lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 26 Jul 2018 14:07:08 +0200
From:   Björn Töpel <bjorn.topel@...il.com>
To:     Jakub Kicinski <jakub.kicinski@...ronome.com>
Cc:     Taehee Yoo <ap420073@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>, ast@...nel.org,
        Björn Töpel <bjorn.topel@...el.com>,
        Jesper Dangaard Brouer <brouer@...hat.com>,
        Netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH V2 bpf] xdp: add NULL pointer check in __xdp_return()

Den tors 26 juli 2018 kl 04:14 skrev Jakub Kicinski
<jakub.kicinski@...ronome.com>:
>
> On Thu, 26 Jul 2018 00:09:50 +0900, Taehee Yoo wrote:
> > rhashtable_lookup() can return NULL. so that NULL pointer
> > check routine should be added.
> >
> > Fixes: 02b55e5657c3 ("xdp: add MEM_TYPE_ZERO_COPY")
> > Signed-off-by: Taehee Yoo <ap420073@...il.com>
> > ---
> > V2 : add WARN_ON_ONCE when xa is NULL.
> >
> >  net/core/xdp.c | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/core/xdp.c b/net/core/xdp.c
> > index 9d1f220..786fdbe 100644
> > --- a/net/core/xdp.c
> > +++ b/net/core/xdp.c
> > @@ -345,7 +345,10 @@ static void __xdp_return(void *data, struct xdp_mem_info *mem, bool napi_direct,
> >               rcu_read_lock();
> >               /* mem->id is valid, checked in xdp_rxq_info_reg_mem_model() */
> >               xa = rhashtable_lookup(mem_id_ht, &mem->id, mem_id_rht_params);
> > -             xa->zc_alloc->free(xa->zc_alloc, handle);
> > +             if (!xa)
> > +                     WARN_ON_ONCE(1);
>
> nit: is compiler smart enough to figure out the fast path here?
> WARN_ON_ONCE() has the nice side effect of wrapping the condition in
> unlikely().  It could save us both LoC and potentially cycles to do:
>
> if (!WARN_ON_ONCE(!xa))
>         xa->zc_alloc->free(xa->zc_alloc, handle);
>
> Although it admittedly looks a bit awkward.  I'm not sure if we have
> some form of assert (i.e. positive check) in tree :S
>

I'm kind of in favor of this ^^^. Hopefully, Taehee is ok with another spin.

Björn

> > +             else
> > +                     xa->zc_alloc->free(xa->zc_alloc, handle);
> >               rcu_read_unlock();
> >       default:
> >               /* Not possible, checked in xdp_rxq_info_reg_mem_model() */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ