| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Nov 2013 16:01:07 +0100
From: Alexander Sverdlin <alexander.sverdlin@....com>
To: ext Guenter Roeck <linux@...ck-us.net>,
ext Pantelis Antoniou <panto@...oniou-consulting.com>,
Grant Likely <grant.likely@...retlab.ca>
CC: Rob Herring <robherring2@...il.com>,
Stephen Warren <swarren@...dotorg.org>,
Matt Porter <matt.porter@...aro.org>,
Koen Kooi <koen@...inion.thruhere.net>,
Alison Chaiken <Alison_Chaiken@...tor.com>,
Dinh Nguyen <dinh.linux@...il.com>,
Jan Lubbe <jluebbe@...net.de>, Michael Stickel <ms@...able.de>,
Dirk Behme <dirk.behme@...il.com>,
Alan Tull <delicious.quinoa@...il.com>,
Sascha Hauer <s.hauer@...gutronix.de>,
Michael Bohan <mbohan@...eaurora.org>,
Ionut Nicu <ioan.nicu.ext@....com>,
Michal Simek <monstr@...str.eu>,
Matt Ranostay <mranostay@...il.com>,
devicetree@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 5/5] OF: Introduce utility helper functions
Hi!
On 08/11/13 15:54, ext Guenter Roeck wrote:
>>> +struct property *__of_copy_property(const struct property *prop, gfp_t flags)
>>> +{
>>> + struct property *propn;
>>> +
>>> + propn = kzalloc(sizeof(*prop), flags);
>>> + if (propn == NULL)
>>> + return NULL;
>>> +
>>> + propn->name = kstrdup(prop->name, flags);
>>> + if (propn->name == NULL)
>>> + goto err_fail_name;
>>> +
>>> + if (prop->length > 0) {
>> ^^^^^^^^^^^^^^^^^^^^^^^
>> As Ioan already mentioned, this is really a problem.
>> There is a bunch of places, where properties without values are used.
>> Like gpio-controller; ranges; interrupt-controller;
>> Refer, for example, to of_irq_map_raw() which checks
>> of_get_property(ipar, "interrupt-controller", NULL) != NULL
>> and some other occurrences of exactly same construct.
>> This will simply be broken for merged device-tree parts.
>>
>
> Folks,
>
> it might help if you explain what exactly is broken, and how to fix it.
> It is not as if the property is not copied, only its value
> is not copied. And the value does not exist.
Existing kernel code relies on the fact, that when the value doesn't exist, the pointer is still not NULL.
>From the db-unflattening code there will be a pointer from kmalloc(0, ...).
> What do you think the code needs to do differently ? Obviously it can
> not copy a non-existing value. So what would have to be in the else case ?
Actually, it can copy non-existing value. memcpy(..., ..., 0) works perfectly fine and
kmalloc(0, flags) does exactly what is required here.
So we fixed this just by removing the if() statement, executing the block unconditionally.
There can be other solutions, but all of them are larger from the code foot-print.
> Thanks,
> Guenter
>
>>> + propn->value = kmalloc(prop->length, flags);
>>> + if (propn->value == NULL)
>>> + goto err_fail_value;
>>> + memcpy(propn->value, prop->value, prop->length);
>>> + propn->length = prop->length;
>>> + }
>>> +
>>> + /* mark the property as dynamic */
>>> + of_property_set_flag(propn, OF_DYNAMIC);
>>> +
>>> + return propn;
>>> +
>>> +err_fail_value:
>>> + kfree(propn->name);
>>> +err_fail_name:
>>> + kfree(propn);
>>> + return NULL;
>>> +}
>>> +
>>
>> ...
>>
>
> --
> To unsubscribe from this list: send the line "unsubscribe devicetree" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
--
Best regards,
Alexander Sverdlin.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists