lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGXu5jLrgAXs0jmom+fGpw_VF2VCN4H4O3Nz-=aA9tdO87h-qg@mail.gmail.com>
Date:	Wed, 12 Mar 2014 07:55:52 -0700
From:	Kees Cook <keescook@...omium.org>
To:	Liu ShuoX <shuox.liu@...el.com>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Anton Vorontsov <anton@...msg.org>,
	Colin Cross <ccross@...roid.com>,
	Tony Luck <tony.luck@...el.com>, yanmin_zhang@...ux.intel.com
Subject: Re: [PATCH 2/2] pstore: correct the max_dump_cnt clearing of ramoops

On Wed, Mar 12, 2014 at 2:48 AM, Liu ShuoX <shuox.liu@...el.com> wrote:
> On Tue 11.Mar'14 at 13:37:23 -0700, Kees Cook wrote:
>>
>> On Mon, Mar 10, 2014 at 11:17 PM, Liu ShuoX <shuox.liu@...el.com> wrote:
>>>
>>> From: Liu ShuoX <shuox.liu@...el.com>
>>>
>>> In case that ramoops_init_przs failed, max_dump_cnt won't be reset to
>>> zero in error handle path.
>>>
>>> Signed-off-by: Liu ShuoX <shuox.liu@...el.com>
>>> ---
>>>  fs/pstore/ram.c | 4 ++--
>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
>>> index 6f96d8c..522e530 100644
>>> --- a/fs/pstore/ram.c
>>> +++ b/fs/pstore/ram.c
>>> @@ -326,6 +326,7 @@ static void ramoops_free_przs(struct ramoops_context
>>> *cxt)
>>>         for (i = 0; !IS_ERR_OR_NULL(cxt->przs[i]); i++)
>>>                 persistent_ram_free(cxt->przs[i]);
>>>         kfree(cxt->przs);
>>> +       cxt->max_dump_cnt = 0;
>>>  }
>>>   static int ramoops_init_przs(struct device *dev, struct ramoops_context
>>> *cxt,
>>> @@ -350,7 +351,7 @@ static int ramoops_init_przs(struct device *dev,
>>> struct
>>> ramoops_context *cxt,
>>>                              GFP_KERNEL);
>>>         if (!cxt->przs) {
>>>                 dev_err(dev, "failed to initialize a prz array for
>>> dumps\n");
>>> -               return -ENOMEM;
>>> +               goto fail_prz;
>>
>>
>> This will have no effect. If cxt->przs == NULL, ramoops_free_przs will
>> immediately exit too, not hitting your max_dump_cnt = 0 change.
>> Perhaps move the =0 in that function to the top before the check and
>> return?
>
> Yes, you are right. Below has the latest patch which move the =0 to the
> top of that function, just as you mentioned. Thanks.
>
>>
>>>         }
>>>         for (i = 0; i < cxt->max_dump_cnt; i++) {
>>> @@ -508,7 +509,6 @@ fail_buf:
>>>         kfree(cxt->pstore.buf);
>>>  fail_clear:
>>>         cxt->pstore.bufsize = 0;
>>> -       cxt->max_dump_cnt = 0;
>>>  fail_cnt:
>>>         kfree(cxt->fprz);
>>>  fail_init_fprz:
>>> --
>>> 1.8.3.2
>>>
>>
>> Otherwise,  yes, once fixed, this clean-up looks good -- it keeps the
>> variable initialization and cleanup all in ramoops_init_przs() which
>> is how it should be.
>>
>> Thanks!
>>
>> -Kees
>
> -----
>
>
> From: Liu ShuoX <shuox.liu@...el.com>
>
> In case that ramoops_init_przs failed, max_dump_cnt won't be reset to
> zero in error handle path.
>
> Signed-off-by: Liu ShuoX <shuox.liu@...el.com>

Thanks! Looks right now.

Acked-by: Kees Cook <keescook@...omium.org>

-Kees

> ---
>  fs/pstore/ram.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c
> index 6f96d8c..3b57443 100644
> --- a/fs/pstore/ram.c
> +++ b/fs/pstore/ram.c
> @@ -320,6 +320,7 @@ static void ramoops_free_przs(struct ramoops_context
> *cxt)
>  {
>         int i;
>
>  +      cxt->max_dump_cnt = 0;
>         if (!cxt->przs)
>                 return;
>
>  @@ -350,7 +351,7 @@ static int ramoops_init_przs(struct device *dev, struct
> ramoops_context *cxt,
>                              GFP_KERNEL);
>         if (!cxt->przs) {
>                 dev_err(dev, "failed to initialize a prz array for
> dumps\n");
> -               return -ENOMEM;
> +               goto fail_prz;
>         }
>         for (i = 0; i < cxt->max_dump_cnt; i++) {
> @@ -508,7 +509,6 @@ fail_buf:
>         kfree(cxt->pstore.buf);
>  fail_clear:
>         cxt->pstore.bufsize = 0;
> -       cxt->max_dump_cnt = 0;
>  fail_cnt:
>         kfree(cxt->fprz);
>  fail_init_fprz:
> --
> 1.8.3.2
>



-- 
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ