lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 24 Mar 2009 09:47:17 +0100
From:	Ingo Molnar <mingo@...e.hu>
To:	Li Zefan <lizf@...fujitsu.com>
Cc:	Jens Axboe <jens.axboe@...cle.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Arnaldo Carvalho de Melo <acme@...hat.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 3/5] blktrace: fix off-by-one bug


* Li Zefan <lizf@...fujitsu.com> wrote:

> Li Zefan wrote:
> >>> -	if (unlikely(what == 0 || what > ARRAY_SIZE(what2act)))
> >>> +	if (unlikely(what == 0 || what >= ARRAY_SIZE(what2act)))
> >> ah, nice. How did you notice - did we miss "remap" events due to 
> >> this bug?
> >>
> 
> forgot to mention, we didn't miss any "remap" events.
> 
> > 
> > By code review, but we can get NULL dereference bug if we receive an
> > "abort" event, this event may be generated only when using device-mapper.
> > 
> 
> and not NULL dereference, but accessing invalid memory.
> 
> what2act["abort"]->print(...)
> 
> and "abort" == ARRAY_SIZE(what2act).

Ah. This:

        [__BLK_TA_QUEUE]        = {{  "Q", "queue" },      blk_log_generic },
        [__BLK_TA_BACKMERGE]    = {{  "M", "backmerge" },  blk_log_generic },
        [__BLK_TA_FRONTMERGE]   = {{  "F", "frontmerge" }, blk_log_generic },
        [__BLK_TA_GETRQ]        = {{  "G", "getrq" },      blk_log_generic },
        [__BLK_TA_SLEEPRQ]      = {{  "S", "sleeprq" },    blk_log_generic },
        [__BLK_TA_REQUEUE]      = {{  "R", "requeue" },    blk_log_with_error },
        [__BLK_TA_ISSUE]        = {{  "D", "issue" },      blk_log_generic },
        [__BLK_TA_COMPLETE]     = {{  "C", "complete" },   blk_log_with_error },
        [__BLK_TA_PLUG]         = {{  "P", "plug" },       blk_log_plug },
        [__BLK_TA_UNPLUG_IO]    = {{  "U", "unplug_io" },  blk_log_unplug },
        [__BLK_TA_UNPLUG_TIMER] = {{ "UT", "unplug_timer" }, blk_log_unplug },
        [__BLK_TA_INSERT]       = {{  "I", "insert" },     blk_log_generic },
        [__BLK_TA_SPLIT]        = {{  "X", "split" },      blk_log_split },
        [__BLK_TA_BOUNCE]       = {{  "B", "bounce" },     blk_log_generic },
        [__BLK_TA_REMAP]        = {{  "A", "remap" },      blk_log_remap },

does not have a __BLK_TA_ABORT entry currently - it should have, 
right?

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ