lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 16 Feb 2024 13:37:49 +0100
From: Christian Brauner <brauner@...nel.org>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Tycho Andersen <tycho@...ho.pizza>, 
	coverity-bot <keescook@...omium.org>, Nicholas Piggin <npiggin@...il.com>, 
	Sebastian Andrzej Siewior <bigeasy@...utronix.de>, Peng Zhang <zhangpeng.00@...edance.com>, 
	Ard Biesheuvel <ardb@...nel.org>, Luis Chamberlain <mcgrof@...nel.org>, 
	Heiko Carstens <hca@...ux.ibm.com>, Andrew Morton <akpm@...ux-foundation.org>, 
	Suren Baghdasaryan <surenb@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, 
	Mateusz Guzik <mjguzik@...il.com>, Dmitry Vyukov <dvyukov@...gle.com>, 
	Tycho Andersen <tandersen@...flix.com>, Mike Christie <michael.christie@...cle.com>, 
	"Paul E. McKenney" <paulmck@...nel.org>, linux-kernel@...r.kernel.org, 
	"Gustavo A. R. Silva" <gustavo@...eddedor.com>, linux-next@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: Coverity: __do_sys_pidfd_send_signal(): UNINIT

On Wed, Feb 14, 2024 at 08:18:01PM +0100, Oleg Nesterov wrote:
> On 02/14, Tycho Andersen wrote:
> >
> > On Wed, Feb 14, 2024 at 06:55:55PM +0100, Oleg Nesterov wrote:
> > >
> > > We want to check the "flags" argument at the start, we do not want to
> > > delay the "case 0:" check until we have f.file (so that we can check
> > > f.file->f_flags).
> >
> > Fair point. I was thinking delaying it would make it simpler, but then
> > you have to free the file and it's less fast in the EINVAL case.
> 
> plus we do not want to return, say, -EBADF if the "flags" argument is wrong.
> 
> > I also don't have a strong opinion here.
> 
> Neither me.

Or you know, we just don't care about this. ;)
In any case since tis is a false positive it's not urgent in any way. If
either of you cares enough about this then please just send me patch that
reorders the checks to please that tool. The specific way doesn't matter
to me as well as long as we don't pointlessly fdget()/fdput().

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ