lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 13 May 2009 13:23:03 -0700
From:	"H. Peter Anvin" <hpa@...or.com>
To:	Ingo Molnar <mingo@...e.hu>
CC:	Subrata Modak <subrata@...ux.vnet.ibm.com>,
	Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>, x86@...nel.org,
	Sachin P Sant <sachinp@...ux.vnet.ibm.com>,
	Andi Kleen <andi@...stfloor.org>,
	Andi Kleen <ak@...ux.intel.com>,
	Linux Kernel <linux-kernel@...r.kernel.org>,
	Balbir Singh <balbir@...ux.vnet.ibm.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>
Subject: Re: [PATCH] Fix Warnining in arch/x86/kernel/signal.c

Ingo Molnar wrote:
>>>>  
>>>>  	if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
>>>>  		goto badframe;
>>>> -	if (__get_user(set.sig[0], &frame->sc.oldmask) || (_NSIG_WORDS > 1
>>>> -		&& __copy_from_user(&set.sig[1], &frame->extramask,
>>>> -				    sizeof(frame->extramask))))
>>>> +
>>>> +        if ( (__copy_from_user(&set.sig[1], &frame->extramask,
>>>> +                sizeof(frame->extramask)) && _NSIG_WORDS > 1) || 
>>>> +                __get_user(set.sig[0], &frame->sc.oldmask))
>>>>  		goto badframe;
>>> I'm not sure why this eliminates that warning.
>>> set.sig[0] may not be initialized too, if __copy_from_user() failed.
>> True, but only when either or both of __copy_from_user() and
>> (_NSIG_WORDS > 1) fails. But in all instances set.sig[1] gets
>> initialized.
>>
>>> I don't have enough time to look at this right now, sorry.
>>>
>>> Another question, __copy_from_user() will be called even if
>>> _NSIG_WORDS is less than 2, perhaps it never occurs.
>>> I think, to check _NSIG_WORDS > 1 before calling __copy_from_user()
>>> is better.
>> Fine. Let Ingo/Thomas/Peter decide whether they would like this fix or
>> drop it.
> 
> If you get the Acked-by from Hiroshi-san it looks good to me. He 
> modified this code last.
> 

This seriously looks wrong to me.  If _NSIG_WORDS == 1, then calling
__copy_from_user here is a serious error.

	-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ