lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 21 Jan 2019 13:14:38 +0100 (CET)
From:   Miroslav Benes <mbenes@...e.cz>
To:     Petr Mladek <pmladek@...e.com>
cc:     Jiri Kosina <jikos@...nel.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Jason Baron <jbaron@...mai.com>,
        Joe Lawrence <joe.lawrence@...hat.com>,
        Evgenii Shatokhin <eshatokhin@...tuozzo.com>,
        live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] livepatch: Handle failing allocation of shadow
 variables in the selftest

Hi,

On Wed, 16 Jan 2019, Petr Mladek wrote:

> Do not dereference pointers to the shadow variables when either
> klp_shadow_alloc() or klp_shadow_get() fail.

I may misunderstand the patch, so bear with me, please. Is this because of 
a possible null pointer dereference? If yes, shouldn't this say rather 
"when both klp_shadow_alloc() and klp_shadow_get() fail"?
 
> There is no need to check the other locations explicitly. The test
> would fail if any allocation fails. And the existing messages, printed
> during the test, provide enough information to debug eventual problems.
> 
> Signed-off-by: Petr Mladek <pmladek@...e.com>
> ---
>  lib/livepatch/test_klp_shadow_vars.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/lib/livepatch/test_klp_shadow_vars.c b/lib/livepatch/test_klp_shadow_vars.c
> index 02f892f941dc..55e6820430dc 100644
> --- a/lib/livepatch/test_klp_shadow_vars.c
> +++ b/lib/livepatch/test_klp_shadow_vars.c
> @@ -162,15 +162,15 @@ static int test_klp_shadow_vars_init(void)
>  	 * to expected data.
>  	 */
>  	ret = shadow_get(obj, id);
> -	if (ret == sv1 && *sv1 == &var1)
> +	if (ret && ret == sv1 && *sv1 == &var1)
>  		pr_info("  got expected PTR%d -> PTR%d result\n",
>  			ptr_id(sv1), ptr_id(*sv1));
>  	ret = shadow_get(obj + 1, id);
> -	if (ret == sv2 && *sv2 == &var2)
> +	if (ret && ret == sv2 && *sv2 == &var2)
>  		pr_info("  got expected PTR%d -> PTR%d result\n",
>  			ptr_id(sv2), ptr_id(*sv2));
>  	ret = shadow_get(obj, id + 1);
> -	if (ret == sv3 && *sv3 == &var3)
> +	if (ret && ret == sv3 && *sv3 == &var3)
>  		pr_info("  got expected PTR%d -> PTR%d result\n",
>  			ptr_id(sv3), ptr_id(*sv3));

There is one more similar site calling shadow_get(obj, id + 1) which is 
fixed.

Thanks,
Miroslav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ