| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ea163ee8ba4446978732c2c6607bd6da@AcuMS.aculab.com>
Date: Wed, 2 Oct 2019 08:34:08 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Sasha Levin' <sashal@...nel.org>,
Greg KH <gregkh@...uxfoundation.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
Austin Kim <austindh.kim@...il.com>,
Dimitri Sivanich <dimitri.sivanich@....com>,
"Hedi Berriche" <hedi.berriche@....com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Mike Travis <mike.travis@....com>,
"Peter Zijlstra" <peterz@...radead.org>,
Russ Anderson <russ.anderson@....com>,
"Steve Wahl" <steve.wahl@....com>,
Thomas Gleixner <tglx@...utronix.de>,
"allison@...utok.net" <allison@...utok.net>,
"andy@...radead.org" <andy@...radead.org>,
"armijn@...ldur.nl" <armijn@...ldur.nl>,
"bp@...en8.de" <bp@...en8.de>,
"dvhart@...radead.org" <dvhart@...radead.org>,
"hpa@...or.com" <hpa@...or.com>, "kjlu@....edu" <kjlu@....edu>,
"platform-driver-x86@...r.kernel.org"
<platform-driver-x86@...r.kernel.org>,
Ingo Molnar <mingo@...nel.org>
Subject: RE: [PATCH AUTOSEL 5.3 169/203] x86/platform/uv: Fix kmalloc() NULL
check routine
From: Sasha Levin
> Sent: 01 October 2019 17:06
> Subject: Re: [PATCH AUTOSEL 5.3 169/203] x86/platform/uv: Fix kmalloc() NULL check routine
>
> On Sun, Sep 22, 2019 at 10:25:44PM +0200, Greg KH wrote:
> >On Sun, Sep 22, 2019 at 02:43:15PM -0400, Sasha Levin wrote:
> >> From: Austin Kim <austindh.kim@...il.com>
> >>
> >> [ Upstream commit 864b23f0169d5bff677e8443a7a90dfd6b090afc ]
> >>
> >> The result of kmalloc() should have been checked ahead of below statement:
> >>
> >> pqp = (struct bau_pq_entry *)vp;
> >>
> >> Move BUG_ON(!vp) before above statement.
> >>
> >> Signed-off-by: Austin Kim <austindh.kim@...il.com>
...
> >> ---
> >> arch/x86/platform/uv/tlb_uv.c | 4 ++--
> >> 1 file changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c
> >> index 20c389a91b803..5f0a96bf27a1f 100644
> >> --- a/arch/x86/platform/uv/tlb_uv.c
> >> +++ b/arch/x86/platform/uv/tlb_uv.c
> >> @@ -1804,9 +1804,9 @@ static void pq_init(int node, int pnode)
> >>
> >> plsize = (DEST_Q_SIZE + 1) * sizeof(struct bau_pq_entry);
> >> vp = kmalloc_node(plsize, GFP_KERNEL, node);
> >> - pqp = (struct bau_pq_entry *)vp;
> >> - BUG_ON(!pqp);
> >> + BUG_ON(!vp);
> >>
> >> + pqp = (struct bau_pq_entry *)vp;
> >> cp = (char *)pqp + 31;
> >> pqp = (struct bau_pq_entry *)(((unsigned long)cp >> 5) << 5);
> >>
> >
> >How did this even get merged in the first place? I thought a number of
> >us complained about it.
> >
> >This isn't any change in code, and the original is just fine, the author
> >didn't realize how C works :(
Mind you, the code itself if pretty horrid.
Looks like it is aligning to 32 bytes, easier done by:
pqp = (void *)((unsigned long)vp + 31 & ~31);
(and there's a roundup macro to obfuscate it somewhere.)
But I'd also expect to see a matching '+ 31' in the size passed to kmalloc().
Not to mention a comment!
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists