lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20181012121234.rgaamxlumrgz6ohb@pathway.suse.cz>
Date:   Fri, 12 Oct 2018 14:12:34 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Miroslav Benes <mbenes@...e.cz>
Cc:     Jiri Kosina <jikos@...nel.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Jason Baron <jbaron@...mai.com>,
        Joe Lawrence <joe.lawrence@...hat.com>,
        Jessica Yu <jeyu@...nel.org>,
        Evgenii Shatokhin <eshatokhin@...tuozzo.com>,
        live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v12 07/12] livepatch: Use lists to manage patches,
 objects and functions

On Mon 2018-09-03 18:00:45, Miroslav Benes wrote:
> 
> > -#define klp_for_each_object(patch, obj) \
> > +#define klp_for_each_object_static(patch, obj) \
> >  	for (obj = patch->objs; obj->funcs || obj->name; obj++)
> >  
> > -#define klp_for_each_func(obj, func) \
> > +#define klp_for_each_object(patch, obj)	\
> > +	list_for_each_entry(obj, &patch->obj_list, node)
> > +
> > +#define klp_for_each_func_static(obj, func) \
> >  	for (func = obj->funcs; \
> >  	     func->old_name || func->new_addr || func->old_sympos; \
> >  	     func++)
> >  
> > +#define klp_for_each_func(obj, func)	\
> > +	list_for_each_entry(func, &obj->func_list, node)
> > +
> >  int klp_enable_patch(struct klp_patch *);
> >  
> >  void arch_klp_init_object_loaded(struct klp_patch *patch,
> > diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
> > index 6a47b36a6c9a..7bc23a106b5b 100644
> > --- a/kernel/livepatch/core.c
> > +++ b/kernel/livepatch/core.c
> > @@ -50,6 +50,21 @@ LIST_HEAD(klp_patches);
> >  
> >  static struct kobject *klp_root_kobj;
> >  
> > +static void klp_init_lists(struct klp_patch *patch)
> > +{
> > +	struct klp_object *obj;
> > +	struct klp_func *func;
> > +
> > +	INIT_LIST_HEAD(&patch->obj_list);
> > +	klp_for_each_object_static(patch, obj) {
> > +		list_add(&obj->node, &patch->obj_list);
> > +
> > +		INIT_LIST_HEAD(&obj->func_list);
> > +		klp_for_each_func_static(obj, func)
> > +			list_add(&func->node, &obj->func_list);
> > +	}
> > +}
> > +
> >  static bool klp_is_module(struct klp_object *obj)
> >  {
> >  	return obj->name;
> > @@ -664,6 +679,7 @@ static int klp_init_patch(struct klp_patch *patch)
> >  	patch->module_put = false;
> >  	INIT_LIST_HEAD(&patch->list);
> >  	init_completion(&patch->finish);
> > +	klp_init_lists(patch);
> 
> This could explode easily if patch->objs is NULL. The check is just below.
>   
> >  	if (!patch->objs)
> >  		return -EINVAL;
> 
> Here.
> 
> klp_init_lists() calls klp_for_each_object_static() which accesses 
> obj->name without a check for obj.

Great catch!

> since the check is already there, could you move klp_init_lists()
> call after the check?

The same problem is with accessing obj->funcs by
klp_for_each_func_static().

I have moved both checks into klp_init_lists(). I made sure that
the lists were initialized to be usable with the free functions
even in case of error.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ