lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 May 2018 08:22:42 +0200 From: Jiri Pirko <jiri@...nulli.us> To: Marcelo Ricardo Leitner <marcelo.leitner@...il.com> Cc: Vlad Buslov <vladbu@...lanox.com>, netdev@...r.kernel.org, davem@...emloft.net, jhs@...atatu.com, xiyou.wangcong@...il.com, pablo@...filter.org, kadlec@...ckhole.kfki.hu, fw@...len.de, ast@...nel.org, daniel@...earbox.net, edumazet@...gle.com, keescook@...omium.org, linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org, coreteam@...filter.org, kliteyn@...lanox.com Subject: Re: [PATCH 06/14] net: sched: implement reference counted action release Sat, May 19, 2018 at 11:43:27PM CEST, marcelo.leitner@...il.com wrote: >On Mon, May 14, 2018 at 05:27:07PM +0300, Vlad Buslov wrote: >... >> @@ -1052,6 +1088,36 @@ static int tca_action_flush(struct net *net, struct nlattr *nla, >> return err; >> } >> >> +static int tcf_action_delete(struct net *net, struct list_head *actions, >> + struct netlink_ext_ack *extack) >> +{ >> + int ret; > >Reverse christmass tree.. this line should be the last in variable >declarations. > >> + struct tc_action *a, *tmp; >> + char kind[IFNAMSIZ]; >> + u32 act_index; >> + >> + list_for_each_entry_safe(a, tmp, actions, list) { >> + const struct tc_action_ops *ops = a->ops; >> + >> + /* Actions can be deleted concurrently >> + * so we must save their type and id to search again >> + * after reference is released. >> + */ >> + strncpy(kind, a->ops->kind, sizeof(kind) - 1); > >This may be problematic. Why strncpy here? This is not necessary if Vlad is going to hold module referece, ops cannot disappear. > >a->ops->kind is also of size IFNAMSIZ. If a->ops->kind is actually >IFNAMSIZ-1 long, kind here won't be NULL terminated, as kind is not >initialized and strncpy won't add the NULL. > >> + act_index = a->tcfa_index; >> + >> + list_del(&a->list); >> + if (tcf_action_put(a)) >> + module_put(ops->owner); >> + >> + /* now do the delete */ >> + ret = tcf_action_del_1(net, kind, act_index, extack); >> + if (ret < 0) >> + return ret; >> + } >> + return 0; >> +}
Powered by blists - more mailing lists