| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Jan 2014 08:54:18 -0200
From: Jose Alonso <joalonsof@...il.com>
To: Martin Schwidefsky <schwidefsky@...ibm.com>,
Heiko Carstens <heiko.carstens@...ibm.com>,
Lukasz Dorau <lukasz.dorau@...el.com>,
Maciej Patelczyk <maciej.patelczyk@...el.com>,
Dave Jiang <dave.jiang@...el.com>,
Simon Horman <horms@...ge.net.au>,
Magnus Damm <magnus.damm@...il.com>,
Paul Mundt <lethal@...ux-sh.org>,
Christoph Hellwig <hch@....de>, Jens Axboe <axboe@...nel.dk>,
Guennadi Liakhovetski <g.liakhovetski@....de>,
Liam Girdwood <lgirdwood@...il.com>,
Mark Brown <broonie@...nel.org>,
Kuninori Morimoto <kuninori.morimoto.gx@...esas.com>
Cc: Linux Kernel <linux-kernel@...r.kernel.org>
Subject: [PATCH] for_each macros correctness
I observed that there are for_each macros that do an extra memory access
beyond the defined area.
Normally this does not cause problems.
But, this can cause exceptions. For example: if the area is allocated at
the end of a page and the next page is not accessible.
For correctness, I suggest changing the arguments of the 'for loop' like
others 'for_each' do in the kernel.
files involved:
drivers/s390/cio/qdio.h
drivers/scsi/isci/host.h
drivers/sh/clk/core.c
include/linux/blk-mq.h
include/linux/shdma-base.h
sound/soc/sh/rcar/adg.c
Signed-off-by: Jose Alonso <joalonsof@...il.com>
---
diff --git a/drivers/s390/cio/qdio.h b/drivers/s390/cio/qdio.h
index 8acaae1..a563e4c 100644
--- a/drivers/s390/cio/qdio.h
+++ b/drivers/s390/cio/qdio.h
@@ -359,14 +359,12 @@ static inline int multicast_outbound(struct qdio_q *q)
#define need_siga_sync_out_after_pci(q) \
(unlikely(q->irq_ptr->siga_flag.sync_out_after_pci))
-#define for_each_input_queue(irq_ptr, q, i) \
- for (i = 0, q = irq_ptr->input_qs[0]; \
- i < irq_ptr->nr_input_qs; \
- q = irq_ptr->input_qs[++i])
-#define for_each_output_queue(irq_ptr, q, i) \
- for (i = 0, q = irq_ptr->output_qs[0]; \
- i < irq_ptr->nr_output_qs; \
- q = irq_ptr->output_qs[++i])
+#define for_each_input_queue(irq_ptr, q, i) \
+ for (i = 0; i < irq_ptr->nr_input_qs && \
+ ({ q = irq_ptr->input_qs[i]; 1; }); i++)
+#define for_each_output_queue(irq_ptr, q, i) \
+ for (i = 0; i < irq_ptr->nr_output_qs && \
+ ({ q = irq_ptr->output_qs[i]; 1; }); i++)
#define prev_buf(bufnr) \
((bufnr + QDIO_MAX_BUFFERS_MASK) & QDIO_MAX_BUFFERS_MASK)
diff --git a/drivers/scsi/isci/host.h b/drivers/scsi/isci/host.h
index 4911310..99c5a69 100644
--- a/drivers/scsi/isci/host.h
+++ b/drivers/scsi/isci/host.h
@@ -311,9 +311,8 @@ static inline struct Scsi_Host *to_shost(struct isci_host *ihost)
}
#define for_each_isci_host(id, ihost, pdev) \
- for (id = 0, ihost = to_pci_info(pdev)->hosts[id]; \
- id < ARRAY_SIZE(to_pci_info(pdev)->hosts) && ihost; \
- ihost = to_pci_info(pdev)->hosts[++id])
+ for (id = 0; id < ARRAY_SIZE(to_pci_info(pdev)->hosts) && \
+ (ihost = to_pci_info(pdev)->hosts[id]); id++)
static inline void wait_for_start(struct isci_host *ihost)
{
diff --git a/drivers/sh/clk/core.c b/drivers/sh/clk/core.c
index 7472785..6dd3cbb 100644
--- a/drivers/sh/clk/core.c
+++ b/drivers/sh/clk/core.c
@@ -82,8 +82,8 @@ struct clk_rate_round_data {
};
#define for_each_frequency(pos, r, freq) \
- for (pos = r->min, freq = r->func(pos, r); \
- pos <= r->max; pos++, freq = r->func(pos, r)) \
+ for (pos = r->min; pos <= r->max && \
+ ({ freq = r->func(pos, r); 1; }); pos++) \
if (unlikely(freq == 0)) \
; \
else
diff --git a/include/linux/blk-mq.h b/include/linux/blk-mq.h
index ab0e9b2..a4b40cf 100644
--- a/include/linux/blk-mq.h
+++ b/include/linux/blk-mq.h
@@ -159,16 +159,16 @@ static inline struct request *blk_mq_tag_to_rq(struct blk_mq_hw_ctx *hctx,
}
#define queue_for_each_hw_ctx(q, hctx, i) \
- for ((i) = 0, hctx = (q)->queue_hw_ctx[0]; \
- (i) < (q)->nr_hw_queues; (i)++, hctx = (q)->queue_hw_ctx[i])
+ for ((i) = 0; (i) < (q)->nr_hw_queues && \
+ ({ hctx = (q)->queue_hw_ctx[i]; 1; }); (i)++)
#define queue_for_each_ctx(q, ctx, i) \
- for ((i) = 0, ctx = per_cpu_ptr((q)->queue_ctx, 0); \
- (i) < (q)->nr_queues; (i)++, ctx = per_cpu_ptr(q->queue_ctx, (i)))
+ for ((i) = 0; (i) < (q)->nr_queues && \
+ ({ ctx = per_cpu_ptr((q)->queue_ctx, (i)); 1; }); (i)++)
#define hctx_for_each_ctx(hctx, ctx, i) \
- for ((i) = 0, ctx = (hctx)->ctxs[0]; \
- (i) < (hctx)->nr_ctx; (i)++, ctx = (hctx)->ctxs[(i)])
+ for ((i) = 0; (i) < (hctx)->nr_ctx && \
+ ({ ctx = (hctx)->ctxs[(i)]; 1; }); (i)++)
#define blk_ctx_sum(q, sum) \
({ \
diff --git a/include/linux/shdma-base.h b/include/linux/shdma-base.h
index f92c0a4..35285f7 100644
--- a/include/linux/shdma-base.h
+++ b/include/linux/shdma-base.h
@@ -111,8 +111,8 @@ struct shdma_dev {
size_t desc_size;
};
-#define shdma_for_each_chan(c, d, i) for (i = 0, c = (d)->schan[0]; \
- i < (d)->dma_dev.chancnt; c = (d)->schan[++i])
+#define shdma_for_each_chan(c, d, i) for (i = 0; i < (d)->dma_dev.chancnt && \
+ ({ c = (d)->schan[i]; 1; }); i++)
int shdma_request_irq(struct shdma_chan *, int,
unsigned long, const char *);
diff --git a/sound/soc/sh/rcar/adg.c b/sound/soc/sh/rcar/adg.c
index a53235c..ef19c15 100644
--- a/sound/soc/sh/rcar/adg.c
+++ b/sound/soc/sh/rcar/adg.c
@@ -25,9 +25,8 @@ struct rsnd_adg {
};
#define for_each_rsnd_clk(pos, adg, i) \
- for (i = 0, (pos) = adg->clk[i]; \
- i < CLKMAX; \
- i++, (pos) = adg->clk[i])
+ for (i = 0; i < CLKMAX && \
+ ({ (pos) = adg->clk[i]; 1; }); i++)
#define rsnd_priv_to_adg(priv) ((struct rsnd_adg *)(priv)->adg)
static int rsnd_adg_set_convert_clk_gen1(struct rsnd_priv *priv,
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists