Re: [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size

From: Kees Cook
Date: Tue Nov 01 2022 - 17:37:24 EST

Next message: Steven Rostedt: "Re: [BUG] NULL pointer dereference probably caused by kernel/trace/ring_buffer.c"
Previous message: David Vernet: "Re: [PATCH bpf-next v6 1/3] bpf: Allow trusted pointers to be passed to KF_TRUSTED_ARGS kfuncs"
Next in thread: Ruhl, Michael J: "RE: [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 31, 2022 at 08:42:36PM +0000, Ruhl, Michael J wrote:
> Looking at the size usage (from elixir), I see:
>
> --
> if (!q_vector) {
> q_vector = kzalloc(size, GFP_KERNEL);
> } else if (size > ksize(q_vector)) {
> kfree_rcu(q_vector, rcu);
> q_vector = kzalloc(size, GFP_KERNEL);
> } else {
> memset(q_vector, 0, size);
> }
> --
>
> If the size is rounded up, will the (size > ksize()) check ever be true?
>
> I.e. have you eliminated this check (and maybe getting rid of the need for first patch?)?

Hi!

It looked like igb_alloc_q_vector() was designed to be called multiple
times on the same q_vector (i.e. to grow its allocation size over time).
So for that case, yes, the "size > ksize(q_vector)" check is needed. If
it's only ever called once (which is hard for me to tell), then no. (And
if "no", why was the alloc/free case even there in the first place?)

-Kees

--
Kees Cook

Next message: Steven Rostedt: "Re: [BUG] NULL pointer dereference probably caused by kernel/trace/ring_buffer.c"
Previous message: David Vernet: "Re: [PATCH bpf-next v6 1/3] bpf: Allow trusted pointers to be passed to KF_TRUSTED_ARGS kfuncs"
Next in thread: Ruhl, Michael J: "RE: [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]