| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2e7890d2-e433-8553-c466-5b42f7d7776e@ozlabs.ru>
Date: Thu, 2 May 2019 12:35:33 +1000
From: Alexey Kardashevskiy <aik@...abs.ru>
To: Colin Ian King <colin.king@...onical.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
kvm@...r.kernel.org,
Cédric Le Goater <clg@...d.org>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: KVM: Introduce a 'release' method for KVM devices
On 02/05/2019 00:42, Colin Ian King wrote:
> Hi,
>
> Static analysis with Coverity picked up an issue in the following commit:
>
> commit 2bde9b3ec8bdf60788e9e2ce8c07a2f8d6003dbd
> Author: Cédric Le Goater <clg@...d.org>
> Date: Thu Apr 18 12:39:41 2019 +0200
>
> KVM: Introduce a 'release' method for KVM devices
>
>
> struct kvm *kvm = dev->kvm;
>
> + if (!dev)
> + return -ENODEV;
>
> If dev is null then the dereference of dev->kvm when assigning pointer
> kvm will cause an null pointer dereference. This is easily fixed by
> assigning kvm after the dev null check.
Yes, this is a bug.
>
> +
> + if (dev->kvm != kvm)
> + return -EPERM;
>
> I don't understand the logic of the above check. kvm is the same
> dev->kvm on the earlier assignment, so dev->kvm != kvm seems to be
> always false, so this check seems to be redundant. Am I missing
> something more fundamental here?
Nope. This looks like unfortunate cut-n-paste which slipped through out
reviewing process :-D
--
Alexey
Powered by blists - more mailing lists