| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1433851493-23685-1-git-send-email-sergey.senozhatsky@gmail.com>
Date: Tue, 9 Jun 2015 21:04:48 +0900
From: Sergey Senozhatsky <sergey.senozhatsky@...il.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Minchan Kim <minchan@...nel.org>, Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Michal Hocko <mhocko@...e.cz>,
David Rientjes <rientjes@...gle.com>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, sergey.senozhatsky.work@...il.com,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>
Subject: [RFC][PATCH 0/5] do not dereference NULL pools in pools' destroy() functions
Hello,
RFC
Proposed by Andrew Morton: https://lkml.org/lkml/2015/6/8/583
The existing pools' destroy() functions do not allow NULL pool pointers;
instead, every destructor() caller forced to check if pool is not NULL,
which:
a) requires additional attention from developers/reviewers
b) may lead to a NULL pointer dereferences if (a) didn't work
First 3 patches tweak
- kmem_cache_destroy()
- mempool_destroy()
- dma_pool_destroy()
to handle NULL pointers.
Basically, this patch set will:
1) Can prevent us from still undiscovered NULL pointer dereferences.
(like the one that was addressed in https://lkml.org/lkml/2015/6/5/262)
2) Make a cleanup possible. Things like:
[..]
if (xhci->segment_pool)
dma_pool_destroy(xhci->segment_pool);
..
if (xhci->device_pool)
dma_pool_destroy(xhci->device_pool);
..
if (xhci->small_streams_pool)
dma_pool_destroy(xhci->small_streams_pool);
..
if (xhci->medium_streams_pool)
dma_pool_destroy(xhci->medium_streams_pool);
[..]
or
[..]
fail_dma_pool:
if (IS_QLA82XX(ha) || ql2xenabledif) {
dma_pool_destroy(ha->fcp_cmnd_dma_pool);
ha->fcp_cmnd_dma_pool = NULL;
}
fail_dl_dma_pool:
if (IS_QLA82XX(ha) || ql2xenabledif) {
dma_pool_destroy(ha->dl_dma_pool);
ha->dl_dma_pool = NULL;
}
fail_s_dma_pool:
dma_pool_destroy(ha->s_dma_pool);
ha->s_dma_pool = NULL;
[..]
may now be simplified.
0004 and 0005 are not so necessary, simply because there are not
so many users of these two (added for pool's destroy() functions consistency):
-- zpool_destroy_pool()
-- zs_destroy_pool()
So, 0004 and 0005 can be dropped.
- zbud does kfree() in zbud_destroy_pool(), so I didn't touch it.
Sergey Senozhatsky (5):
mm/slab_common: allow NULL cache pointer in kmem_cache_destroy()
mm/mempool: allow NULL `pool' pointer in mempool_destroy()
mm/dmapool: allow NULL `pool' pointer in dma_pool_destroy()
mm/zpool: allow NULL `zpool' pointer in zpool_destroy_pool()
mm/zsmalloc: allow NULL `pool' pointer in zs_destroy_pool()
mm/dmapool.c | 3 +++
mm/mempool.c | 3 +++
mm/slab_common.c | 3 +++
mm/zpool.c | 3 +++
mm/zsmalloc.c | 3 +++
5 files changed, 15 insertions(+)
--
2.4.3.368.g7974889
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists