lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 20 Apr 2017 07:04:58 -0700
From:   tip-bot for Vikas Shivappa <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     vikas.shivappa@...ux.intel.com, sai.praneeth.prakhya@...el.com,
        hpa@...or.com, linux-kernel@...r.kernel.org, tglx@...utronix.de,
        mingo@...nel.org
Subject: [tip:x86/cpu] x86/intel_rdt: Return error for incorrect resource
 names in schemata

Commit-ID:  4797b7dfdfcf457075c36743d71e2b0feeaaa20f
Gitweb:     http://git.kernel.org/tip/4797b7dfdfcf457075c36743d71e2b0feeaaa20f
Author:     Vikas Shivappa <vikas.shivappa@...ux.intel.com>
AuthorDate: Wed, 19 Apr 2017 16:50:04 -0700
Committer:  Thomas Gleixner <tglx@...utronix.de>
CommitDate: Thu, 20 Apr 2017 15:57:59 +0200

x86/intel_rdt: Return error for incorrect resource names in schemata

When schemata parses the resource names it does not return an error if it
detects incorrect resource names and fails quietly.

This happens because for_each_enabled_rdt_resource(r) leaves "r" pointing
beyond the end of the rdt_resources_all[] array, and the check for !r->name
results in an out of bounds access.

Split the resource parsing part into a helper function to avoid the issue.

[ tglx: Made it readable by splitting the parser loop out into a function ]

Reported-by: Prakhya, Sai Praneeth <sai.praneeth.prakhya@...el.com>
Signed-off-by: Vikas Shivappa <vikas.shivappa@...ux.intel.com>
Tested-by: Prakhya, Sai Praneeth <sai.praneeth.prakhya@...el.com>
Cc: fenghua.yu@...el.com
Cc: tony.luck@...el.com
Cc: ravi.v.shankar@...el.com
Cc: vikas.shivappa@...el.com
Link: http://lkml.kernel.org/r/1492645804-17465-4-git-send-email-vikas.shivappa@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>

---
 arch/x86/kernel/cpu/intel_rdt_schemata.c | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/arch/x86/kernel/cpu/intel_rdt_schemata.c b/arch/x86/kernel/cpu/intel_rdt_schemata.c
index e64b2cf..406d7a6 100644
--- a/arch/x86/kernel/cpu/intel_rdt_schemata.c
+++ b/arch/x86/kernel/cpu/intel_rdt_schemata.c
@@ -188,6 +188,17 @@ done:
 	return 0;
 }
 
+static int rdtgroup_parse_resource(char *resname, char *tok, int closid)
+{
+	struct rdt_resource *r;
+
+	for_each_enabled_rdt_resource(r) {
+		if (!strcmp(resname, r->name) && closid < r->num_closid)
+			return parse_line(tok, r);
+	}
+	return -EINVAL;
+}
+
 ssize_t rdtgroup_schemata_write(struct kernfs_open_file *of,
 				char *buf, size_t nbytes, loff_t off)
 {
@@ -210,9 +221,10 @@ ssize_t rdtgroup_schemata_write(struct kernfs_open_file *of,
 
 	closid = rdtgrp->closid;
 
-	for_each_enabled_rdt_resource(r)
+	for_each_enabled_rdt_resource(r) {
 		list_for_each_entry(dom, &r->domains, list)
 			dom->have_new_ctrl = false;
+	}
 
 	while ((tok = strsep(&buf, "\n")) != NULL) {
 		resname = strim(strsep(&tok, ":"));
@@ -220,19 +232,9 @@ ssize_t rdtgroup_schemata_write(struct kernfs_open_file *of,
 			ret = -EINVAL;
 			goto out;
 		}
-		for_each_enabled_rdt_resource(r) {
-			if (!strcmp(resname, r->name) &&
-			    closid < r->num_closid) {
-				ret = parse_line(tok, r);
-				if (ret)
-					goto out;
-				break;
-			}
-		}
-		if (!r->name) {
-			ret = -EINVAL;
+		ret = rdtgroup_parse_resource(resname, tok, closid);
+		if (ret)
 			goto out;
-		}
 	}
 
 	for_each_enabled_rdt_resource(r) {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ