lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAFCwf12RoBTtHBdu5j5Jot7q=2k3G9xc0v1VgbtGHCub7Drh3w@mail.gmail.com>
Date:	Tue, 16 Jun 2015 15:41:49 +0300
From:	Oded Gabbay <oded.gabbay@...il.com>
To:	Dan Carpenter <dan.carpenter@...cle.com>,
	Yair Shachar <yair.shachar@....com>,
	John Bridgman <John.Bridgman@....com>
Cc:	David Airlie <airlied@...ux.ie>,
	Maling list - DRI developers 
	<dri-devel@...ts.freedesktop.org>,
	"Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>,
	kernel-janitors@...r.kernel.org
Subject: Re: [patch] drm/amdkfd: fix some range checks in address watch ioctl

On Thu, Jun 11, 2015 at 6:19 PM, Dan Carpenter <dan.carpenter@...cle.com> wrote:
>
> diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
> index 96c904b..54a608a 100644
> --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
> @@ -553,7 +554,7 @@ static int kfd_ioctl_dbg_address_watch(struct file *filep,
>         /* Validate arguments */
>
>         if ((args->buf_size_in_bytes > MAX_ALLOWED_AW_BUFF_SIZE) ||
> -               (args->buf_size_in_bytes <= sizeof(*args)) ||
> +               (args->buf_size_in_bytes <= sizeof(*args) + sizeof(int) * 2) ||
>                 (cmd_from_user == NULL))
>                 return -EINVAL;
>
> @@ -590,7 +596,7 @@ static int kfd_ioctl_dbg_address_watch(struct file *filep,
>         /* skip over the addresses buffer */
>         args_idx += sizeof(aw_info.watch_address) * aw_info.num_watch_points;
>
> -       if (args_idx >= args->buf_size_in_bytes) {
> +       if (args_idx >= args->buf_size_in_bytes - sizeof(*args)) {
>                 kfree(args_buff);
>                 return -EINVAL;
>         }
> @@ -614,7 +620,7 @@ static int kfd_ioctl_dbg_address_watch(struct file *filep,
>                 args_idx += sizeof(aw_info.watch_mask);
>         }
>
> -       if (args_idx > args->buf_size_in_bytes) {
> +       if (args_idx >= args->buf_size_in_bytes - sizeof(args)) {
>                 kfree(args_buff);
>                 return -EINVAL;
>         }

Hi Dan,

I took the above section and made a patch from them which I then
applied to my -next-fixes tree (to be included in 4.2 merge window).
Thanks!

Yair,
I suggest you take my amdkfd-next-fixes branch and test it with your
debugger tests.

John,
If you could try publishing kfdtest as we talked about, that would be
great because then everyone will be able to check this.

   Oded
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ