lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAHb8M2DSRmKDNq4faBg6OUza6auUfXAJLNmUMMqbQxJQG4e6Cw@mail.gmail.com>
Date:	Thu, 1 May 2014 16:38:31 +0900
From:	DaeSeok Youn <daeseok.youn@...il.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] dmapool: remove redundant NULL check for dev in dma_pool_create()

2014-05-01 6:19 GMT+09:00, Andrew Morton <akpm@...ux-foundation.org>:
> On Tue, 29 Apr 2014 11:53:10 +0900 Daeseok Youn <daeseok.youn@...il.com>
> wrote:
>
>> "dev" cannot be NULL because it is already checked before
>> calling dma_pool_create().
>>
>> Signed-off-by: Daeseok Youn <daeseok.youn@...il.com>
>> ---
>> If dev can be NULL, it has NULL deferencing when kmalloc_node()
>> is called after enabling CONFIG_NUMA.
>
> hm, this is unclear.
>
> The code which handles the dev==NULL case was obviously put there
> deliberately, presumably with the intention of permitting drivers to
> call dma_pool_create() without a device*.  This code is very old.
>
> A lot of drivers call dma_pool_create() (I doubt if you audited all of
> them!) and perhaps there are some which use this feature and have never
> been run on NUMA hardware.
Yes.. I didn't check all of callers.. sorry about that. Some drivers
are checked.
>
> I think I'll apply the patch anyway because such drivers (if they
> exist) probably need some attending to.
>
> I rewrote the changelog thusly:
>
>
> : "dev" cannot be NULL because it is already checked before calling
> : dma_pool_create().
> :
> : If dev ever was NULL, the code would oops in dev_to_node() after enabling
> : CONFIG_NUMA.
> :
> : It is possible that some driver is using dev==NULL and has never been run
> : on a NUMA machine.  Such a driver is probably outdated, possibly buggy
> and
> : will need some attention if it starts triggering NULL derefs.
>
>
Ok. Thanks for kind explanation.
Regards,
Daeseok Youn
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ