lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Jan 2018 00:34:46 -0500
From:   Dave Jones <davej@...emonkey.org.uk>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     Linux Kernel <linux-kernel@...r.kernel.org>
Subject: problematic rc9 futex changes.

c1e2f0eaf015fb: "futex: Avoid violating the 10th rule of futex" seems to
make up a few new rules to violate.

Coverity picked up these two problems in the same code:


First it or's a value with stack garbage.

_______________________________________________________________________________________________________
*** CID 1427826:  Uninitialized variables  (UNINIT)
/kernel/futex.c: 2316 in fixup_pi_state_owner()
2310     
2311     	raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
2312     
2313     	oldowner = pi_state->owner;
2314     	/* Owner died? */
2315     	if (!pi_state->owner)
>>>     CID 1427826:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "newtid".
2316     		newtid |= FUTEX_OWNER_DIED;
2317     
2318     	/*
2319     	 * We are here because either:
2320     	 *
2321     	 *  - we stole the lock and pi_state->owner needs updating to reflect

Then it notices that value is never read from before it's written
anyway.

*** CID 1427824:  Code maintainability issues  (UNUSED_VALUE)
/kernel/futex.c: 2316 in fixup_pi_state_owner()
2310     
2311     	raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
2312     
2313     	oldowner = pi_state->owner;
2314     	/* Owner died? */
2315     	if (!pi_state->owner)
>>>     CID 1427824:  Code maintainability issues  (UNUSED_VALUE)
>>>     Assigning value from "newtid | 0x40000000U" to "newtid" here, but that stored value is overwritten before it can be used.
2316     		newtid |= FUTEX_OWNER_DIED;
2317     
2318     	/*
2319     	 * We are here because either:
2320     	 *
2321     	 *  - we stole the lock and pi_state->owner needs updating to reflect


(The next reference of newtid being..

2369         newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;


	Dave

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ