| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jan 2019 09:46:03 +0100
From: Petr Mladek <pmladek@...e.com>
To: Miroslav Benes <mbenes@...e.cz>
Cc: Jiri Kosina <jikos@...nel.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Jason Baron <jbaron@...mai.com>,
Joe Lawrence <joe.lawrence@...hat.com>,
Evgenii Shatokhin <eshatokhin@...tuozzo.com>,
live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] livepatch: Handle failing allocation of shadow
variables in the selftest
On Mon 2019-01-21 13:14:38, Miroslav Benes wrote:
> Hi,
>
> On Wed, 16 Jan 2019, Petr Mladek wrote:
>
> > Do not dereference pointers to the shadow variables when either
> > klp_shadow_alloc() or klp_shadow_get() fail.
>
> I may misunderstand the patch, so bear with me, please. Is this because of
> a possible null pointer dereference? If yes, shouldn't this say rather
> "when both klp_shadow_alloc() and klp_shadow_get() fail"?
Well, klp_shadow_get() could fail also from other reasons if there is
a bug in the implementation.
> > There is no need to check the other locations explicitly. The test
> > would fail if any allocation fails. And the existing messages, printed
> > during the test, provide enough information to debug eventual problems.
Heh, this is actually the reason why I did not add the check
for shadow_alloc(). Any error would be detected later
with klp_shadow_get() calls that should get tested anyway.
Hmm, when I think about it. A good practice is to handle
klp_shadow_allow() or klp_shadow_get() failures immediately.
After all, it is the sample code that people might follow.
> > Signed-off-by: Petr Mladek <pmladek@...e.com>
> > ---
> > lib/livepatch/test_klp_shadow_vars.c | 8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/lib/livepatch/test_klp_shadow_vars.c b/lib/livepatch/test_klp_shadow_vars.c
> > index 02f892f941dc..55e6820430dc 100644
> > --- a/lib/livepatch/test_klp_shadow_vars.c
> > +++ b/lib/livepatch/test_klp_shadow_vars.c
> > @@ -162,15 +162,15 @@ static int test_klp_shadow_vars_init(void)
> > * to expected data.
> > */
> > ret = shadow_get(obj, id);
> > - if (ret == sv1 && *sv1 == &var1)
> > + if (ret && ret == sv1 && *sv1 == &var1)
> > pr_info(" got expected PTR%d -> PTR%d result\n",
> > ptr_id(sv1), ptr_id(*sv1));
> > ret = shadow_get(obj + 1, id);
> > - if (ret == sv2 && *sv2 == &var2)
> > + if (ret && ret == sv2 && *sv2 == &var2)
> > pr_info(" got expected PTR%d -> PTR%d result\n",
> > ptr_id(sv2), ptr_id(*sv2));
> > ret = shadow_get(obj, id + 1);
> > - if (ret == sv3 && *sv3 == &var3)
> > + if (ret && ret == sv3 && *sv3 == &var3)
> > pr_info(" got expected PTR%d -> PTR%d result\n",
> > ptr_id(sv3), ptr_id(*sv3));
>
> There is one more similar site calling shadow_get(obj, id + 1) which is
> fixed.
Heh, I think that I did not add the check there on purpose.
If we are here, shadow_get(obj, id + 1) must have already succeeded
above.
But it is a bad practice. We should always check the output.
I'll do so in v2.
Best Regards,
Petr
Powered by blists - more mailing lists