| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Sep 2009 23:41:21 +0900
From: Tejun Heo <tj@...nel.org>
To: Andrew Morton <akpm@...ux-foundation.org>
CC: Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>,
rusty@...tcorp.com.au, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fix error handling in load_module()
Hello, Andrew.
Andrew Morton wrote:
> My reverse engineering of the secret, undocumented percpu_modfree()
> indicates that its mad inventor intended that percpu_modfree(NULL) be a
> valid thing to do.
>
> It calls free_percpu(), all implementations of which appear to secretly
> support free_percpu(NULL).
Eh... unfortunately, the original percpu_modfree() implementation
didn't seem to support it.
> So why did your machine crash?
>
> This:
>
> void free_percpu(void *ptr)
> {
> void *addr = __pcpu_ptr_to_addr(ptr);
> struct pcpu_chunk *chunk;
> unsigned long flags;
> int off;
>
> if (!ptr)
> return;
>
> is dangerous. The implementation of __pcpu_ptr_to_addr() can be
> overridden by asm/percpu.h and there's no reason why the compiler won't
> choose to pass a NULL into __pcpu_ptr_to_addr().
>
> But there doesn't appear to be any overriding of __pcpu_ptr_to_addr()
> in 2.6.31 and the default __pcpu_ptr_to_addr() looks like it will
> handle a NULL pointer OK.
>
> So again, why did your machine crash?
>
> From: Andrew Morton <akpm@...ux-foundation.org>
>
> __pcpu_ptr_to_addr() can be overridden by the architecture and might not
> behave well if passed a NULL pointer. So avoid calling it until we have
> verified that its arg is not NULL.
>
> Cc: Rusty Russell <rusty@...tcorp.com.au>
> Cc: Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> ---
>
> mm/percpu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff -puN mm/percpu.c~percpu-avoid-calling-__pcpu_ptr_to_addrnull mm/percpu.c
> --- a/mm/percpu.c~percpu-avoid-calling-__pcpu_ptr_to_addrnull
> +++ a/mm/percpu.c
> @@ -957,7 +957,7 @@ static void pcpu_reclaim(struct work_str
> */
> void free_percpu(void *ptr)
> {
> - void *addr = __pcpu_ptr_to_addr(ptr);
> + void *addr;
> struct pcpu_chunk *chunk;
> unsigned long flags;
> int off;
> @@ -965,6 +965,8 @@ void free_percpu(void *ptr)
> if (!ptr)
> return;
>
> + addr = __pcpu_ptr_to_addr(ptr);
> +
__pcpu_ptr_to_addr() and reverse should be simple arithmetic
transformations. The sole reason why it's defined as overridable was
mostly because I didn't know whether all archs could be unified to use
the same macro (and different variants were used early during
development) but yeap no harm in being careful.
Thanks.
--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists