search for: args_siz

...^^^^^^^^^^^^^^^^^^^^ > > > > So that could wrap around, even though the allocation may not. > > > > Better yet, since "sizeof(*args) + size" is repeated 3 times in the > > function, I'd recommend: > > > > ... > > u32 args_size; > > > > if (check_add_overflow(sizeof(*args), size, &args_size)) > > return -ENOMEM; > > if (args_size > sizeof(stack)) { > > if (!(args = kmalloc(args_size, GFP_KERNEL))) trivia: More typical kernel style would use separate alloc and test args = k...

...ize, NULL); > ^^^^^^^^^^^^^^^^^^^^ > > So that could wrap around, even though the allocation may not. > > Better yet, since "sizeof(*args) + size" is repeated 3 times in the > function, I'd recommend: > > ... > u32 args_size; > > if (check_add_overflow(sizeof(*args), size, &args_size)) > return -ENOMEM; > if (args_size > sizeof(stack)) { > if (!(args = kmalloc(args_size, GFP_KERNEL))) > return -ENOMEM; > } else { > args = (void *)stack; > }...

...aee8fe15..1d19c87eaec1 100644 --- a/drivers/gpu/drm/nouveau/nvif/object.c +++ b/drivers/gpu/drm/nouveau/nvif/object.c @@ -142,11 +142,16 @@ nvif_object_mthd(struct nvif_object *object, u32 mthd, void *data, u32 size) struct nvif_ioctl_v0 ioctl; struct nvif_ioctl_mthd_v0 mthd; } *args; + u32 args_size; u8 stack[128]; int ret; - if (sizeof(*args) + size > sizeof(stack)) { - if (!(args = kmalloc(sizeof(*args) + size, GFP_KERNEL))) + if (check_add_overflow(sizeof(*args), size, &args_size)) + return -ENOMEM; + + if (args_size > sizeof(stack)) { + args = kmalloc(args_size, GFP_KER...

...aee8fe15..89a812f812af 100644 --- a/drivers/gpu/drm/nouveau/nvif/object.c +++ b/drivers/gpu/drm/nouveau/nvif/object.c @@ -142,11 +142,15 @@ nvif_object_mthd(struct nvif_object *object, u32 mthd, void *data, u32 size) struct nvif_ioctl_v0 ioctl; struct nvif_ioctl_mthd_v0 mthd; } *args; + u32 args_size; u8 stack[128]; int ret; - if (sizeof(*args) + size > sizeof(stack)) { - if (!(args = kmalloc(sizeof(*args) + size, GFP_KERNEL))) + if (check_add_overflow(sizeof(*args), size, &args_size)) + return -ENOMEM; + + if (args_size > sizeof(stack)) { + if (!(args = kmalloc(args_size, G...

...f_object_ioctl(object, args, sizeof(*args) + size, NULL); ^^^^^^^^^^^^^^^^^^^^ So that could wrap around, even though the allocation may not. Better yet, since "sizeof(*args) + size" is repeated 3 times in the function, I'd recommend: ... u32 args_size; if (check_add_overflow(sizeof(*args), size, &args_size)) return -ENOMEM; if (args_size > sizeof(stack)) { if (!(args = kmalloc(args_size, GFP_KERNEL))) return -ENOMEM; } else { args = (void *)stack; } ... ret = nvif_object_ioctl(object, ar...

(adding linux-hardening at vger.kernel.org) Le 18/05/2024 ? 16:37, Guenter Roeck a ?crit?: > Trying to build parisc:allmodconfig with gcc 12.x or later results > in the following build error. > > drivers/gpu/drm/nouveau/nvif/object.c: In function 'nvif_object_mthd': > drivers/gpu/drm/nouveau/nvif/object.c:161:9: error: > 'memcpy' accessing 4294967264 or more

Just a quick update, I''ve dropped the hashing stuff in favor of doing a memcmp in the kernel to make sure the data is still the same. The thing that takes a while is reading the data up from disk, so doing a memcmp of the entire buffer isn''t that big of a deal, not to mention there''s a possiblity for malicious users if there is a problem with the hashing algorithms we

Here are patches to do offline deduplication for Btrfs. It works well for the cases it''s expected to, I''m looking for feedback on the ioctl interface and such, I''m well aware there are missing features for the userspace app (like being able to set a different blocksize). If this interface is acceptable I will flesh out the userspace app a little more, but I believe the