lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sat, 5 Jul 2014 02:30:53 +0200
From:	Emil Goode <emilgoode@...il.com>
To:	Jonas Gorski <jogo@...nwrt.org>
Cc:	Ralf Baechle <ralf@...ux-mips.org>,
	Paul Gortmaker <paul.gortmaker@...driver.com>,
	John Crispin <blogic@...nwrt.org>,
	MIPS Mailing List <linux-mips@...ux-mips.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] MIPS: Fix incorrect NULL check in local_flush_tlb_page()

Hello Jonas,

On Fri, Jul 04, 2014 at 11:52:51PM +0200, Jonas Gorski wrote:
> On Fri, Jul 4, 2014 at 7:07 PM, Emil Goode <emilgoode@...il.com> wrote:
> > We check that the struct vm_area_struct pointer vma is NULL and
> > then dereference it. The intent must have been to check that
> > vma is not NULL before we dereference it in the next condition.
> 
> Actually if it is NULL, then it will short-cut and won't dereference
> it (because !vma is true it can never become false again), so the
> condition would be fine previously.
> 
> But, looking at the code a few lines into branch:
> 
>         if (!vma || cpu_context(cpu, vma->vm_mm) != 0) {
>                 unsigned long flags;
>                 int oldpid, newpid, idx;
> 
> #ifdef DEBUG_TLB
>                 printk("[tlbpage<%lu,0x%08lx>]", cpu_context(cpu,
> vma->vm_mm), page);
> #endif
>                 newpid = cpu_context(cpu, vma->vm_mm) & ASID_MASK;
> 
> it will be then dereferenced here, so the change is actually sensible,
> even if the description isn't quite spot-on where it breaks.

Sorry, this is what I meant but failed to explain clearly.

Perhaps the following is a bit better?

We check that the struct vm_area_struct pointer vma is NULL and then
dereference it a few lines below. The intent must have been to make sure
that vma is not NULL and then to check the value from cpu_context() for the
condition to be true.

Best regards,

Emil Goode
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists