| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 May 2019 11:50:03 +0200
From: Cédric Le Goater <clg@...d.org>
To: Alexey Kardashevskiy <aik@...abs.ru>,
Colin Ian King <colin.king@...onical.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
kvm@...r.kernel.org
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: KVM: Introduce a 'release' method for KVM devices
On 5/2/19 4:35 AM, Alexey Kardashevskiy wrote:
>
>
> On 02/05/2019 00:42, Colin Ian King wrote:
>> Hi,
>>
>> Static analysis with Coverity picked up an issue in the following commit:
>>
>> commit 2bde9b3ec8bdf60788e9e2ce8c07a2f8d6003dbd
>> Author: Cédric Le Goater <clg@...d.org>
>> Date: Thu Apr 18 12:39:41 2019 +0200
>>
>> KVM: Introduce a 'release' method for KVM devices
>>
>>
>> struct kvm *kvm = dev->kvm;
>>
>> + if (!dev)
>> + return -ENODEV;
>>
>> If dev is null then the dereference of dev->kvm when assigning pointer
>> kvm will cause an null pointer dereference. This is easily fixed by
>> assigning kvm after the dev null check.
>
> Yes, this is a bug.
Clearly.
>>
>> +
>> + if (dev->kvm != kvm)
>> + return -EPERM;
>>
>> I don't understand the logic of the above check. kvm is the same
>> dev->kvm on the earlier assignment, so dev->kvm != kvm seems to be
>> always false, so this check seems to be redundant. Am I missing
>> something more fundamental here?
>
> Nope. This looks like unfortunate cut-n-paste which slipped through out
> reviewing process :-D
Yes. My bad :/ I will send a cleanup patch for 5.2
Thanks,
C.
Powered by blists - more mailing lists