lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <b4c3746e0902162140u25d79ba8gd1e4483e414e2d87@mail.gmail.com>
Date:	Tue, 17 Feb 2009 11:10:14 +0530
From:	Aravind Srinivasan <raa.aars@...il.com>
To:	linux-kernel@...r.kernel.org
Cc:	Tom Zanussi <zanussi@...ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: [PATCH] relay: fix for possible loss/corruption of produced subbufs

from: Aravind Srinivasan <raa.aars@...il.com>

This patch fixes possible loss/corruption of produced subbufs in
relay_subbufs_consumed().

When buf->subbufs_produced wraps around after UINT_MAX and
buf->subbufs_consumed is still < UINT_MAX, the condition
	if (buf->subbufs_consumed > buf->subbufs_produced)
will be true even for certain valid values of subbufs_consumed. This may lead
to loss or corruption of produced subbufs.

	Signed-off-by: Aravind Srinivasan <raa.aars@...il.com>
--------------------------------------------------------------------------------
--- linux-2.6.28/kernel/relay.c.orig	2009-02-17 07:53:55.000000000 +0530
+++ linux-2.6.28/kernel/relay.c	2009-02-17 07:54:14.000000000 +0530
@@ -795,13 +795,15 @@ void relay_subbufs_consumed(struct rchan
 	if (!chan)
 		return;

-	if (cpu >= NR_CPUS || !chan->buf[cpu])
+	if (cpu >= NR_CPUS || !chan->buf[cpu] ||
+					subbufs_consumed > chan->n_subbufs)
 		return;

 	buf = chan->buf[cpu];
-	buf->subbufs_consumed += subbufs_consumed;
-	if (buf->subbufs_consumed > buf->subbufs_produced)
+	if (subbufs_consumed > buf->subbufs_produced - buf->subbufs_consumed)
 		buf->subbufs_consumed = buf->subbufs_produced;
+	else
+		buf->subbufs_consumed += subbufs_consumed;
 }
 EXPORT_SYMBOL_GPL(relay_subbufs_consumed);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ