[PATCH v2] devres: Fix devm_krealloc() allocating memory with wrong size

From: Zijun Hu
Date: Sun Jun 16 2024 - 07:31:28 EST

Next message: Dragan Simic: "Re: [PATCH 3/3] arm64: dts: rockchip: Add rkvdec2 Video Decoder on rk3588(s)"
Previous message: Hillf Danton: "Re: [syzbot] [ntfs3?] KASAN: slab-use-after-free Read in chrdev_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kernel API devm_krealloc() calls alloc_dr() with wrong argument
@total_new_size, and it will cause more memory to be allocated
than required, fixed by using @new_size as alloc_dr()'s argument.

Fixes: f82485722e5d ("devres: provide devm_krealloc()")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
---
V2: Add inline comments and stable tag

Previous discussion link:
https://lore.kernel.org/all/1718531655-29761-1-git-send-email-quic_zijuhu@xxxxxxxxxxx/

drivers/base/devres.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/base/devres.c b/drivers/base/devres.c
index 3df0025d12aa..0d4e5d1b9967 100644
--- a/drivers/base/devres.c
+++ b/drivers/base/devres.c
@@ -896,9 +896,12 @@ void *devm_krealloc(struct device *dev, void *ptr, size_t new_size, gfp_t gfp)
/*
* Otherwise: allocate new, larger chunk. We need to allocate before
* taking the lock as most probably the caller uses GFP_KERNEL.
+ * alloc_dr() will call check_dr_size() to reserve extra memory such
+ * as struct devres_node automatically, so size @new_size user request
+ * is delivered to it directly as devm_kmalloc() does.
*/
new_dr = alloc_dr(devm_kmalloc_release,
- total_new_size, gfp, dev_to_node(dev));
+ new_size, gfp, dev_to_node(dev));
if (!new_dr)
return NULL;

--
2.7.4

Next message: Dragan Simic: "Re: [PATCH 3/3] arm64: dts: rockchip: Add rkvdec2 Video Decoder on rk3588(s)"
Previous message: Hillf Danton: "Re: [syzbot] [ntfs3?] KASAN: slab-use-after-free Read in chrdev_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]