From: Finn Thain <fthain@linux-m68k.org>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Kees Cook <keescook@chromium.org>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Erick Archer <erick.archer@outlook.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Justin Stitt <justinstitt@google.com>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH v3] scsi: csiostor: Use kcalloc() instead of kzalloc()
Date: Thu, 2 May 2024 10:47:21 +1000 (AEST) [thread overview]
Message-ID: <66bca69a-0036-4108-5963-002cce69376a@linux-m68k.org> (raw)
In-Reply-To: <c358208c5d4c823e3373aca4fe42998a6edd12fb.camel@HansenPartnership.com>
On Wed, 1 May 2024, James Bottomley wrote:
> > The code itself is fine unless you have a 32-bit system with a
> > malicious card, so yeah, near zero risk.
>
> Well, no actually zero: we assume plugged in hardware to operate
> correctly (had this argument in the driver hardening thread a while
> ago), but in this particular case you'd have to have a card with a very
> high number of ports, which would cause kernel allocations to fail long
> before anything could introduce an overflow of sizeof(struct csio_lnode
> *) * hw->num_lns.
>
Then it should be safe to add an equivalent assertion. E.g.
BUG_ON(hw->num_lns > X) where X was derived either from knowledge of the
hardware or from some known-safe kalloc() limit. Though I wonder whether
BUG_ON() is the best way to encode preconditions for the benfit of static
checkers...
next prev parent reply other threads:[~2024-05-02 0:47 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-30 16:17 [PATCH v3] scsi: csiostor: Use kcalloc() instead of kzalloc() Erick Archer
2024-04-27 13:52 ` Erick Archer
2024-04-29 17:20 ` Kees Cook
2024-04-29 18:31 ` Martin K. Petersen
2024-04-29 20:13 ` Kees Cook
2024-04-30 1:54 ` Finn Thain
2024-05-01 14:39 ` James Bottomley
2024-05-02 0:47 ` Finn Thain [this message]
2024-05-11 11:18 ` Erick Archer
2024-05-11 15:10 ` Erick Archer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=66bca69a-0036-4108-5963-002cce69376a@linux-m68k.org \
--to=fthain@linux-m68k.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=bhelgaas@google.com \
--cc=erick.archer@outlook.com \
--cc=gustavoars@kernel.org \
--cc=justinstitt@google.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).