lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4CD92225.2070205@gmail.com>
Date:	Tue, 09 Nov 2010 11:27:49 +0100
From:	Jiri Slaby <jirislaby@...il.com>
To:	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
CC:	Milton Miller <miltonm@....com>, jbarnes@...tuousgeek.org,
	linux-pci@...r.kernel.org, xen-devel@...ts.xensource.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] PCI: xen-pcifront, fix PCI reference leak

On 11/08/2010 05:34 PM, Konrad Rzeszutek Wilk wrote:
> On Thu, Nov 04, 2010 at 12:27:07PM -0600, Milton Miller wrote:
>> On 2010-11-04 at about 14:31:30 Jiri Slaby wrote:
>>> Stanse found that when pdev is found and has no driver a reference is
>>> leaked in pcifront_common_process. So add pci_dev_put there. For the
>>> pdev == NULL case, pci_dev_put(NULL) is fine.
>>
>> While that may be true, the dev_err(&pcidev->dev ... is a NULL pointer
>> deref.
> 
> I've put the fix in the branch (stable/xen-pcifront-fixes) that I will ask Linus
> to pull.. but what options did you need to find this?
> 
> I tried to run this before putting your and Milton fix in:
> konrad@...nom:~/tar/stanse-1.1.2$ java -jar ./stanse.jar  ~/work/linux/drivers/pci/xen-pcifront.c 
> Stanse version "1.1.2"
> Copyright (c) 2008-2010 Masaryk University, Brno
> 
> STANSE_HOME not specified. Using the location of stanse.jar.
> Checking for bugs:
> <-> File: /home/konrad/work/linux/drivers/pci/xen-pcifront.c
> <-> --------------------------------
> Done.
> 
> And no warnings?

It's not easy as that. You have to specify checkers like
-c
AutomatonChecker:dist/data/checkers/AutomatonChecker/kernel_pairing.xml
-c AutomatonChecker:dist/data/checkers/AutomatonChecker/kernel_memory.xml
etc. Then, probably stanse won't guess kernel build flags correctly, so
you need to utilize kernel make system. So the command-line (from linux
src dir) would be:
STANSE_HOME=PATH java -jar PATH/stanse.jar -c
AutomatonChecker:PATH/dist/data/checkers/AutomatonChecker/kernel_pairing.xml
-c
AutomatonChecker:PATH/dist/data/checkers/AutomatonChecker/kernel_memory.xml
--makefile Makefile --make-params 'drivers/pci/xen-pcifront.o'

Presumably drivers/pci/xen-pcifront.o must not exist so that when stanse
runs make, it actually builds something. It will warn you about that anyway.

Maybe you want to run with gui: -g to track the issues in gui. There you
can also add the checkers by hand (or on cmdline too).

For openSUSE, I package stanse into rpm, and there is a script which has
-k and adds all the kernel checkers by default.

regards,
-- 
js
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ