On Mon, Jul 2, 2018 at 2:41 PM, Richard Weinberger richard@nod.at wrote:
Am Montag, 2. Juli 2018, 20:27:00 CEST schrieb Kees Cook:
Let's queue another patch for the next merge window which converts kmalloc() -> kmalloc_array().
I'd prefer to leave it as-is for 4.18 because it would be the only unconverted kmalloc()-with-multiplication in the entire tree. We did treewide conversions and a revert would be undoing that here. (The scripts that check for this case would run "clean" for 4.18.)
So, this gets back to the question of the int vs u32: if you just didn't revert this patch, then the kmalloc_array() would stand too. Easy! :)
I can queue the kmalloc_array() conversion on top of the revert. But TBH, using kmalloc_array() here is just ridiculous, we allocate dn->size times 2 where dn->size is at most 4k.
Right, I don't think this spot still suddenly become vulnerable again, but it'll generate the same machine code (since one arg is a constant value), and then static checkers never have to flag on it again. :)
Thanks!
-Kees