lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 21 Aug 2018 15:24:27 +0300
From:   "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To:     Colin King <colin.king@...onical.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        "Michael S . Tsirkin" <mst@...hat.com>, linux-mm@...ck.org,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm/gup_benchmark: fix unsigned comparison with less than
 zero

On Tue, Aug 21, 2018 at 11:36:34AM +0000, Colin King wrote:
> From: Colin Ian King <colin.king@...onical.com>
> 
> Currently the return from get_user_pages_fast is being checked
> to be less than zero for an error check, however, the variable being
> checked is unsigned so the check is always false. Fix this by using
> a signed long instead.
> 
> Detected by Coccinelle ("Unsigned expression compared with zero: nr <= 0")
> 
> Fixes: 64c349f4ae78 ("mm: add infrastructure for get_user_pages_fast() benchmarking")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>

This is good catch, but the fix is wrong. See below.

> ---
>  mm/gup_benchmark.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/mm/gup_benchmark.c b/mm/gup_benchmark.c
> index 6a473709e9b6..a9a15e7a1185 100644
> --- a/mm/gup_benchmark.c
> +++ b/mm/gup_benchmark.c
> @@ -31,6 +31,8 @@ static int __gup_benchmark_ioctl(unsigned int cmd,
>  	nr = gup->nr_pages_per_call;
>  	start_time = ktime_get();
>  	for (addr = gup->addr; addr < gup->addr + gup->size; addr = next) {
> +		long n;
> +
>  		if (nr != gup->nr_pages_per_call)
>  			break;

This check has to be done against 'n', not nr'. We stop as soon as
get_user_pages_fast() doesn't return the number of pages we expected.

I would rather change type of 'nr' to signed. It should also fix the
issue, right?

-- 
 Kirill A. Shutemov

Powered by blists - more mailing lists