lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2321585.UHgzd7LiPO@aspire.rjw.lan>
Date:   Wed, 03 Jan 2018 12:16:26 +0100
From:   "Rafael J. Wysocki" <rjw@...ysocki.net>
To:     gaurav jindal <gauravjindal1104@...il.com>
Cc:     Daniel Lezcano <daniel.lezcano@...aro.org>,
        Linux PM <linux-pm@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH]cpuidle: preventive check in cpuidle_select against crash

On Friday, December 29, 2017 7:45:22 PM CET gaurav jindal wrote:
> On Wed, Dec 27, 2017 at 03:30:02AM +0100, Rafael J. Wysocki wrote:
> > On Wed, Dec 27, 2017 at 2:57 AM, gaurav jindal
> > <gauravjindal1104@...il.com> wrote:
> > > On Wed, Dec 27, 2017 at 01:42:58AM +0100, Rafael J. Wysocki wrote:
> > >> On Tue, Dec 26, 2017 at 8:26 AM, gaurav jindal
> > >> <gauravjindal1104@...il.com> wrote:
> > >> > When selecting the idle state using cpuidle_select, there is no
> > >> > check on cpuidle_curr_governor. In cpuidle_switch_governor,
> > >> > cpuidle_currr_governor can be set to NULL to specify "disabled".
> > >>
> > >> How exactly?
> > >
> > > In cpuidle_switch_governor:
> > >
> > > /**
> > >  * cpuidle_switch_governor - changes the governor
> > >  * @gov: the new target governor
> > >  *
> > >  * NOTE: "gov" can be NULL to specify disabled
> > >  * Must be called with cpuidle_lock acquired.
> > >  */
> > > int cpuidle_switch_governor(struct cpuidle_governor *gov)
> > > {
> > >         struct cpuidle_device *dev;
> > >
> > >         if (gov == cpuidle_curr_governor)
> > >                 return 0;
> > >
> > >         cpuidle_uninstall_idle_handler();
> > >
> > >         if (cpuidle_curr_governor) {
> > >                 list_for_each_entry(dev, &cpuidle_detected_devices, device_list)
> > >                         cpuidle_disable_device(dev);
> > >         }
> > >
> > >         cpuidle_curr_governor = gov;
> > >
> > > This allows to set the cpuidle_switch_governor as NULL. Although there is no
> > > current code flow leading here, but it has a potential for bug in future. So
> > > may be better to have prevention.
> > 
> > Or maybe not.
> > 
> > Why don't you make cpuidle_switch_governor() check the argument
> > against NULL instead?
> 
> If we check gov (argument passed in  cpuidle_switch_governor())against
> NULL in cpuidle_switch_governor, can be a problem in a case where it 
> is called as
> cpuidle_switch_governor(NULL);
> 
> If cpuidle_curr_governor is not NULL, first the device is disabled.
> 
> if (cpuidle_curr_governor) {
> 	list_for_each_entry(dev, &cpuidle_detected_devices, device_list)
> 	cpuidle_disable_device(dev);
> }
> 
> after this cpuidle_curr_governor is set to gov, which is NULL in this case.
> 
> cpuidle_curr_governor = gov;
> /* if is not updated by inserting a check, it will have an oudated value*/
> 
> Now, if gov is not NULL (which it is in this case), cpuidle device is enabled
> 
> if (gov) {
> 	list_for_each_entry(dev, &cpuidle_detected_devices, device_list)
> 	cpuidle_enable_device(dev);
> 	cpuidle_install_idle_handler();
> 	printk(KERN_INFO "cpuidle: using governor %s\n", gov->name);
> }
> If we check for gov against NULL in this function, it will produce
> dangling pointers and resource leaks.

I didn't recommend you to introduce bugs.

Just return -EINVAL if gov is NULL before checking if gov is equal to
cpuidle_curr_governor.

Thanks,
Rafael

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ