lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1286276438.24366.42.camel@ekuznets-lx-nokia>
Date:	Tue, 05 Oct 2010 15:00:38 +0400
From:	Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@...ia.com>
To:	ext Michał Nazarewicz <m.nazarewicz@...sung.com>
Cc:	akpm@...ux-foundation.org, torvalds@...ux-foundation.org,
	mingo@...e.hu, gregkh@...e.de, a.p.zijlstra@...llo.nl,
	xiaosuo@...il.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] wait: using uninitialized member of wait queue

Hi,

'wait_queue_t' is passed to prepare_to_wait() function where 'flags' is
used, e.g:
File: /mm/mempool.c
void * mempool_alloc(mempool_t *pool, gfp_t gfp_mask)
{       .....
         .....
	init_wait(&wait);
	prepare_to_wait(&pool->wait, &wait, TASK_UNINTERRUPTIBLE);
	.....
}

Best Regards,
Evgeny

On Tue, 2010-10-05 at 12:41 +0200, ext Michał Nazarewicz wrote:
> On Tue, 05 Oct 2010 10:47:57 +0200, Evgeny Kuznetsov
> <EXT-Eugeny.Kuznetsov@...ia.com> wrote:
> > Member "flags" of "wait_queue_t" struct  is used in several places
> in
> > kernel code without beeing initialized. "flags" is used in bitwise
> operations.
>                        ^^^^^^ -- "being"
> 
> > If "flags" not initialized then unexpected behaviour may have place.
> > Incorrect flags maybe used later in code.
> > Struct "wait_queue_t" is initialized in function "init_wait()". But
> > "init_wait()" do not initialize "flag" member.
>                  ^^ -- does         ^^^^ -- "flags"
> 
> > Added initialization of "wait_queue_t.flags" with zero value into
> "init_wait".
> 
> > diff --git a/include/linux/wait.h b/include/linux/wait.h
> > index 0836ccc..3efc9f3 100644
> > --- a/include/linux/wait.h
> > +++ b/include/linux/wait.h
> > @@ -614,6 +614,7 @@ int wake_bit_function(wait_queue_t *wait,
> unsigned mode, int sync, void *key);
> >               (wait)->private =
> current;                              \
> >               (wait)->func =
> autoremove_wake_function;                \
> >               INIT_LIST_HEAD(&(wait)->task_list);                     \
> > +             (wait)->flags =
> 0;                                      \
> >       } while (0)
> > /**
> 
> I'd turn init_wait() into a static inline.  Otherwise looks good to
> me.
> (Interestingly, init_wait() is used only in 3 places in the kernel and
> none uses flags.)
> 
> -- 
> Best regards,                                        _     _
> | Humble Liege of Serenely Enlightened Majesty of  o' \,=./ `o
> | Computer Science,  Michał "mina86" Nazarewicz       (o o)
> +----[mina86*mina86.com]---[mina86*jabber.org]----ooO--(_)--Ooo-- 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ