| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Nov 2007 20:28:32 +0900
From: Tejun Heo <htejun@...il.com>
To: jens.axboe@...cle.com, linux-kernel@...r.kernel.org
Subject: [PATCH] scatterlist: add more safeguards
Add more safeguards to protect against misinterpreting a chain entry
as a normal scatterlist and vice-versa.
* Make sure the entry isn't a chain when assigning and reading a
normal sg.
* Clear offset and length when chaining.
Signed-off-by: Tejun Heo <htejun@...il.com>
---
While converting libata to use chained-sg, I felt a bit insecure and
added a few more safe guards. Feel free to include or ignore them.
Thanks.
include/linux/scatterlist.h | 37 ++++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
Index: work/include/linux/scatterlist.h
===================================================================
--- work.orig/include/linux/scatterlist.h
+++ work/include/linux/scatterlist.h
@@ -26,6 +26,16 @@
#define SG_MAGIC 0x87654321
+/*
+ * We overload the LSB of the page pointer to indicate whether it's
+ * a valid sg entry, or whether it points to the start of a new scatterlist.
+ * Those low bits are there for everyone! (thanks mason :-)
+ */
+#define sg_is_chain(sg) ((sg)->page_link & 0x01)
+#define sg_is_last(sg) ((sg)->page_link & 0x02)
+#define sg_chain_ptr(sg) \
+ ((struct scatterlist *) ((sg)->page_link & ~0x03))
+
/**
* sg_assign_page - Assign a given page to an SG entry
* @sg: SG entry
@@ -47,6 +57,7 @@ static inline void sg_assign_page(struct
BUG_ON((unsigned long) page & 0x03);
#ifdef CONFIG_DEBUG_SG
BUG_ON(sg->sg_magic != SG_MAGIC);
+ BUG_ON(sg_is_chain(sg));
#endif
sg->page_link = page_link | (unsigned long) page;
}
@@ -73,7 +84,14 @@ static inline void sg_set_page(struct sc
sg->length = len;
}
-#define sg_page(sg) ((struct page *) ((sg)->page_link & ~0x3))
+static inline struct page *sg_page(struct scatterlist *sg)
+{
+#ifdef CONFIG_DEBUG_SG
+ BUG_ON(sg->sg_magic != SG_MAGIC);
+ BUG_ON(sg_is_chain(sg));
+#endif
+ return (struct page *)((sg)->page_link & ~0x3);
+}
/**
* sg_set_buf - Set sg entry to point at given data
@@ -88,16 +106,6 @@ static inline void sg_set_buf(struct sca
sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
}
-/*
- * We overload the LSB of the page pointer to indicate whether it's
- * a valid sg entry, or whether it points to the start of a new scatterlist.
- * Those low bits are there for everyone! (thanks mason :-)
- */
-#define sg_is_chain(sg) ((sg)->page_link & 0x01)
-#define sg_is_last(sg) ((sg)->page_link & 0x02)
-#define sg_chain_ptr(sg) \
- ((struct scatterlist *) ((sg)->page_link & ~0x03))
-
/**
* sg_next - return the next scatterlist entry in a list
* @sg: The current sg entry
@@ -179,6 +187,13 @@ static inline void sg_chain(struct scatt
#ifndef ARCH_HAS_SG_CHAIN
BUG();
#endif
+
+ /*
+ * offset and length are unused for chain entry. Clear them.
+ */
+ prv->offset = 0;
+ prv->length = 0;
+
/*
* Set lowest bit to indicate a link pointer, and make sure to clear
* the termination bit if it happens to be set.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists