lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.02.1407042237500.1984@localhost6.localdomain6>
Date:	Fri, 4 Jul 2014 22:38:21 +0200 (CEST)
From:	Julia Lawall <julia.lawall@...6.fr>
To:	"Elliott, Robert (Server Storage)" <Elliott@...com>
cc:	Himangi Saraogi <himangi774@...il.com>,
	Vikas Chaudhary <vikas.chaudhary@...gic.com>,
	"iscsi-driver@...gic.com" <iscsi-driver@...gic.com>,
	"James E.J. Bottomley" <JBottomley@...allels.com>,
	"linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] qla4xxx: Return -ENOMEM on memory allocation failure



On Fri, 4 Jul 2014, Julia Lawall wrote:

> 
> 
> On Fri, 4 Jul 2014, Elliott, Robert (Server Storage) wrote:
> 
> > 
> > 
> > > -----Original Message-----
> > > From: linux-scsi-owner@...r.kernel.org [mailto:linux-scsi-
> > > owner@...r.kernel.org] On Behalf Of Himangi Saraogi
> > > Sent: Friday, 04 July, 2014 1:28 PM
> > > To: Vikas Chaudhary; iscsi-driver@...gic.com; James E.J. Bottomley; linux-
> > > scsi@...r.kernel.org; linux-kernel@...r.kernel.org
> > > Cc: julia.lawall@...6.fr
> > > Subject: [PATCH] qla4xxx: Return -ENOMEM on memory allocation failure
> > > 
> > > In this code, 0 is returned on memory allocation failure, even though
> > > other failures return -ENOMEM or other similar values.
> > > 
> > > A simplified version of the Coccinelle semantic match that finds this
> > > problem is as follows:
> > > 
> > > // <smpl>
> > > @@
> > > expression ret;
> > > expression x,e1,e2,e3;
> > > identifier alloc;
> > > @@
> > > 
> > > ret = 0
> > > ... when != ret = e1
> > > *x = alloc(...)
> > > ... when != ret = e2
> > > if (x == NULL) { ... when != ret = e3
> > >   return ret;
> > > }
> > > // </smpl>
> > > 
> > > Signed-off-by: Himangi Saraogi <himangi774@...il.com>
> > > Acked-by: Julia Lawall <julia.lawall@...6.fr>
> > > ---
> > >  drivers/scsi/qla4xxx/ql4_os.c | 1 +
> > >  1 file changed, 1 insertion(+)
> > > 
> > > diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
> > > index c5d9564..72ba671 100644
> > > --- a/drivers/scsi/qla4xxx/ql4_os.c
> > > +++ b/drivers/scsi/qla4xxx/ql4_os.c
> > > @@ -1050,6 +1050,7 @@ static int qla4xxx_get_host_stats(struct Scsi_Host
> > > *shost, char *buf, int len)
> > >  	if (!ql_iscsi_stats) {
> > >  		ql4_printk(KERN_ERR, ha,
> > >  			   "Unable to allocate memory for iscsi stats\n");
> > > +		ret = -ENOMEM;
> > >  		goto exit_host_stats;
> > >  	}
> > > 
> > 
> > Also, the only caller of this function doesn't use the return 
> > value - it's overwritten by another function call:
> > 
> > drivers/scsi/scsi_transport_iscsi.c:
> >                 err = transport->get_host_stats(shost, buf, host_stats_size);
> > 
> >                 actual_size = nlmsg_total_size(sizeof(*ev) + host_stats_size);
> >                 skb_trim(skbhost_stats, NLMSG_ALIGN(actual_size));
> >                 nlhhost_stats->nlmsg_len = actual_size;
> > 
> >                 err = iscsi_multicast_skb(skbhost_stats, ISCSI_NL_GRP_ISCSID,
> >                                           GFP_KERNEL);
> 
> Maybe that is intentional?  If get_host_stats fails, eg because of a lack 
> of memory, the worst that will happen is that a region of the buffer will 
> be 0.  If the loop is done again, there seems to be a risk of an infinite 
> loop.

Or one could jump out of the function completely, as on failure of 
alloc_skb.

julia
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ