Re: [PATCH v2 2/2] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

From: Harshit Mogalapalli
Date: Fri Feb 16 2024 - 02:36:08 EST

Next message: Thomas Richard: "Re: [PATCH v3 14/18] phy: cadence-torrent: add suspend and resume support"
Previous message: Byungchul Park: "[PATCH v2] sched/numa, mm: do not promote folios to nodes not set N_MEMORY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Kovalev,

On 11/01/24 6:23 pm, kovalev@xxxxxxxxxxxx wrote:

Hello, I was also working on solving this problem
https://lore.kernel.org/lkml/20240110104042.31865-1-kovalev@xxxxxxxxxxxx/T/#t.

Please note that there are 2 such places in the code, and by analogy with your
version of the changes, including changes in the approach to calculating the
size of the allocated memory, additional changes on top of your changes will
be as follows:

diff --git a/drivers/misc/vmw_vmci/vmci_datagram.c b/drivers/misc/vmw_vmci/vmci_datagram.c
index ba379cd6d054bd..1a50fcea681bf8 100644
--- a/drivers/misc/vmw_vmci/vmci_datagram.c
+++ b/drivers/misc/vmw_vmci/vmci_datagram.c
@@ -369,8 +369,9 @@ int vmci_datagram_invoke_guest_handler(struct vmci_datagram *dg)
if (dst_entry->run_delayed) {
struct delayed_datagram_info *dg_info;
- dg_info = kmalloc(sizeof(*dg_info) + (size_t)dg->payload_size,
+ dg_info = kmalloc(struct_size(dg_info, msg_payload, dg->payload_size),
GFP_ATOMIC);
+
if (!dg_info) {
vmci_resource_put(resource);
return VMCI_ERROR_NO_MEM;
@@ -378,7 +379,9 @@ int vmci_datagram_invoke_guest_handler(struct vmci_datagram *dg)
dg_info->in_dg_host_queue = false;
dg_info->entry = dst_entry;
- memcpy(&dg_info->msg, dg, VMCI_DG_SIZE(dg));
+ dg_info->msg = *dg;
+ memcpy(&dg_info->msg_payload, dg + 1, dg->payload_size);
+
INIT_WORK(&dg_info->work, dg_delayed_dispatch);
schedule_work(&dg_info->work);

I think you need to send a separate patch/patches for this.

[linux-next]$ git describe
next-20240216
[linux-next]$ git log --oneline drivers/misc/vmw_vmci/vmci_datagram.c
19b070fefd0d VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
e03d4910e6e4 VMCI: Use struct_size() in kmalloc()

I see that the two patches I sent are applied by Kees and are in linux-next.

I am thinking if we can reproduce the above WARNING in vmci_datagram_invoke_guest_handler() by modifying the C reproducer generated by Syzkaller for dg_dispatch_as_host()

Thanks,
Harshit

Next message: Thomas Richard: "Re: [PATCH v3 14/18] phy: cadence-torrent: add suspend and resume support"
Previous message: Byungchul Park: "[PATCH v2] sched/numa, mm: do not promote folios to nodes not set N_MEMORY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]