| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Nov 2016 09:40:00 -0600
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Sachin Shukla <sachin.s5@...sung.com>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>,
Kees Cook <keescook@...omium.org>,
Serge Hallyn <serge@...lyn.com>,
Andrey Vagin <avagin@...nvz.org>, linux-kernel@...r.kernel.org,
sachiniiitm@...il.com, ravikant.s2@...sung.com,
p.shailesh@...sung.com, ashish.kalra@...sung.com,
vidushi.koul@...sung.com
Subject: Re: [PATCH] Kernel: Improvement in code readability when
memdup_user_nul() fails.
On Fri, Nov 11, 2016 at 02:37:15PM +0530, Sachin Shukla wrote:
> From: "Sachin Shukla" <sachin.s5@...sung.com>
>
> There is no need to call kfree() if memdup_user_nul() fails, as no memory
> was allocated and the error in the error-valued pointer should be returned.
Hi,
in general, having a common exit path is considered more readable,
more easily reviewable, than having more exit paths. To this end,
initializing pointers to NULL and kfree()ing them at common exit
paths even when they may not have been alloc()ed yet is also often
seen as more readable.
> Signed-off-by: Sachin Shukla <sachin.s5@...sung.com>
I do appreciate the work, and I recognize these things can be subjective,
but I would say
Nacked-by: Serge Hallyn <serge@...lyn.com>
> ---
> kernel/user_namespace.c | 25 ++++++++++++++-----------
> 1 file changed, 14 insertions(+), 11 deletions(-)
>
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index 86b7854..a0ffbf0 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -672,28 +672,31 @@ static ssize_t map_write(struct file *file, const char __user *buf,
> */
> mutex_lock(&userns_state_mutex);
>
> - ret = -EPERM;
> /* Only allow one successful write to the map */
> - if (map->nr_extents != 0)
> - goto out;
> + if (map->nr_extents != 0) {
> + mutex_unlock(&userns_state_mutex);
> + return -EPERM;
> + }
>
> /*
> * Adjusting namespace settings requires capabilities on the target.
> */
> - if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
> - goto out;
> + if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN)) {
> + mutex_unlock(&userns_state_mutex);
> + return -EPERM;
> + }
>
> /* Only allow < page size writes at the beginning of the file */
> - ret = -EINVAL;
> - if ((*ppos != 0) || (count >= PAGE_SIZE))
> - goto out;
> + if ((*ppos != 0) || (count >= PAGE_SIZE)) {
> + mutex_unlock(&userns_state_mutex);
> + return -EINVAL;
> + }
>
> /* Slurp in the user data */
> kbuf = memdup_user_nul(buf, count);
> if (IS_ERR(kbuf)) {
> - ret = PTR_ERR(kbuf);
> - kbuf = NULL;
> - goto out;
> + mutex_unlock(&userns_state_mutex);
> + return PTR_ERR(kbuf);
> }
>
> /* Parse the user data */
> --
> 1.7.9.5
Powered by blists - more mailing lists