lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190130084603.bxm57h6wf47b45fs@pathway.suse.cz>
Date:   Wed, 30 Jan 2019 09:46:03 +0100
From:   Petr Mladek <pmladek@...e.com>
To:     Miroslav Benes <mbenes@...e.cz>
Cc:     Jiri Kosina <jikos@...nel.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Jason Baron <jbaron@...mai.com>,
        Joe Lawrence <joe.lawrence@...hat.com>,
        Evgenii Shatokhin <eshatokhin@...tuozzo.com>,
        live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] livepatch: Handle failing allocation of shadow
 variables in the selftest

On Mon 2019-01-21 13:14:38, Miroslav Benes wrote:
> Hi,
> 
> On Wed, 16 Jan 2019, Petr Mladek wrote:
> 
> > Do not dereference pointers to the shadow variables when either
> > klp_shadow_alloc() or klp_shadow_get() fail.
> 
> I may misunderstand the patch, so bear with me, please. Is this because of 
> a possible null pointer dereference? If yes, shouldn't this say rather 
> "when both klp_shadow_alloc() and klp_shadow_get() fail"?

Well, klp_shadow_get() could fail also from other reasons if there is
a bug in the implementation.

> > There is no need to check the other locations explicitly. The test
> > would fail if any allocation fails. And the existing messages, printed
> > during the test, provide enough information to debug eventual problems.

Heh, this is actually the reason why I did not add the check
for shadow_alloc(). Any error would be detected later
with klp_shadow_get() calls that should get tested anyway.

Hmm, when I think about it. A good practice is to handle
klp_shadow_allow() or klp_shadow_get() failures immediately.
After all, it is the sample code that people might follow.


> > Signed-off-by: Petr Mladek <pmladek@...e.com>
> > ---
> >  lib/livepatch/test_klp_shadow_vars.c | 8 ++++----
> >  1 file changed, 4 insertions(+), 4 deletions(-)
> > 
> > diff --git a/lib/livepatch/test_klp_shadow_vars.c b/lib/livepatch/test_klp_shadow_vars.c
> > index 02f892f941dc..55e6820430dc 100644
> > --- a/lib/livepatch/test_klp_shadow_vars.c
> > +++ b/lib/livepatch/test_klp_shadow_vars.c
> > @@ -162,15 +162,15 @@ static int test_klp_shadow_vars_init(void)
> >  	 * to expected data.
> >  	 */
> >  	ret = shadow_get(obj, id);
> > -	if (ret == sv1 && *sv1 == &var1)
> > +	if (ret && ret == sv1 && *sv1 == &var1)
> >  		pr_info("  got expected PTR%d -> PTR%d result\n",
> >  			ptr_id(sv1), ptr_id(*sv1));
> >  	ret = shadow_get(obj + 1, id);
> > -	if (ret == sv2 && *sv2 == &var2)
> > +	if (ret && ret == sv2 && *sv2 == &var2)
> >  		pr_info("  got expected PTR%d -> PTR%d result\n",
> >  			ptr_id(sv2), ptr_id(*sv2));
> >  	ret = shadow_get(obj, id + 1);
> > -	if (ret == sv3 && *sv3 == &var3)
> > +	if (ret && ret == sv3 && *sv3 == &var3)
> >  		pr_info("  got expected PTR%d -> PTR%d result\n",
> >  			ptr_id(sv3), ptr_id(*sv3));
> 
> There is one more similar site calling shadow_get(obj, id + 1) which is 
> fixed.

Heh, I think that I did not add the check there on purpose.
If we are here, shadow_get(obj, id + 1) must have already succeeded
above.

But it is a bad practice. We should always check the output.
I'll do so in v2.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ