| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Nov 2019 13:44:11 +0100
From: Christian Borntraeger <borntraeger@...ibm.com>
To: Markus Elfring <Markus.Elfring@....de>, linux-s390@...r.kernel.org,
Joe Perches <joe@...ches.com>,
Harald Freudenberger <freude@...ux.ibm.com>,
Heiko Carstens <heiko.carstens@...ibm.com>,
Ingo Franzki <ifranzki@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH v2] s390/pkey: Use memdup_user() rather than duplicating
its implementation
On 07.11.19 11:06, Markus Elfring wrote:
> From: Markus Elfring <elfring@...rs.sourceforge.net>
> Date: Thu, 7 Nov 2019 10:40:18 +0100
>
> Reuse existing functionality from memdup_user() instead of keeping
> duplicate source code.
>
> Generated by: scripts/coccinelle/api/memdup_user.cocci
>
> Delete local variables which became unnecessary with this refactoring
> in two function implementations.
>
> Fixes: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d ("s390/pkey: add CCA AES cipher key support")
With that patch description, the Fixes tag is wrong...but (see below)
> Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
> ---
>
> v2:
> Further changes were requested by Joe Perches.
> https://lore.kernel.org/r/6137855bb4170c438c7436cbdb7dfd21639a8855.camel@perches.com/
>
> * The proposed usage of two conditional operators was replaced by
> an other code structure.
>
> * A sanity check was adjusted for the function “_copy_apqns_from_user”.
>
>
> drivers/s390/crypto/pkey_api.c | 26 ++++----------------------
> 1 file changed, 4 insertions(+), 22 deletions(-)
>
> diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
> index 9de3d46b3253..ac99fd97569d 100644
> --- a/drivers/s390/crypto/pkey_api.c
> +++ b/drivers/s390/crypto/pkey_api.c
> @@ -715,36 +715,18 @@ static int pkey_apqns4keytype(enum pkey_key_type ktype,
>
> static void *_copy_key_from_user(void __user *ukey, size_t keylen)
> {
> - void *kkey;
> -
> if (!ukey || keylen < MINKEYBLOBSIZE || keylen > KEYBLOBBUFSIZE)
> return ERR_PTR(-EINVAL);
> - kkey = kmalloc(keylen, GFP_KERNEL);
> - if (!kkey)
> - return ERR_PTR(-ENOMEM);
> - if (copy_from_user(kkey, ukey, keylen)) {
> - kfree(kkey);
> - return ERR_PTR(-EFAULT);
> - }
>
> - return kkey;
> + return memdup_user(ukey, keylen);
This part looks good
> }
>
> static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns)
> {
This part below is not an equivalent replacement. In fact you are fixing a bug here...
> - void *kapqns = NULL;
> - size_t nbytes;
> -
> - if (uapqns && nr_apqns > 0) {
> - nbytes = nr_apqns * sizeof(struct pkey_apqn);
> - kapqns = kmalloc(nbytes, GFP_KERNEL);
> - if (!kapqns)
> - return ERR_PTR(-ENOMEM);
> - if (copy_from_user(kapqns, uapqns, nbytes))
.... here we would need to kfree kapqns, but we do not. So this is
a memory leak. Isnt it?
So indeed this is fixing something. But please rework your the patch
description accordingly.
> - return ERR_PTR(-EFAULT);
> - }
> + if (!uapqns || nr_apqns <= 0)
> + return NULL;
>
> - return kapqns;
> + return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn));
> }
>
> static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
> --
> 2.24.0
>
Powered by blists - more mailing lists