[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <05bde73d-6c0a-8309-4150-7225862c28e0@huawei.com>
Date: Tue, 6 Mar 2018 19:39:41 +0200
From: Igor Stoppa <igor.stoppa@...wei.com>
To: J Freyensee <why2jjj.linux@...il.com>, <david@...morbit.com>,
<willy@...radead.org>, <keescook@...omium.org>, <mhocko@...nel.org>
CC: <labbott@...hat.com>, <linux-security-module@...r.kernel.org>,
<linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
<kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH 1/7] genalloc: track beginning of allocations
On 05/03/2018 21:00, J Freyensee wrote:
> .
> .
>
>
> On 2/28/18 12:06 PM, Igor Stoppa wrote:
>> +
>> +/**
>> + * gen_pool_dma_alloc() - allocate special memory from the pool for DMA usage
>> + * @pool: pool to allocate from
>> + * @size: number of bytes to allocate from the pool
>> + * @dma: dma-view physical address return value. Use NULL if unneeded.
>> + *
>> + * Allocate the requested number of bytes from the specified pool.
>> + * Uses the pool allocation function (with first-fit algorithm by default).
>> + * Can not be used in NMI handler on architectures without
>> + * NMI-safe cmpxchg implementation.
>> + *
>> + * Return:
>> + * * address of the memory allocated - success
>> + * * NULL - error
>> + */
>> +void *gen_pool_dma_alloc(struct gen_pool *pool, size_t size, dma_addr_t *dma);
>> +
>
> OK, so gen_pool_dma_alloc() is defined here, which believe is the API
> line being drawn for this series.
>
> so,
> .
> .
> .
>>
>>
>> /**
>> - * gen_pool_dma_alloc - allocate special memory from the pool for DMA usage
>> + * gen_pool_dma_alloc() - allocate special memory from the pool for DMA usage
>> * @pool: pool to allocate from
>> * @size: number of bytes to allocate from the pool
>> * @dma: dma-view physical address return value. Use NULL if unneeded.
>> @@ -342,14 +566,15 @@ EXPORT_SYMBOL(gen_pool_alloc_algo);
>> * Uses the pool allocation function (with first-fit algorithm by default).
>> * Can not be used in NMI handler on architectures without
>> * NMI-safe cmpxchg implementation.
>> + *
>> + * Return:
>> + * * address of the memory allocated - success
>> + * * NULL - error
>> */
>> void *gen_pool_dma_alloc(struct gen_pool *pool, size_t size, dma_addr_t *dma)
>> {
>> unsigned long vaddr;
>>
>> - if (!pool)
>> - return NULL;
>> -
> why is this being removed? I don't believe this code was getting
> removed from your v17 series patches.
Because, as Matthew Wilcox pointed out [1] (well, that's how I
understood it) de-referencing a NULL pointer will cause the kernel to
complain loudly.
Where is the NULL pointer coming from?
a) from a bug in the user of the API - in that case it will be noticed,
reported and fixed, that is how also other in-kernel APIs work
b) from an attacker - it will still trigger an error from the kernel,
but it cannot really do much else, besides crashing repeatedly and
causing a DOS. However, there are so many other places that could be
under similar attack, that it doesn't seem to make a difference having a
check here only.
If the value was coming from userspace, that would be a completely
different case and some sort of sanitation would be mandatory.
> Otherwise, looks good,
>
> Reviewed-by: Jay Freyensee <why2jjj.linux@...il.com>
thanks
[1] http://www.openwall.com/lists/kernel-hardening/2018/02/26/16
--
igor
Powered by blists - more mailing lists