lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPcyv4hE49JiFdaM_L0+KPQayZ0qRYokNRPxD5YuwCCp4fzkqQ@mail.gmail.com>
Date:   Wed, 7 Nov 2018 11:34:22 -0800
From:   Dan Williams <dan.j.williams@...el.com>
To:     Toshi Kani <toshi.kani@....com>
Cc:     Vishal L Verma <vishal.l.verma@...el.com>,
        Dave Jiang <dave.jiang@...el.com>,
        "Elliott, Robert (Persistent Memory)" <elliott@....com>,
        linux-nvdimm <linux-nvdimm@...ts.01.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        stable <stable@...r.kernel.org>
Subject: Re: [PATCH] libnvdimm: Fix __nd_ioctl() to check error in cmd_rc

On Wed, Nov 7, 2018 at 10:52 AM Toshi Kani <toshi.kani@....com> wrote:
>
> ndctl zero-labels completes with a large number of zeroed nmems when
> it fails to do zeroing on a protected NVDIMM.
>
>   # ndctl zero-labels nmem1
>   zeroed 65504 nmems
>
> When an ACPI call completes with error, xlat_status() called from
> acpi_nfit_ctl() sets error to *cmd_rc.  __nd_ioctl(), however, does
> not check this error and returns with success.
>
> Fix __nd_ioctl() to check this error in cmd_rc.

So this arrangement is by design and the bug is in the ndctl utility.

A successful return code from the ioctl means that the command was
successfully submitted to firmware. It's then up to userspace to parse
if there was a command specific error returned in the response
payload. Automatically returning cmd_rc removes the ability for
userspace tooling to do its own command specific error handling. With
this change userspace could no longer be sure if the failure is in the
submission or the execution of the command, or determine if the
command response payload is valid.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ