lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 08 Aug 2016 17:13:02 +0200
From:	Arnd Bergmann <arnd@...db.de>
To:	linuxppc-dev@...ts.ozlabs.org
Cc:	David Laight <David.Laight@...lab.com>,
	'Arvind Yadav' <arvind.yadav.cs@...il.com>,
	"zajec5@...il.com" <zajec5@...il.com>,
	"leoli@...escale.com" <leoli@...escale.com>,
	"qiang.zhao@...escale.com" <qiang.zhao@...escale.com>,
	"viresh.kumar@...aro.org" <viresh.kumar@...aro.org>,
	"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"scottwood@...escale.com" <scottwood@...escale.com>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"linux@...ck-us.net" <linux@...ck-us.net>
Subject: Re: [5.3] ucc_geth: Fix to avoid IS_ERR_VALUE abuses and dead code on 64bit systems.

On Monday, August 8, 2016 2:49:11 PM CEST David Laight wrote:
> 
> > If qe_muram_alloc will return any error, Then IS_ERR_VALUE will always
> > return 0. it'll not call ucc_fast_free for any failure. Inside 'if code'
> > will be a dead code on 64bit. Even qe_muram_addr will return wrong
> > virtual address. Which can cause an error.
> > 
> >  kfree((void *)ugeth->tx_bd_ring_offset[i]);
> 
> Erm, kfree() isn't the right function for things allocated by qe_muram_alloc().
> 
> I still thing you need to stop this code using IS_ERR_VALUE() at all.

Those are two separate issues:

a) The ucc_geth driver mixing kmalloc() memory with muram, and assigning
   the result to "u32" and "void __iomem *" variables, both of which
   are wrong at least half of the time.

b) calling conventions of qe_muram_alloc() being defined in a way that
   requires the use of IS_ERR_VALUE(), because '0' is a valid address
   here.

The first one can be solved by updating the network driver, ideally
by getting rid of the casts and using proper types and accessors,
while the second would require updating all users of that interface.

	Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ