Re: [PATCH] ubd: Use pointer-to-pointers for io_thread_req arrays

[Richard Weinberger]

----- Ursprüngliche Mail -----
> Von: "Kees Cook" <kees@xxxxxxxxxx>
> An: "richard" <richard@xxxxxx>
> CC: "Kees Cook" <kees@xxxxxxxxxx>, "Nathan Chancellor" <nathan@xxxxxxxxxx>, "Guenter Roeck" <linux@xxxxxxxxxxxx>, "anton
> ivanov" <anton.ivanov@xxxxxxxxxxxxxxxxxx>, "Johannes Berg" <johannes@xxxxxxxxxxxxxxxx>, "Jens Axboe" <axboe@xxxxxxxxx>,
> "Hannes Reinecke" <hare@xxxxxxx>, "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>, "Tiwei Bie"
> <tiwei.btw@xxxxxxxxxxxx>, "linux-um" <linux-um@xxxxxxxxxxxxxxxxxxx>, "Al Viro" <viro@xxxxxxxxxxxxxxxxxx>,
> "linux-kernel" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-hardening" <linux-hardening@xxxxxxxxxxxxxxx>
> Gesendet: Montag, 23. Februar 2026 22:43:45
> Betreff: [PATCH] ubd: Use pointer-to-pointers for io_thread_req arrays

> Having an unbounded array for irq_req_buffer and io_req_buffer doesn't
> provide any bounds safety, and confuses the needed allocation type,
> which is returning a pointer to pointers. Instead of the implicit cast,
> switch the variable types.
> 
> Reported-by: Nathan Chancellor <nathan@xxxxxxxxxx>
> Reported-by: Guenter Roeck <linux@xxxxxxxxxxxx>
> Closes:
> https://lore.kernel.org/all/b04b6c13-7d0e-4a89-9e68-b572b6c686ac@xxxxxxxxxxxx
> Fixes: 69050f8d6d07 ("treewide: Replace kmalloc with kmalloc_obj for non-scalar
> types")
> Signed-off-by: Kees Cook <kees@xxxxxxxxxx>
> ---
> Cc: Richard Weinberger <richard@xxxxxx>
> Cc: Anton Ivanov <anton.ivanov@xxxxxxxxxxxxxxxxxx>
> Cc: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
> Cc: Jens Axboe <axboe@xxxxxxxxx>
> Cc: Hannes Reinecke <hare@xxxxxxx>
> Cc: "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>
> Cc: Tiwei Bie <tiwei.btw@xxxxxxxxxxxx>
> Cc: <linux-um@xxxxxxxxxxxxxxxxxxx>
> ---
> arch/um/drivers/ubd_kern.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)

Acked-by: Richard Weinberger <richard@xxxxxx>

Thanks,
//richard