lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 20 May 2018 08:22:42 +0200
From:   Jiri Pirko <jiri@...nulli.us>
To:     Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Cc:     Vlad Buslov <vladbu@...lanox.com>, netdev@...r.kernel.org,
        davem@...emloft.net, jhs@...atatu.com, xiyou.wangcong@...il.com,
        pablo@...filter.org, kadlec@...ckhole.kfki.hu, fw@...len.de,
        ast@...nel.org, daniel@...earbox.net, edumazet@...gle.com,
        keescook@...omium.org, linux-kernel@...r.kernel.org,
        netfilter-devel@...r.kernel.org, coreteam@...filter.org,
        kliteyn@...lanox.com
Subject: Re: [PATCH 06/14] net: sched: implement reference counted action
 release

Sat, May 19, 2018 at 11:43:27PM CEST, marcelo.leitner@...il.com wrote:
>On Mon, May 14, 2018 at 05:27:07PM +0300, Vlad Buslov wrote:
>...
>> @@ -1052,6 +1088,36 @@ static int tca_action_flush(struct net *net, struct nlattr *nla,
>>  	return err;
>>  }
>>
>> +static int tcf_action_delete(struct net *net, struct list_head *actions,
>> +			     struct netlink_ext_ack *extack)
>> +{
>> +	int ret;
>
>Reverse christmass tree.. this line should be the last in variable
>declarations.
>
>> +	struct tc_action *a, *tmp;
>> +	char kind[IFNAMSIZ];
>> +	u32 act_index;
>> +
>> +	list_for_each_entry_safe(a, tmp, actions, list) {
>> +		const struct tc_action_ops *ops = a->ops;
>> +
>> +		/* Actions can be deleted concurrently
>> +		 * so we must save their type and id to search again
>> +		 * after reference is released.
>> +		 */
>> +		strncpy(kind, a->ops->kind, sizeof(kind) - 1);
>
>This may be problematic. Why strncpy here?

This is not necessary if Vlad is going to hold module referece, ops
cannot disappear.


>
>a->ops->kind is also of size IFNAMSIZ. If a->ops->kind is actually
>IFNAMSIZ-1 long, kind here won't be NULL terminated, as kind is not
>initialized and strncpy won't add the NULL.
>
>> +		act_index = a->tcfa_index;
>> +
>> +		list_del(&a->list);
>> +		if (tcf_action_put(a))
>> +			module_put(ops->owner);
>> +
>> +		/* now do the delete */
>> +		ret = tcf_action_del_1(net, kind, act_index, extack);
>> +		if (ret < 0)
>> +			return ret;
>> +	}
>> +	return 0;
>> +}

Powered by blists - more mailing lists