; fh=atCHiPUShdLw5dsO8LDyF6zoIoW3hrHSrLaB2QdrmEk=; b=1Aj8MvsI6GLxFLJZK92pXyrCYBUC2QVlyRviIEj3jC2TZMlSuCWPNPesTzcLeoKPml ryaA0l8qQY/I8LV6XxzONlJpM4LkLH/TWniem57161z7EH0/zTYArgyLv0nl+axy+kFD 1xjhcIJw7nkrCPCe4WBGDi/uxdjeTaTZVlMopTPJtZ84nKcAqtczQEhalIVlp1uItiSO A7RYrHLw47zV9xIh339bqTbyi7EmOsubTfxC7HJy5fG2HgL5lN3RN/YG1n5L87mJomCM 7Vtf3GrxMV48Byf1GuCeM6Z0ajHVmfiLEDhwlEQlm0pSYJoD9sJfb0+rGvagS5xSFed6 s2DQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DCjJnoCN; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-42190-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-42190-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id h29-20020a63121d000000b005be03f0da68si5167532pgl.13.2024.01.28.21.20.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 28 Jan 2024 21:20:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-42190-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DCjJnoCN; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-42190-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-42190-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id D8702287CBF for ; Mon, 29 Jan 2024 05:20:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D75A7433C8; Mon, 29 Jan 2024 05:20:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="DCjJnoCN" Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5ECD54205B for ; Mon, 29 Jan 2024 05:20:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706505634; cv=none; b=YAMz2C5An5fXvD13g7eu3ks3/kndjnxpQPMwgRBzBSmFU3dQkJ5nkGTtr8QSuKMGrfIVF2BGkuHMvBiPPugHDg5d7jheGsDhmw7nAqAc4jJM4dvpw7RPXYwKwkWER0NASkBYjZq9fJSruqqmVnUH3srMAd/HrkwHf1iGxVF2oo0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706505634; c=relaxed/simple; bh=VNfQNXcwaj9L7sBzly9Yd2YYDACh1h3l8Zw6n6MrGnc=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=LLRunkEnoreFBRvJ0H7XUs55ix0ultihdGOduLaXE0BSpvMamucJlC4B0HWxmicB46XAEJv0WDQ99jioD7GvxT/kyRBV8eLZ21dk4o9xkc6YNc7rJ5huPD5cwfua3tf/qlCs7BCmVETGQymZiidc4734kwORtAMHNJ6J1TrqC/o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=DCjJnoCN; arc=none smtp.client-ip=209.85.128.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-40e80046264so35404535e9.0 for ; Sun, 28 Jan 2024 21:20:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1706505630; x=1707110430; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=TG0As8Zf+jaNpWP1oUZ8aP25VHp9LmLOVgXQ/rkSlDI=; b=DCjJnoCNZXrn8YeV6BulpW5DIwpuHFJLzrqSbvk0inZN2vwDC1n32YzAv1+URqzTsY whbQSu1NtxPHe+UlPPTRpbHyAUu6XhROJyCdKlGqAi7aaiD+ag3xL3iX2q4OeB92jR3Q NB+8mnm1it0tPUhK+ET9BRBDx16ZdLIDkkzNCCSK2pnHSMLXa11Pl4+HP427096wxNqc dMYDpAxFia/pNShOuJgNURQ0lZ7TgZ1aMsf3jc27be6TWw9mB+jlJ2I7BtL/9IyGQPEC LvtUWCl1NnWDpJGNJdp0sLqPenANJF5KQ3D3vqC2CEubxdRPEPOsi+Z6RVDa9mi9s6Tg UqCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706505630; x=1707110430; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=TG0As8Zf+jaNpWP1oUZ8aP25VHp9LmLOVgXQ/rkSlDI=; b=Ma9MRAcs+L8wb7Hy+QZt+zUkOHxNZegDivIjfhkZjiDZBg6OCE/WSy4lu28CaOIPU8 mS+OhQti9/pUqfAyxhIYx5XwtJmga6xbsv19HwSzqiUDBxl9qcQIxvCe3LmQIcNi00jK I3iSX/f6Vj3BpeM2iCSHr8c18Ll/xQXI21kcHHax8v33pWKMKDHAGcAdc4oSxmqQKxEt bMk8i+BRYIX1Q/gnMbh+pY/2M1/nYRa0rJ/aMonmMsvvOkYkQndD1JfmvI7HoOVvWaYl /PUpn110j0VYnXPicePdq6aluEPL70HXyEb3e4/k7IA7zHuj2Nt31v01evGZ9KiMp3Y6 +Ptg== X-Gm-Message-State: AOJu0Yw5++/a0JWmdPBIBuJS4f3qBgkAjMaBZ5NJCpNhS+ApLQEB9M11 FX9QkJTQ7Q2DR819Iyo5ItMrjkAaGA5k//4nDnKcmfkwEa1rMRKRjyO9wK0NK0o= X-Received: by 2002:a05:600c:ad0:b0:40e:779f:416 with SMTP id c16-20020a05600c0ad000b0040e779f0416mr4554158wmr.2.1706505630593; Sun, 28 Jan 2024 21:20:30 -0800 (PST) Received: from localhost ([102.140.209.237]) by smtp.gmail.com with ESMTPSA id m5-20020a05600c4f4500b0040ec8330c8asm12823044wmq.39.2024.01.28.21.20.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 28 Jan 2024 21:20:30 -0800 (PST) Date: Mon, 29 Jan 2024 08:20:26 +0300 From: Dan Carpenter To: Erick Archer Cc: Manivannan Sadhasivam , Jeffrey Hugo , "Rafael J. Wysocki" , Greg Kroah-Hartman , "Gustavo A. R. Silva" , linux-arm-msm@vger.kernel.org, mhi@lists.linux.dev, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] bus: mhi: ep: Use kcalloc() instead of kzalloc() Message-ID: <3b175cb6-fcbe-4521-b6ac-442c8a11c297@moroto.mountain> References: <20240120152518.13006-1-erick.archer@gmx.com> <43614a09-d520-4111-873a-b352bd93ea07@moroto.mountain> <20240128102933.GA2800@titan> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240128102933.GA2800@titan> On Sun, Jan 28, 2024 at 11:29:33AM +0100, Erick Archer wrote: > > It's a bit concerning that ->event_rings is set multiple times, but only > > allocated one time. It's either unnecessary or there is a potential > > memory corruption bug. If it's really necessary then there should be a > > check that the new size is <= the size of the original buffer that we > > allocated. > > The ->event_rings is set twice. In the mhi_ep_mmio_init function and in > the mhi_ep_mmio_update_ner function. > It's not about the type. The event_rings struct member is the number of elements in the mhi_cntrl->mhi_event array. However, we ->event_rings without re-allocating mhi_cntrl->mhi_event so those are not in sync any more. So since we don't know the number of elements in the mhi_cntrl->mhi_event array leading to memory corruption. > void mhi_ep_mmio_init(struct mhi_ep_cntrl *mhi_cntrl) > { > [...] > mhi_cntrl->event_rings = FIELD_GET(MHICFG_NER_MASK, regval); > [...] > } > > void mhi_ep_mmio_update_ner(struct mhi_ep_cntrl *mhi_cntrl) > { > [...] > mhi_cntrl->event_rings = FIELD_GET(MHICFG_NER_MASK, regval); > [...] > } These ->event_rings assignments look exactly the same. It depends on regval. So possibly one could be deleted. regards, dan carpenter