| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 7 Nov 2010 14:29:33 +0000 From: Ralf Baechle <ralf@...ux-mips.org> To: Jesper Juhl <jj@...osbits.net> Cc: linux-mips@...ux-mips.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Check vmalloc return value in vpe_open On Sat, Oct 30, 2010 at 06:37:16PM +0200, Jesper Juhl wrote: > I noticed that the return value of the > vmalloc() call in arch/mips/kernel/vpe.c::vpe_open() is not checked, so we > potentially store a null pointer in v->pbuffer. As far as I can tell this > will be a problem. However, I don't know the mips code at all, so there > may be something, somewhere where I did not look, that handles this in a > safe manner but I couldn't find it. > > To me it looks like we should do what the patch below implements and check > for a null return and then return -ENOMEM in that case. Comments? All users check if the buffer was successfully allocated so the code is safe wrt. to that. Doesn't mean that it's not a pukeogenic piece of code. Look at the use of v->pbuffer in vpe_release for example. First use it the vmalloc'ed memory then carefully check the pointer for being non-NULL before calling vfree. If the pointer could actually be non-NULL that's too late and vfree does that check itself anyway. And more such gems, general uglyness and freedom of concept. It used to be even worse. Ralf -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists